Posts Tagged ‘iCloud’

“We take privacy very seriously” – Apple, we do not buy it, sorry

Friday, November 18th, 2016

Good news: Apple has officially responded.

Bad news: We don’t buy it. Their response seems to address a different issue; worse, some of the reporters just quoted what Apple said without real understanding of the actual issue. So let’s try to follow the story step by step.

Apple has an option to back up phone data to iCloud. Doing that for many years now. On our side, we have a feature to download iCloud backups. The feature has been there for years, too. We are also able to download everything from iCloud Drive (including data belonging to third-party apps, something that is not available by standard means). We can download media files from iCloud Photo Library (and by the way, we discovered that they were not always deleted, see iCloud Photo Library: All Your Photos Are Belong to Us). Then we started to research how iOS devices sync data with iCloud, and discovered that Apple stores more than they officially say. All iOS versions allow users to choose which bits of data are to be synced – such as contacts, notes, calendars and other stuff. Here is a screen shot from iCloud settings captured on iPhone running iOS 10:


icloud_drive

(more…)

iOS Call Syncing: How It Works

Thursday, November 17th, 2016

In our previous article, we figured that iPhone call logs are synced with iCloud. We performed multiple additional tests to try to understand exactly how it works, and are trying to guess why. (more…)

iPhone User? Your Calls Go to iCloud

Thursday, November 17th, 2016

iCloud sync is everywhere. Your contacts and calendars, system backups and photos can be stored in the cloud on Apple servers. This time, we discovered that yet another piece of data is stored in the cloud for no apparent reason. Using an iPhone and have an active iCloud account? Your calls will sync with iCloud whether you want it or not. In fact, most users we’ve heard from don’t want this “feature”, yet Apple has no official way to turn off this behavior other than telling people “not using the same Apple ID on different devices”. What’s up with that? Let’s try to find out.

Why It Matters

Ever since the release of iOS 8, Apple declines government requests to extract information. According to Apple, “On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.”

So far, we had no reasons to doubt this policy. However, we’ve seen Apple moving more and more data into the cloud. iCloud data (backups, call logs, contacts and so on) is very loosely protected, allowing Apple itself or any third party with access to proper credentials extracting this information. Information stored in Apple iCloud is of course available to law enforcement. (more…)

Breaking FileVault 2 Encryption Through iCloud

Monday, August 29th, 2016

FileVault 2 is a whole-disk encryption scheme used in Apple’s Mac OS X using secure XTS-AES encryption to protect the startup partition. Brute-forcing your way into a crypto container protected with a 256-bit key is a dead end.

FileVault 2 volumes can be unlocked with a password to any account with “unlock” privileges. We have tools (Elcomsoft Distributed Password Recovery) that can brute-force user passwords, which can also unlock the encrypted volume. However, this is still not easy enough and not fast enough. The result is not guaranteed either.

Today we’ll talk about decrypting FileVault 2 volumes without lengthy attacks by using FileVault 2 escrow keys extracted from the user’s iCloud account.

(more…)

iCloud Photo Library: All Your Photos Are Belong to Us

Thursday, August 25th, 2016

Releasing a major update of a complex forensic tool is always tough. New data locations and formats, new protocols and APIs require an extensive amount of research. Sometimes, we discover things that surprise us. Researching Apple’s iCloud Photo Library (to be integrated into Elcomsoft Phone Breaker 6.0) led to a particularly big surprise. We discovered that Apple keeps holding on to the photos you stored in iCloud Photo Library and then deleted, keeping “deleted” images for much longer than the advertised 30 days without telling anyone. Elcomsoft Phone Breaker 6.0 becomes the first tool on the market to gain access to deleted images going back past 30 days.

Update September 1, 2016: Apple is fixing this as we speak. Deleted photos still appear, but we see less and less of them in every session. Whatever it was, it seems like Apple is fixing the issue as quick as they can.

(more…)

Apple Two-Factor Authentication vs. Two-Step Verification

Friday, April 1st, 2016

Two-step verification and two-factor authentication both aim to help users secure their Apple ID, adding a secondary authentication factor to strengthen security. While Apple ID and password are “something you know”, two-step verification (and two-factor authentication) are both based on “something you have”.

However, Apple doesn’t make it easy. Instead of using a single two-factor authentication solution (like Google), the company went for two different processes with similar usability and slightly different names. What are the differences between the two verification processes, and how do they affect mobile forensics? Let’s try to find out.
(more…)

A New Tool for WhatsApp Acquisition

Wednesday, November 25th, 2015

We have recently released a brand new product, Elcomsoft Explorer for WhatsApp. Targeted at home users and forensic experts along, this Windows-based, iOS-centric tool offers a bunch of extraction options for WhatsApp databases. Why the new tool, and how is it different from other extraction options offered by Elsomsoft’s mobile forensic tools? Before we move on to that, let’s have a look at the current state of WhatsApp.

(more…)

Overcoming iOS 9 Security in Elcomsoft Phone Breaker 5.0

Thursday, October 29th, 2015

If you follow industry news, you already know about the release of iOS 9. You may also know that iOS 9 is the toughest one to break, with no jailbreak available now or in foreseeable future. With no jailbreak and no physical acquisition available for newer devices, what methods can you still use to obtain evidence from passcode-locked devices? Our answer to this is Elcomsoft Phone Breaker 5.0 that adds over-the-air acquisition support for iOS 9.

(more…)

BlackBerry Password Keeper Escrow Key: Have We Just Found a Hidden Backdoor?

Tuesday, August 11th, 2015

As you may already know from the official press release, we’ve recently updated Elcomsoft Phone Breaker to version 4.10. From that release, you could learn that the updated version of the tool targets passwords managers, adding the ability to instantly decrypt passwords stored in BlackBerry Password Keeper for BlackBerry 10 and attack 1Password containers.

If you read along the lines though it’s a different story.

Essentially, we’ve discovered a backdoor hidden in recent versions of BlackBerry Password Keeper allowing us to decrypt the content of that app instantly without brute-forcing the master password. For our customers, this means instant access to passwords and other sensitive information maintained by BlackBerry Password Keeper. No lengthy waits and no fruitless attacks, just pure convenience. But is this convenience intentional? Did BlackBerry leave a backdoor for government access, or is this an unintentional vulnerability left by the company renowned for its exemplary security model? Let’s try to find out.

(more…)

Acquiring and Utilizing Apple ID Passwords, Mitigating the Risks and Protecting Personal Information

Friday, March 27th, 2015

Legal Disclaimer

The information provided in this article is strictly for educational purposes. Therefore, you confirm that you are not going to use it to break into someone else’s Apple account. If you wish to apply ideas described in this article, you are taking full responsibility for your actions.

Non-Legal Disclaimer

Just relax. It’s not like we’re giving away tips on how to download celebrities’ photos or hack the prime minister’s iPhone.

(more…)