ElcomSoft Discovers an Alternative Way of Accessing iPhone User Data, Provides Forensic Access to iCloud Backups
(PresseBox) (Moskau, )ElcomSoft Co. Ltd. discovers yet another way to access information stored in Apple iOS devices by retrieving online backups from Apple iCloud storage. The company updates Elcomsoft Phone Password Breaker, a tool to retrieve user content from password-protected backups created by Apple iOS devices and BlackBerry smartphones, with the ability to retrieve iPhones' user data from iCloud. No lengthy attacks and no physical access to an iPhone device are required: the data is downloaded directly onto investigators' computers (PC) from Apple remote storage facilities in plain, unencrypted form. Backups to multiple devices registered with the same Apple ID can be effortlessly retrieved. Investigators need to know user's original Apple ID and password in order to gain access to online backups.
The new version of Elcomsoft Phone Password Breaker offers forensic access to online backups produced by Apple iPhone devices and stored in Apple iCloud. By enabling forensic access to information stored in iCloud, ElcomSoft helps investigators recover more evidence faster while providing law enforcement and intelligence organizations with live access to users' online backups. Neither physical device nor access to suspect's computer is needed in order to access backup information. Instead, investigators gain full unrestricted access to users' iCloud storage by simply entering their Apple ID and password into Elcomsoft Phone Password Breaker.
"In a sense, Phone Password Breaker becomes an alternative way to get access to iOS devices' content", says Vladimir Katalov, ElcomSoft CEO. "Our Elcomsoft iOS Forensic Toolkit is only available to forensic customers, while other methods require the presence of the actual iPhone device being analyzed or at least an access to device backups. This is not the case with iCloud. With valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect".
If a user owns more than one device, and those devices are registered with the same Apple ID, their online backups can be seamlessly recovered from iCloud with no extra effort.
iPhone users have several options to back up the content of their devices. They can backup information stored in their device such as contacts, pictures, call logs and data into a file on their computer with the help of Apple iTunes. Alternatively, they can backup all that information into cloud storage maintained by Apple Inc. Introduced in June, 2011, the iCloud service allows users to store data from their devices on remote computer servers and share their files between multiple iOS devices. In addition, iCloud can be used as a data synchronization center for email, contacts, organizer events, bookmarks, pictures and other information. Various sources quote the service has as many as 125
iCloud backups are incremental. When set up to use the iCloud service, iPhones automatically connect to iCloud network and backup their content every time a docked device gets within reach of a Wi-Fi access point. This is to say, iCloud backups represent a fresh, near real-time copy of information stored in iPhone devices, including information about recently made and received calls, sent and received text and email messages, and so on.
Regardless of their location, iPhone backups contain essential information stored in the device. Information stored in iPhone backups includes email, accounts and passwords, call logs and text messages, calendars, appointments, contacts and organizer information. Pictures and Web browsing history including URLs of recently visited sites is also included. Information stored in iPhone backups can be essential for investigations, and is in high demand by forensic customers.
Access to offline backups often requires the recovery of the original plain-text password protecting the backup, which may be a time-consuming operation. On the other hand, retrieving backup information from iCloud storage requires the use or user's Apple ID and password. Interestingly, the password, if not already known, can be acquired from an offline backup produced with Apple iTunes, and used by investigators to watch suspects' activities by monitoring changes to their online iCloud backups.
Online backups can be retrieved by forensic specialists without having the original iPhone device in hands. All that's needed to access online backups stored in an iCloud are user's Apple ID and password. Data can be accessed without the consent of knowledge of an iPhone user, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organizations. At the same time, Elcomsoft Phone Password Breaker opens up a potentially sensitive issue of breaking into private domain of iPhone users.
About Elcomsoft Phone Password Breaker
Elcomsoft Phone Password Breaker provides forensic access to encrypted information stored in popular Apple and BlackBerry devices. By recovering the original password protecting offline backups produced with compatible devices, the tool offers forensic specialists access to SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings stored in those backup files. The new iteration of the product can also retrieve information from online backups stored in Apple iCloud providing that the original Apple ID and password are known.
Pricing and Availability
Elcomsoft Phone Password Breaker is available immediately. Home and Professional editions are available. Licenses start from $79. Elcomsoft Phone Password Breaker operates without Apple iTunes or BlackBerry Desktop Software being installed.
Elcomsoft Phone Password Breaker supports Windows NT4, 2000, XP, Vista, and Windows 7, as well as Windows 2003 and 2008 Server. Elcomsoft Phone Password Breaker Pro is available to North American customers for $199. The Home edition is available for $79. Local pricing may vary. More information at http://elcomsoft.com/...