back to article Off-the-shelf forensics tool slurps iPhone data via iCloud

ElcomSoft has updated its mobile forensics software to include the ability to retrieve online backups from Apple iCloud storage. The enhancement to Elcomsoft Phone Password Breaker adds the capability to retrieve user data associated with iPhones from Apple's iCloud online backup service. Backups to multiple devices registered …

COMMENTS

This topic is closed for new posts.
Holmes

"This...

... would never have happened inside a menhir."

3
0
Anonymous Coward

and the safe guards are?

You are being watched.

1
0
g e
Silver badge

Why no Android phones?

Are they not worth the effort or are they really more secure than the naysayers would have us believe?

I don't believe they're not worth the effort, so...

3
2
Anonymous Coward

Re: Why no Android phones?

Well if you have the user's Google login and password which he uses to sync the phone - like the Apple ID/pass you need for this one - you can pretty much get their information straight away online, no expensive and slow decryption software even needed.

4
3
g e
Silver badge

Re: Why no Android phones?

And if you don't?

Just guessing here but crims don't usually give that stuff up so easily do they?

1
1
Anonymous Coward

Re: Why no Android phones?

Well you can say the same about the Apple ID and password... Would they give that so easily?

1
0

This post has been deleted by its author

Anonymous Coward

Re: Why no Android phones?

"Well if you have the user's Google login and password which he uses to sync the phone - like the Apple ID/pass you need for this one - you can pretty much get their information straight away online, no expensive and slow decryption software even needed."

RUBBISH!

3
2
Rob
Stop

Re: Why no Android phones?

Although that might not work if the user uses the 2 step Google authentication process. My Android phone had to be set up with an application specific password so that it could access my Google account, which could only be generated in my Google account, which requires the authenticator to access.

Although I don't know enough about how Google 2 step process works so there might be some flaws that could be used.

3
0
Anonymous Coward

Re: Why no Android phones?

Maybe... I don't understand Google's 2-step authentication very well (specifically how it handles those application specific passwords, how do they know it's the same device/app?)

But that's another thing I never understood either, Google has complete control of the whole stack, so why can't they implement their own 2-factor authentication for Android?

0
1
Gold badge

Re: Why no Android phones?

Android simply forces you to use Google - a lot of the functions simply do not work without a Google account, so there is a nice audit trail of when you used a function (and possibly where you were at the time as parts of the Streetview WiFi sniffing now is done through Android as well).

With Apple, the iWiretap, sorry, iCloud and iMessage services are at least still optional - it also works if you do NOT want to use because you have such trivial things to worry about like client confidentiality (the bit they never mention about gov santioned intercept is that YOU still get to hold the can if any of that data leaks).

Also, Apple isn't really in the business of grabbing/stealing and sucking as much data from users as they can get away with (and even NOT get away with as long as they don't get caught) - that's Google's business model. Apple sells mainly kit and an ecosystem to go with it..

1
2
Anonymous Coward

Re: Why no Android phones?

The whole two factor thing with Google is a bit of a useless tech if you're only using it to stop strange logins from remote places, it will likely not someone close to you.... and nothing local. I can view the first few characters of a text message without even unlocking my One X, so I can see the entire code without needing to unlock the phone. Though, obviously they would know someone has requested an access (though, might dismiss it as someone remotely, not locally)

I'd really prefer a native Android client, if I was honest. I'm sure a native client could read the text message anyway, and take it away from the standard messaging interface making a login to the phone required to actually see the code.

0
0
Rob

Re: Why no Android phones?

I don't use the SMS based version, I have the Authenticator App installed on my phone, which is also password protected.

I agree with you about 'over-the-shoulder' theft and hence always try to avoid SMS based authentication.

0
0

Re: Why no Android phones?

I bought one the other day. To my surprise. Impulse perhaps; it was on offer. I still have my very old Symbian phone because I don't yet feel very impressed. However, Apple, who'd have thunk that people would buy a phone on which you can only store music/etcetera if you first send it to Apple's cloud, and that Apple would equip people with the means to snoop on users? There again, who'd have thought that Apple's computers/grope pads are now very insecure, as insecure as MS products in the 1990s. (Rhetorical Q, so please don't answer the musings of a man who will never buy Apple!)

0
0
Silver badge

Sir

I'm guessing that this isn't just read-only access that is achieved.

If this is the case then how trivial would it be for a bent copper (they do exist you know) to put a bit of incriminating info on the records of the suspected perp?

Surely this would eventually undermine evidencial(sp?) integrity when it comes to court? Especially if this software gets out into the wild.

5
0
g e
Silver badge

Re: Sir

I suppose the sofwtare might encrypt the data retrieved with a key or some kind of MD5 verification to ensure that version remains untampered should it need to be compared to the original device in the future?

You'd bloody hope so, anyway.

1
1
Anonymous Coward

Re: Sir

That won't work.

The 'backup' copy will not match the live data almost immediately after the backup has occured. All it takes is the sending or receiving of 1 email (or any action that changes the data) to make them (and their MD5 checksums) different. Somebody could easily claim that the reason you don;t have a copy of the 'pedo' image they 'found' in your backup, on your phone is that you deleted it. How would you prove otherwise.

The only way this could be used as evidence is if Apple keep archived/read-only copies of the uploads - which I doubt they do.

1
0
g e
Silver badge

Re: Sir

Wouldn't they back it up in a room with no signal or a blocked signal to prevent e.g. the user remotely wiping their 'lost' phone when it connected to the network?

0
1
Anonymous Coward

Re: Sir

Sir,

As allegedly bent copper, your (allegedly lazy/out of touch/chip on shoulder/Tory (add or delete as appropropriate)) Honour, I think he should get life for possessing an underage computer thing...

I agree, Your Honor, snipples in Barrister Dandus-Doublus-Names-Oxfordus (who being totally ignorant of the webby has used a journalist as his expertus witessus)..

as much as i dislike apple fanbois, falsifying or 'forgeting' evidence will happen - just read the Appeals Hearing that will be issued today about a murder case where the 24 yo was bailed yesterday after years in prison...

its getting too easy to set people up...

Signed

The Paranopid Perspective

3
0
Anonymous Coward

Re: Sir

That's the problem with any of the RATs (remote access technologies) such as Trojans used by Law Enforcement. They all so far seem to have the 'plant a file' capability. As one of the last things that a RAT does is delete all traces that it was ever there, and as actual use of RATs are rather covert - one can see a fairly humongous loophole looming! There's to my untrained legal mind a large whiff of 'doubt' creeping into the world of f'rensics based on the rampant use of surveillance technology

yet again a brilliant technical idea, that is easy to install on Win/Mac, but who's holistic impact might not have been actually sociologically studied. How many sociologists live in Cheltenham?

thats what we want to know and we want to know now! /rant

1
0
404
Bronze badge

oh boy, oh joy

just wonderful...

:(

0
0
Anonymous Coward

"Cops don't need your actual phone any more"

Unless you don't have an iPhone, of course :-)

I think Apple should provide some way of encrypting the file (with a separate password) before it is uploaded - then store it as an encrypted file in iCloud. Being able to get at this data just knowing the apple logon is a bit poor - and I expect lots of phishing e-mails to result from this news.

Whilst not an i-phone user this weakness means that somebody may be able to get at information about me (and e-mails sent by/to me) on OTHER peoples i-phones - so it does affect me too.....sort it out apple.

4
2
Anonymous Coward

Re: "Cops don't need your actual phone any more"

> Being able to get at this data just knowing the apple logon is a bit poor

No. you need the login details AND you need to buy this expensive software which cracks the encryption using GPUs etc.

It's not suitable for mass usage like the phishing scenario you propose.

0
2
Anonymous Coward

Re: "Cops don't need your actual phone any more"

Thanks AC now you made me worried about all those malware carrying Android users I've been in touch with.

Think I'll only be friends with dumb phone owners from now on.

0
1
Anonymous Coward

Re: "Cops don't need your actual phone any more"

the iFannybois are just to much trouble.

Just don't bother communicating with them! Even better. Better off without them.

0
2
Anonymous Coward

Re: "Cops don't need your actual phone any more"

"Think I'll only be friends with dumb phone owners from now on."

As an iFannyboi your already are sonny.

1
2
Bronze badge

Re: "Cops don't need your actual phone any more"

iCloud backups are encrypted anyways - http://support.apple.com/kb/HT4865

But if a dude manages to get hold of your User ID and password, your data is obtainable, as you might expect. Just like in a million other walks of life.

If that in itself worries you, and you have particularly sensitive stuff on your OS device, don't back it up to iCloud. You do have a choice.

1
0
Anonymous Coward

Re: "Cops don't need your actual phone any more"

I don't know "Obviously?", but one thing I do know for sure is that I'll keep away from any rabid users like you. It seems that you have so much malware it's already infected your brain.

To be honest I can't even understand what you wrote.

0
0
Silver badge
Thumb Down

"iPhones automatically connect to iCloud network and backup their content every time a docked device gets within reach of a Wi-Fi access point"

No they don't, in order to backup to iCloud, your device must be on a charger, on wifi, with the screen locked and off.

I know, because my wifi is being a bit flakey with devices going into power save, and my iphone keeps telling me it hasn't backed up to iCloud in N weeks, and under what circumstances it will backup to iCloud.

1
0
Anonymous Coward

Got to love the titles here

Changing the title to match reality, ie "OFF-THE-SHELF FORENSICS TOOL SLURPS IPHONE DATA VIA ICLOUD IF YOU HAVE THE USERS LOGIN AND PASSWORD"

wouldn't make it seem such an interesting achievement.

5
0

Re: Got to love the titles here

Exactly! How is this an article? If I can get your username and password I can get at your stuff. In other news, the Pope has been outed as a Catholic and scientists have discovered that bears sh*t in the woods.

Somebody suggested having encryption, with a separate password, as a solution. Trouble is that this is open to the same ingenious attack vector. If I have your encryption pass phrase I can unencrypt your data - we're all doomed.

1
0

Re: Got to love the titles here

If you consider the implications this is news because once they have access to your iCloud backup they can access a complete backup on the phone in your pocket.

Now since the phone backs up whever it finds a wifi network it can use if you're wandering close to somewhere with public wifi (most city centers) then they have close to real time access to call logs and text messages. All completely unknown to the "perp" / target.

1
0
WTF?

OK, I'll ask Is this news?

If I know the Apple username and password I can grab a clean iPhone and restore the iCloud backup to it. That is the whole purpose of iCloud backups.

Reading the article it seems the only thing they've done is dispense with this extra phone.

1
0
Silver badge

Re: OK, I'll ask Is this news?

"The enhancement to Elcomsoft Phone Password Breaker adds the capability to retrieve user data"

There's a clue in there somewhere, buggered if I can see it though - as you were!

1
0
Anonymous Coward

Re: OK, I'll ask Is this news?

Well yeah, but you could always restore the backup to a phone and run the old password breaker on it.. Still don't see how this adds much.

0
0
Anonymous Coward

Apple iCloud - Everything Everywhere to ANYONE!

Surely iFannybois considered this before purchase??

(Simple chose not to backup to cloud, it's so simple even a fannyboi can do it! Tho Wait!)

SNIGGERS.

0
2
Meh

Reminiscent of the Burglariser FAQ

"Can Burglariser really unlock any dwelling?"

"Yes, by simply utilising a dwellings access key that you have previously obtained, Burglariser will give you free reign to the contents of that dwelling. If you do not have an access key don't fret, they are very easy to locate, there is generally one hanging on a key hook inside the dwelling or you could simply use social engineering to recover the key, threatening the homeowner with a beating for example"

4
0

No surprises here then

This is what happens if you stick all your stuff in one box, and you neither own the place nor have control of it.

You might as well ask a stranger who "appears the honest type" to look after your house keys.

I don't use iCloud myself anyway. Not just because of trust, but because I find it completely confusing; it does what with what? Sends it where? When? What???

The first and only time I tried to activate Backup via iCloud is proceeded to try and upload 6GB photos from my iPhone...before anything else. Obviously my photos are more important than my contacts and settings. Maybe I was doing it wrong, but asking Siri yielded no answers...

0
0

So....

If The Pirate Bay is complicit in allowng access to stolen content, then this application allows you to steal content..

then how is it not under legal scrunity as being a law breaking facilitator, which is also a commercial money maker?

Sometimes i dont understand.

0
0

"With a valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect."

If the phone is in the hands of a suspect it's not exactly sized is it ?

That said you could size their laptop "forget" about the iphone (knowing they use iCloud) and then you can extract and crack the password from the laptop itunes, access the iCloud backup and then tap into their calls & texts without ever touching the iphone.... genious !

I would hope that needs a warrant though.

Finally in any other circles this would be treated as an outragous hack and backdoor into your backed up data. But since it's only available to "security & law enforcement services" it's ok then ?

0
0
Facepalm

Damn my spelling & grammer need work

0
0
Anonymous Coward

Why is this tool needed at all?

Law enforcement agencies do have access to email providers like hotmail, gmail etc. Google has a transparency list showing the number of requests per country. Typically 4-5 digit numbers with a 30% growth rate. Of course they have access to live phone calls as well. So what should prevent them from accessing the backups in the iCloud directly?

So such a tool is more of interest to groups which have no legal right to access the data. Among the data are certificates and keys. This is an attack vector for industrial espionage. Thinking about the use in parliaments this is also useful for classical espionage.

0
0
This topic is closed for new posts.

Forums