ElcomSoft Co. Ltd. discovers yet another way to access information stored in Apple iOS devices by retrieving online backups from Apple iCloud storage. The company updates Elcomsoft Phone Password Breaker, a tool to retrieve user content from password-protected backups created by Apple iOS devices and BlackBerry smartphones, with the ability to retrieve iPhones user data from iCloud. No lengthy attacks and no physical access to an iPhone device are required: the data is downloaded directly onto investigators computers (PC) from Apple remote storage facilities in plain, unencrypted form. Backups to multiple devices registered with the same Apple ID can be effortlessly retrieved. Investigators need to know users original Apple ID and password in order to gain access to online backups.
The new version of Elcomsoft Phone Password Breaker offers forensic access to online backups produced by Apple iPhone devices and stored in Apple iCloud. By enabling forensic access to information stored in iCloud, ElcomSoft helps investigators recover more evidence faster while providing law enforcement and intelligence organizations with live access to users online backups. Neither physical device nor access to suspects computer is needed in order to access backup information. Instead, investigators gain full unrestricted access to users iCloud storage by simply entering their Apple ID and password into Elcomsoft Phone Password Breaker.
In a sense, Phone Password Breaker becomes an alternative way to get access to iOS devices content, says Vladimir Katalov, ElcomSoft CEO. Our Elcomsoft iOS Forensic Toolkit is only available to forensic customers, while other methods require the presence of the actual iPhone device being analyzed or at least an access to device backups. This is not the case with iCloud. With valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect.
If a user owns more than one device, and those devices are registered with the same Apple ID, their online backups can be seamlessly recovered from iCloud with no extra effort.
Gladiator Security Forum