Elcomsoft has updated its Phone Password Breaker and its iOS Forensic Tookilt. The breakthrough technology now permits investigators to retrieve information from the suspects’ phones, without the need to have physical possession of their iPhone or have access to offline backups. The software allows a new kind of online attack, where the investigator gets access to a remote storage provided by Apple, the iCloud. All through the process of information retrieval, the user will remain oblivious to the tracking of his account.
While the aforementioned tools were available even earlier, their use was limited by the fact that the investigator had to have physical possession of the suspects’ iPhone in order to retrieve information. If not the device, he had to at least have access to a PC or laptop with which the device was synced. Therefore its application was limited to investigation of crimes already committed, but one could not prevent crime from being planned.
For the successful application of the tools at hand, one might not require the iPhone, but definitely it requires the original Apple ID and the password to get access to a person’s iCloud information. In case the user has changed the password, the Phone Password Breaker will not be able to retrieve information.
To thoroughly understand how the breaker works, we first need to understand how user backups are created and they work. iPhone users have various choices of backup. They can either store it on their PCs and laptops, or they it can be uploaded in a cloud storage system managed by Apple, called iCloud. This allows users to store their iPhone content to remote locations, which allows them to share information between iOS devices.
iCloud backups hold all your essential information stored in offline backups, like passwords, texts, appointments, call logs, etc. It even stores your web browsing history including URLs. If your phone is configured with iCloud, services, the network automatically creates a backup as soon as the devise gets access to a Wi-Fi access point. Since iCloud backups are near real time backups and quickly register recent calls, made and received, or text messages both made and received and even a backup of your emails. If tracked, these activities can help us monitor criminal planning and prevent crimes, or substantiate evidence by providing information essential to forensic investigators.
ElcomSoft researchers have exploited the communication protocol that connects the iPhone users with the iCloud network and they emulated the correct commands for retrieving content stored therein. Unlike offline backups that might come encrypted, the data from iCloud comes in uncrypted form.
The Phone Password Breaker is readily available in the market. Two versions, one home edition and the other professional edition both are available at a starting price of $79. The retrieving software not only works with Apple iTunes, but is equally compatible with BlackBerry software’s as well.