Forensic tool cracks into iCloud data with no password or Apple ID required

Some people pay little attention when there’s a new password cracker because they think along the “bite me” lines of “big deal ‘cause I have a 30-character password securing my account; good luck cracking that.” Other folks are on the other side of the spectrum, knowing a rainbow table isn’t exactly necessary for a highly guessable password like “password” or “123456.” But if you are a big fan of Apple and of iCloud storage, then you might be interested to learn there’s a new forensic tool capable of “over-the-air acquisition of iCloud data without having the original Apple ID and password.”

iCloud

For the last two years, Elcomsoft has been able to remotely access and download iOS mobile backups so long as the Apple ID was known; but now the $399 forensic edition of Elcomsoft Phone Password Breaker allows “breaking into iCloud, no password required and no Apple ID required either.” Elcomsoft’s Vladimir Katalov advised cops and forensic investigators not to get too excited as “you’ll still need the suspect’s PC with iCloud Control Panel installed.”

It’s not black magic, but works as a command-line tool extracting the iCloud binary authentication token. The “user must’ve been logged in to iCloud Control Panel on that PC at the time the computer is seized. If the user logged out of the Panel, the authentication tokens are then deleted.”

The newest version of Elcomsoft Phone Password Breaker can recover “the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices.” Those backups “contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.” Apple users, even if you don’t manually create backups, backups happen automatically every time you sync your device.

iCloud Control Panel is part of iTunes and comes installed on OS X devices, but has to be installed on Windows devices. “The given feature is confirmed to work even for accounts with Apple's two-step verification enabled, but does NOT work for Microsoft Live! accounts that use 2FA.”

You don’t have to be law enforcement to purchase the forensic edition, as Elcomsoft says it is all legal so long as:

If it’s your iPhone and your backups, or if you have a permission from the owner, or there’s a court order, or you know for sure the owner wouldn’t mind, or suspect the owner of cheating… ;-) 

Password-free access to iCloud is a pretty big deal, but could become even bigger as the cost for iCloud plans show that Apple has gotten serious about competing in the cloud storage marketplace. Apple announced that it will drop cloud storage prices later this year, giving users 5 GB of storage for free, with a 20 GB iCloud plan costing .99¢ per month and 200 GB costing $3.99 per month. Apple’s new iCloud pricing for 200 GB makes it more affordable than Microsoft OneDrive’s 200 GB for $8.34 monthly, Box’s $10 a month for 100 GB, and DropBox’s 100 GB for $9.99 per month.

Apple announced numerous iCloud features coming later this year, pimping iCloud Photo Library like “Fill your library, not your device.” With iCloud Drive “you have the freedom to work with the file of your choice on the device of your choice. Because with iCloud Drive, you can safely store all your presentations, spreadsheets, PDFs, images, and any other kind of document in iCloud and access them from your iPhone, iPad, iPod touch, Mac, or PC.”

OS X Yosemite preview of iCloud Drive states, “Store any type of file in iCloud and access it on any device. With iCloud Drive, you can organize your files in the cloud the way you like, create as many folders as you want, and add tags to find files faster.”

When it comes to cloud control, “you can already see what pages you have open on all your Macs and devices using iCloud Tabs.” However in Yosemite, as Jonny Evans pointed out, “you can remotely close those pages.” The upcoming OS X will also let users “log into their Mac user account using their iCloud password instead of using the existing User account password system.”

iCloud preview OS X Yosemite

Make sure you log out of your iCloud account so your iCloud authentication token will be deleted. Elcomsoft said the tokens can't be reverse-engineered and could expire but the time-frame for that is unknown. No guarantees that LEA wouldn't just access the cloud data via the provider, instead of the going to the legal 'trouble' of a probable cause warrant and then seizing the device.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies