ElcomSoft's Latest Tool Can Allegedly Access iMessages in iCloud, But Only in Extreme Circumstances

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jun 14, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Russian company ElcomSoft today claimed that the latest version of its Phone Breaker software can remotely access iMessage conversation histories stored in iCloud, although there are several strings attached.

    [​IMG]

    Namely, the person attempting to extract iMessages from an iCloud account would need the following before being able to do so:Elcomsoft Phone Breaker version 8.3
    The associated Apple ID email and password for the iCloud account
    The passcode, if an iPhone, iPad, or iPod touch, or system password, if a Mac, of at least one device on the account enrolled in Messages in iCloud, which requires iOS 11.4 and macOS 10.13.5 or later
    Access to a two-factor authentication method, such as a trusted secondary device, which may or may not have the same passcode or system password, or a SIM card for a phone number that has been authorized to receive one-time verification codes via SMSIt's worth noting that if the perpetrator has obtained physical access to at least one of your trusted secondary devices, and its passcode, they would be able to read at least part of your iMessage history regardless by simply opening the Messages app.

    Apple obviously cares very deeply about the security of its customers, but if a bad actor has gained access to another person's Apple ID credentials, your passcode, and at least one of your Apple devices, or your SIM card, there arguably isn't really much the company can do at that point to protect you.

    That's why it's so important, as Apple routinely stresses, to set a strong password for your Apple ID, not share that password with others, enable two-factor authentication, and keep careful possession of your devices. It also helps to set a strong alphanumeric passcode on an iOS device, rather than a four-digit one.

    Apple says iMessages are protected with end-to-end encryption, and notes that messages can't be accessed by anyone without your device passcode. As an additional safeguard, Apple requires that users have two-factor authentication turned on for their Apple ID accounts to enable Messages in iCloud.

    [​IMG]

    ElcomSoft's tool seems to be taking advantage of the fact that, if iCloud Backups are turned on, a copy of the encryption key protecting iMessages is included in the backup, according to a support document on Apple's website:
    Given the extenuating circumstances required, the vast majority of users shouldn't have anything to worry about. But it's a good reminder to maintain strong security practices on all of your devices to stay safe.

    Article Link: ElcomSoft's Latest Tool Can Allegedly Access iMessages in iCloud, But Only in Extreme Circumstances
     
  2. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
  3. Chabba macrumors regular

    Joined:
    Jul 17, 2011
    #3
    So they can access your data if they have access to your data...? Sounds like that to me.
     
  4. cjbryce macrumors 6502

    cjbryce

    Joined:
    Jun 4, 2008
    Location:
    London
    #4
    Erm, so if I have a device, Apple ID the passcode/password and a second device for two-factor auth, I can log in to an iCloud account? NSS.
     
  5. HenryFSU macrumors newbie

    HenryFSU

    Joined:
    Jul 8, 2015
    Location:
    Orlando, FL
    #5
    Is this Onion News? I can break into any account with all this info !
     
  6. outskirtsofinfinity macrumors member

    outskirtsofinfinity

    Joined:
    Aug 2, 2017
    Location:
    Calgary
    #6
    I can break into anyone's iCloud account, given their Apple ID email and password.

    I'm assuming the messages are all there, but only if Messages in iCloud is turned on?
     
  7. AlxM macrumors newbie

    AlxM

    Joined:
    Mar 21, 2018
    Location:
    North America
    #7
    If an attacker has all that info, they can do a whole lot more than just access my messages...
     
  8. Christoffee macrumors 6502

    Christoffee

    Joined:
    Jul 26, 2012
    Location:
    UK
    #8
    I'm not sure Elcomsoft Phone Breaker version 8.3 is required. o_O
     
  9. nfl46 macrumors 604

    Joined:
    Oct 5, 2008
    #9
    Oops, it says, "Russian company..." I'm fairly sure this is fake news, right?

    Interesting story, though.
     
  10. Beelzbub macrumors 6502

    Joined:
    Feb 6, 2012
    #10
    Give me the same info and I can do the exact same thing and then some, no phone breaker software required, and I only charge a case of beer.
     
  11. slimtastic Suspended

    slimtastic

    Joined:
    May 17, 2018
    Location:
    Your Mother's Bedroom
    #11
    BREAKING NEWS: If someone gets your Apple ID, Password, Passcode, AND PHYSICAL ACCESS TO YOUR DEVICE, they may be able to get your info! You HAVE BEEN WARNED.

    Lmao
     
  12. FelixDerKater Contributor

    FelixDerKater

    Joined:
    Apr 12, 2002
    Location:
    Nirgendwo in Amerika
  13. zorinlynx macrumors 601

    zorinlynx

    Joined:
    May 31, 2007
    Location:
    Florida, USA
    #13
    HEY YOU KNOW WHAT I found a security hole in my bank's ATMs, if someone has my card and PIN they can take out my cash!!! HOLY CRAP WHAT WILL WE DO NOW!??!
     
  14. rotax macrumors regular

    Joined:
    May 17, 2010
    #14
    Its completely useless and unnecessary. This post and PR for ElcomSoft is clickbait.
     
  15. ViDeOmAnCiNi macrumors member

    ViDeOmAnCiNi

    Joined:
    Sep 15, 2016
    Location:
    AZ
    #15
    I've totally figured out how to access *anyone's* home! You'll need:

    Their permission
    Door key(s)
    Alarm code(s)
    Familiarity with their killer wiener dog, Bunz
    Friendships with their neighbors as to not arouse suspicion

    ..and you are *totally* in!

    Enjoy!
     
  16. redneckitengineer macrumors regular

    redneckitengineer

    Joined:
    Oct 27, 2017
    Location:
    Tennessee
    #16
    How is this any bit of a hack? You basically have to be the owner of the account to have that much of the information required to make this work. This helps no one.
     
  17. Mikey44 macrumors member

    Mikey44

    Joined:
    Mar 6, 2012
    #17
    This is marketing at it's finest.

    Elcomsoft Phone Breaker allows you remote access to users iCloud iMessages!*

    *Only if you have access to the physical device that's a trusted device on the account, the account username and password, and the passcode of one of the devices. Why wouldn't you just view the iMessages on the device you ask? We don't make money that way, so buy our product please. It works great! Promise!


    So silly...
     
  18. Jetfire macrumors 6502

    Joined:
    Jul 10, 2008
    Location:
    Cincinnati, Ohio, USA
    #18
    How is even news? Is Macrumors using bot to write articles? Did it just pick up a news release for this company and make a story out of it? The moral of the story is, I can access your stuff if you give me access to you stuff.
     
  19. Creepitor macrumors regular

    Joined:
    Nov 4, 2016
    #19
    You won’t be able to get in with the Apple ID and password if their two-factor authentication is enabled, you’ll need physical access and the passcode of a thrusted device. That’s why two-factor authentication is pushed so hard by Apple
     
  20. Attirex macrumors 6502

    Joined:
    Apr 8, 2015
  21. Treq macrumors 6502a

    Treq

    Joined:
    Apr 23, 2009
    Location:
    Santa Monica, CA
    #21
    Even I can access someone's iMessages with all that stuff. What the hell do I need them for?
     
  22. Lord Hamsa macrumors 6502a

    Joined:
    Jul 16, 2013
    #22
    I'm pretty sure the whole POINT of the system is that you can get access with the 2nd, 3rd, and 4th bullet points without the Elcomsoft product.

    I mean "we can totally hack an account if we have the user's password, physical device, and two-factor method" isn't exactly much of a sales pitch. I can "hack" the account myself with the same set of requirements. You, know, by simply logging in.
     
  23. ryanasimov macrumors regular

    Joined:
    Apr 1, 2007
    #23
    Real question: If you have the have the device, password, and passcode, why do you need Elcomsoft Phone Breaker?
     
  24. oneMadRssn macrumors 601

    oneMadRssn

    Joined:
    Sep 8, 2011
    Location:
    Boston, MA
    #24
    I came here hoping to see these sarcastic replies. I was not disappointed.

    Yea, this whole article is garbage. I've seen mods on the forum delete more legitimate posts than this article.
     
  25. Soba macrumors member

    Soba

    Joined:
    May 28, 2003
    Location:
    Rochester, NY
    #25
    I don't understand this story, but I loved this part:

    "Apple obviously cares very deeply about the security of its customers[…]"

    I am grateful that Apple is so emotionally invested in and selflessly benevolent toward all of us. This sounds even worse than a press release. :rolleyes:
     

Share This Page