Apple has long provided its users the tools to control how apps and Web sites use their personal data. The release of iOS 14 brought a number of new privacy features, while iOS 14.3 adds an important extra. At the same time, one of the most interesting privacy features is facing tough opposition from a group of digital advertising associations, making Apple postpone its implementation.

The past two years have become a turning point in iOS acquisition. The release of a bootrom-based exploit and the corresponding jailbreak made BFU acquisition possible on multiple devices regardless of security patches. Another exploit covers the entire iOS 13 range on all devices regardless of their hardware revision. ElcomSoft developed a jailbreak-free extraction method for the entire iOS 9.0-13.7 range. Let’s see what low-level acquisition options are available today, and when to use what.

After adding jailbreak-free extraction for iOS 13.5.1 through 13.7, we now support every Apple device running any version of iOS from 9.0 through 13.7 with no gaps or exclusions. For the first time, full file system extraction and keychain decryption are possible on all devices running these iOS versions.

For almost a decade, if not longer, I have collaborated with Vladimir Katalov on various digital forensics research topics.  He has always been a great source of guidance, especially on iOS related challenges.  When he offered me a standing invitation to post on the Elcomsoft Blog, I felt very humbled and honored to be given the opportunity to post on the ElcomSoft Blog, and I would like to thank the ElcomSoft team.  This article has also been prepared together, with Vladimir Katalov.

Believe me or not, but this is exactly the 500th post in our blog! The first one was posted in March 2009 and was about Distributed Password Recovery and GPU acceleration. At that time, we even did not do mobile or cloud forensics. Today it’s not about our achievements. I want to thank you for being with us, and share a few bits and pieces about our blog that you may find handy or at least amusing.

If the iPhone is locked with a passcode, it is considered reasonably secure. The exception are some older devices, which are relatively vulnerable. But what if the passcode is known or is not set? Will it be easy to gain access to all of the data stored in the device? And why do we have the countless forensic tools –is analysis and reporting the sole reason for their existence? Not really. If you’ve been wondering what this acquisition thing is all about, this article is for you.

When investigating iOS devices, you may have seen references to the SoC generation. Security researchers and developers of various iOS jailbreaks and exploits often list a few iPhone models followed by a note that mentions “compatible iPad models”. This is especially common when discussing iOS forensics, particularly referring to the checkra1n jailbreak. What do those references mean, and how are the iPhone and iPad models related? Can we count the iPod Touch and Apple TV, too? Let’s have a look.

Everyone’s iPhones contain overwhelming amounts of highly sensitive personal information. Even if some of that data is not stored on the device, the iPhone itself or the data inside can work as a key to other many things from bank accounts to private family life. While there are many possible vectors of attack, the attacker will always try exploiting the weakest link. Learn to think like one, find the weakest link and eliminate the potential vulnerabilities before they are exploited. This guide comes from the forensic guys making tools for the law enforcement, helping the good guys break into the bad guys’ iPhones.

When connecting an iPhone to a computer for the first time, you’ll see the prompt asking you whether to trust the computer. Trusting a computer enables your phone and computer to exchange information. However, should the trusted computer fall into the wrong hands, the pairing record from that computer could be used to pull information from your iPhone. Learn about the risks associated with pairing records and how to block unwanted connections by untrusting connected computers from your iPhone.

The iOS backup system is truly unrivalled. The highly comprehensive, versatile and secure backups can be created with Apple iTunes. For the user, local backups are a convenient and easy way to transfer data to a new device or restore an existing one after a factory reset. For forensic experts, iOS backups are an equally convenient, versatile and easy way to obtain a copy of the user’s data without attempting to break into the device. In malicious hands, the backup becomes a dangerous weapon. Logins and passwords from the Keychain allow hackers accessing the user’s social accounts, messages, and financial information. A backup password can be set to protect local backups, but it can be removed just as easily shall the hacker have access to the physical iPhone and know its passcode. In this article, we’ll discuss how the Screen Time password can be used to further strengthen the protection of local backups.