“iCloud Keychain was long considered to be unbreakable,” says Vladimir Katalov, ElcomSoft CEO, in a statement. “Gaining access to passwords from iCloud Keychain was a major challenge. iCloud Keychain is a complex and extremely secure online password storage and synchronization system. Building a tool that can enroll into iCloud Keychain was a major achievement.”
By extracting user’s saved passwords from iCloud Keychain, experts examine the user’s online accounts, access social networks, extract chats and conversations. In addition, saved passwords make for a highly targeted custom dictionary for running accelerated brute-force attacks on user’s encrypted containers, archives and documents.
Information is obtained directly from the user’s iCloud account. In order to access iCloud Keychain, the original Apple ID login and password are required. Access to a trusted device is mandatory if two-factor authentication is enabled on the user’s account, along with device passcode (iOS) or system password (macOS) of a device already enrolled to iCloud Keychain. Without two-factor authentication, the expert will need to confirm a notification prompt on one of the trusted devices and supply the user’s iCloud Security Code.
Elcomsoft Phone Breaker is an all-in-one mobile acquisition tool to extract information from a wide range of sources. Supporting offline and cloud backups created by Apple, BlackBerry and Windows mobile devices, the tool can extract and decrypt user data including cached passwords and synced authentication credentials to a wide range of resources from local backups. Cloud extraction with or without a password makes it possible to decrypt FileVault 2 containers without lengthy attacks and pull communication histories and retrieve photos that’ve been deleted by the user a long time ago.
Source: ElcomSoft Co.Ltd.
“In an email to The Register, CEO Vladimir Katalov said this capability is not the consequence of any vulnerability. Rather, it’s intended for forensic investigators and law enforcement, given that an Apple ID and a trusted device are necessary,” Thomas Claburn reports for The Register.
“Katalov said this is not a exploitation of a vulnerability and there’s nothing Apple can patch. Rather, ElcomSoft is exposing functions that Apple has not made available – Apple does not provide any means of accessing iCloud Keychain,” Claburn reports. “Katalov said the technique works with beta releases of iOS 11 and macOS High Sierra, which Apple is expected to introduce in a month or two.”
Read more in the full article here.
MacDailyNews Take: Yet another reason to enable two-factor authentication if you haven’t already done so.
Apple keeps constant log of phone calls in iCloud, security firm says – November 17, 2016