14 DAY TRIAL // Forensic tool maker Elcomsoft has announced a big update to its Phone Breaker software which introduces the ability to acquire information stored in the cloud, over-the-air, from a user’s iCloud account. Including those locked down with two-factor authentication.
Elcomsoft Phone Breaker is one of the first (if not the actual first) ever third-party forensic tool capable of retrieving and decrypting data stored in iCloud. The major benefit of using this tool to obtain information is the ability to access information stored in the cloud without having access to the physical device.
The new release specifically adds support for iOS 8 and the latest iDevices. It acquires iCloud accounts with two-factor authentication and is able to extract all types of data, including iWork documents, WhatsApp chats, password managers, social networking information, and everything in between.
Extracts iCloud authentication tokens
The forensic tool (which, strange as it may be, is offered for general consumption), is capable of extracting iCloud authentication tokens from hard drives and disk images. iCloud tokens can also be extracted from binary files such as keychain, plist, and registry files.
Before receiving this update, Phone Breaker used authentication tokens obtained from a suspect’s Mac or PC. The new version extracts authentication tokens from standalone hard drives and forensic disk images. All the user needs to do, in order to extract the authentication token, is to mount the disk image and use the command-line tool that comes with Phone Breaker.
“Apple released major technological updates and introduced tightened security measures during the past month,” says Vladimir Katalov, ElcomSoft CEO. “We are keeping up with the latest developments, adapting to newly implemented security measures. But that’s not all! Together with iOS 8 and two-factor authentication support, we are adding the ability for our customers to access most information stored in the user’s cloud account.”
iOS 8 / 8.1 Support
The updated Elcomsoft Phone Breaker supports the newest iPhone and iPad firmware builds and can access all types of information stored in the user’s iCloud account, including iWork files, documents stored by third-party apps (including password-manager databases and WhatsApp conversations), “system files [...] which may contain words and phrases typed by the user that are not part of a common dictionary,” and more, according to the developer.
Elcomsoft notes that the feature doesn’t work on accounts upgraded to iCloud Drive, while iCloud Drive support will be released in the first quarter of next year. Some 250 million people are currently using iCloud.