On
iOS devices all system passwords and most application passwords are
managed through dedicated and encrypted Keychain. We are able to decrypt
the keychain and retrieve all passwords that have been saved/stored within it.
Passwords contained in keychain include: Wi-Fi passwords, appleID
password, passwords saved in Safari as well as various application
passwords. Passwords in iOS keychain are unorganized and contain a lot
of useless information, which can be filtered out of the final report.
From Android devices we retrieve Wi-Fi passwords.
We
also retrieve passwords from a lot of applications directly for both
aforementioned platforms. Retrieved passwords include email passwords
from various email applications, passwords saved in Web Browsers and
other account passwords.
Example of passwords report: