ElcomSoft's iOS Forensic Toolkit cracks iCloud backups

by David Needle

May 17 2012

A new forensic tool is designed to give investigator's access to iCloud backups.
A new forensic tool is designed to give investigator's access to iCloud backups.

A Russian company called ElcomSoft says it’s figured out a way to access a user’s online backups stored in Apple’s iCloud service.

The company claims the point of ElcomSoft Phone Password Breaker is designed as a forensic tool investigators can use to get at files faster as part of the evidence gathering process. 

“In a sense, Phone Password Breaker becomes an alternative way to get access to iOS devices’ content”, said ElcomSoft CEO Vladimir Katalov in a release. 

The company says its iOS Forensic Toolkit is only available to “forensic customers” and specifically mentions “law enforcement and intelligence organizations with live access to users’ online backups” though it’s not clear if there are any kind of credentials check. For the software to work, an investigator does need to know the user’s original Apple ID and password in order to gain access to online backups.

But in an ironic bit of timing, assuming the news is unrelated, AppleSider reported today that a small number of iCloud accounts may have recently been compromised. The article sites a thread in the Apple Support Communities forum, where several iCloud users voiced concern

One of the affected people, with the username "solargaze," said their Me.com e-mail address was hacked into and began sending out spam on Wednesday. Apple has yet to comment publicly on the matter. 

ElcomSoft said once access is achieved using its software the user’s data is downloaded directly onto investigators’ computers (PC) from Apple remote storage facilities in plain, unencrypted form.

Also, if a user owns more than one iOS device registered with the same Apple ID, ElcomSoft says its program will also recover all of those online backups from iCloud as well. 

The company notes that other recovery methods require direct access to the iPhone or iPad or at least access to device backups. “This is not the case with iCloud,” said Katalov. “With valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect.” 

Apple says its iCloud service, which lets users synchronization email, contacts, bookmarks, pictures and other information, has, over 100 million users. The company is rumored to be set to unveil a major upgrade at its WWDC (World Wide Developers Conference) next month that would include major photo-sharing enhancements. 

Links & Apps

Share with: Comment   v

Free newsletters for more tablet news, insights, apps and tips



Comments

 

Latest in tablet business / productivity