ElcomSoft's Phone Forensics Software Offers Near Real-Time Access to iCloud Backups

MacRumors

macrumors bot
Original poster
Apr 12, 2001
47,602
9,386





Russian forensics firm ElcomSoft earlier this week announced that it has discovered a way to easily access iCloud backups of iOS devices, incorporating the functionality into its Elcomsoft Phone Password Breaker software. While the Apple ID and password must be known in order to access the iCloud data, once that information has been obtained the software makes it easy for investigators to download full iCloud backups and then follow incremental backups in near real-time to track a device's use without the knowledge of the user.
ElcomSoft researchers analyzed the communication protocol connecting iPhone users with Apple iCloud, and were able to emulate the correct commands in order to retrieve the content of iOS users' iCloud storage. It's important to note that, unlike offline backups that may come encrypted and must be broken into (a time-consuming operation), data retrieved from iCloud is received in plain, unencrypted form . The 5GB of storage space can be retrieved in reasonable time, while receiving incremental updates is even faster.
Obtaining a user's Apple ID password may not always be trivial, but ElcomSoft tools can also be used to capture that information from offline backups stored in iTunes. And of course if the user disables iCloud syncing on its device or changes the Apple ID password, remote access is lost.

ElcomSoft has been at the forefront of development of password-cracking tools, last year incorporating a tool to bypass hardware encryption included in iOS 4. Such tools are increasingly being used by law enforcement to aid their investigations as smartphones become increasingly common and collect a growing amount of information about users and their activity.

ElcomSoft offers several levels of its software, with the most powerful versions restricted to certain governmental agencies, including law enforcement, intelligence services, and other qualified forensic organizations.

Article Link: ElcomSoft's Phone Forensics Software Offers Near Real-Time Access to iCloud Backups
 

tranceme

macrumors member
Jan 10, 2006
82
33
California, US
But, don't you need the username and password?

"While the Apple ID and password must be known in order to access the iCloud data"

If you got that, why does it matter? Or is that you just can't delete the backups completely? That part would stink regardless of this silly software. A subpoena would force Apple to hand this over anyway, right?
 

blow45

macrumors 68000
Jan 18, 2011
1,576
0
another day, another security fiasco for apple

Another security fiasco from Apple putting their users data at risk. You simply can't trust this company anymore for providing secure robust solutions for their users. They just don't put due effort and involvement in software development.

But what do they care? It's the users data, not theirs.Theirs is hosted on non os x reliable servers. Ask them if anyone uses os x lion server for anything in the backbone of apple's infrastructure.

Mobileme was equally a security nightmare sending unencrypted information and they've done little to none to fix this. Steve Jobs asked why would you trust us when we brought you mobileme? He was right, people shouldn't have trusted apple.
 

DavidLeblond

macrumors 68020
Jan 6, 2004
2,197
286
Raleigh, NC
But, don't you need the username and password?

"While the Apple ID and password must be known in order to access the iCloud data"

If you got that, why does it matter? Or is that you just can't delete the backups completely? That part would stink regardless of this silly software. A subpoena would force Apple to hand this over anyway, right?
Read the next paragraph.

Obtaining a user's Apple ID password may not always be trivial, but ElcomSoft tools can also be used to capture that information from offline backups stored in iTunes. And of course if the user disables iCloud syncing on its device or changes the Apple ID password, remote access is lost.
 

benguild

macrumors 6502a
Jul 29, 2003
822
36
This is such ********. Why can't Apple get it together and make it more secure? Millions of people rely on these devices....
 

blow45

macrumors 68000
Jan 18, 2011
1,576
0
Assume that if you have data on a computer connected to the internet that the data are not secure.
I would assume that when I pay money for a cloud service it's supposed to keep my data secure, as I would assume that if I paid money to a security service they would keep my house, well, secure....If they want us to make the assumption that security is not on the table they shouldn't be offering icloud to begin with. If they can't sort it out themselves they better buy these russian guys, and any hacker they can to make damn sure they keep our data secure. God knows they can afford it. They can afford paying some guy from dixons $50 million and they can't afford the best hackers to safeguard their users' data? :mad: Do they still think they are operating out of Steve's garage at apple?
 

KPOM

macrumors G5
Oct 23, 2010
14,569
3,115
One more reason not to rely on iCloud backups.
More precisely, this is a reason to be a bit suspicious of the cloud in general.

Another security fiasco from Apple putting their users data at risk. You simply can't trust this company anymore for providing secure robust solutions for their users. They just don't put due effort and involvement in software development.
This is not limited to Apple. While I'm sure that, as a consumer-oriented service, Apple's iCloud is likely less secure than other cloud solutions, don't think that other services are exactly risk-free, either. A lot of enterprises restrict or limit the use of iCloud or Google's cloud services on iOS and Android phones and tablets for this very reason. For instance, as a condition of allowing iPhones and iPads onto our Exchange server, my employer requires us to install a profile that turns off iCloud document sharing.

The cloud is a great convenience, but it brings with it a brand new set of security issues.
 

nickn

macrumors 6502
Jun 17, 2011
386
0
I have been saying these cloud storage services are not secure since day one, but no one agreed with me...
 

macbwizard

macrumors 6502
May 23, 2005
279
2
Wow. Hopefully Apple with patch this. It makes you wonder though about the backdoors that are built into this sort of thing for the NSA/FBI.
 

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
I sure hope law enforcement has to have a warrant to use this sort of thing.
Given that these "security" applications come from Russia, a land widely known for its transparency, extremely low corruption levels and respected institutions, what should you expect?

Such software should not only be banned; its developers should also be locked up in jail as an example to other hackers.
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,050
Firstly, there have been products available to the forensic community that do this and much more for years now.

You guys need to realize that these tools aren't just freely available to anyone. These tools aren't used until a suspect is arrested and a warrant issued to allow for the search of their electronic devices.

It's funny to see how people get all up in arms about this kinda stuff. They think their rights are going to be violated. This isn't the case. If you aren't doing anything wrong, you have nothing to worry about. Additionally, I'm sure you'd be all in favor of this kinda stuff if your child was kidnapped and a search of the suspects phone or computer may lead to the safe return of your child.

This isn't something that Apple can or will patch.
 

andiwm2003

macrumors 601
Mar 29, 2004
4,340
400
Boston, MA
Given that these "security" applications come from Russia, a land widely known for its transparency, extremely low corruption levels and respected institutions, what should you expect?

Such software should not only be banned; its developers should also be locked up in jail as an example to other hackers.
i don't think the problem are the developers of this software. apple sending unencrypted data is the problem.
 

urbanslaughter1997

macrumors regular
Aug 3, 2007
240
109
Seriously, I don't think I'm a tech idiot, but I had to go into the comments section just to begin to understand what the article was saying. From the headline I was thinking, "cool, this software will make it easier for me to download things I have stored in iCloud". :rolleyes:
 

b0nd18t

macrumors 6502
Apr 9, 2012
298
785
Firstly, there have been products available to the forensic community that do this and much more for years now.

You guys need to realize that these tools aren't just freely available to anyone. These tools aren't used until a suspect is arrested and a warrant issued to allow for the search of their electronic devices.

It's funny to see how people get all up in arms about this kinda stuff. They think their rights are going to be violated. This isn't the case. If you aren't doing anything wrong, you have nothing to worry about. Additionally, I'm sure you'd be all in favor of this kinda stuff if your child was kidnapped and a search of the suspects phone or computer may lead to the safe return of your child.

This isn't something that Apple can or will patch.
Well said. Especially the part about if you child was kidnapped.
 

whatuseristhis

macrumors newbie
May 18, 2012
1
0
Firstly, there have been products available to the forensic community that do this and much more for years now.

You guys need to realize that these tools aren't just freely available to anyone. These tools aren't used until a suspect is arrested and a warrant issued to allow for the search of their electronic devices.

It's funny to see how people get all up in arms about this kinda stuff. They think their rights are going to be violated. This isn't the case. If you aren't doing anything wrong, you have nothing to worry about. Additionally, I'm sure you'd be all in favor of this kinda stuff if your child was kidnapped and a search of the suspects phone or computer may lead to the safe return of your child.

This isn't something that Apple can or will patch.
Well I partly agree with you. Anyone can reverse engineer a protocol and then use it at will. The packets are in the wild for anyone with a sniffer to start analyzing...and this certainly isn't the first time someone has done such a thing.

The part that alarms me here isn't that this is possible (edit: or that law enforcement uses it, don't really have a huge issue there), but that Apple is sending our personal data in plain-text across the internet. That is certainly something Apple can fix. Really they should be using encryption from the get go.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.