Not only jailbreaking and cracking iCloud, the security hole in Apple’s bootrom also allows extracting data on the user’s iPhone / iPad even when locked.
Elcomsoft of Russia recently created a tool that allows police and government agencies to extract data from iPhones and iPads obtained in investigations, even when the devices are locked through processing. BFU level (Before First Unlock). These data include call history, messages, email inbox information
After updating the iOS Forensic Toolkit to 5.21, users can easily extract a portion of data from iCloud Keychain, which is used to store information about username, web password, information. Credit card for application and online services.
The list of affected devices includes iPhone 5s to iPhone X, all iPad models from iPad mini 2 to iPad 2018, iPad 10.2, first-generation iPad Pro 12.9 and iPad Pro 10.5. The tool is based on the security checkm8, which means that devices using Apple’s A7 to A11 chips are affected.
Elcomsoft said iOS Forensic Toolkit can now even extract data from an iPhone / iPad in BFU mode (Before First Unlock – before first unlocking). this is often the foremost secure state of an iOS device, because it’s just been rebooted and therefore the user has not successfully unlocked it with a password.
According to Elcomsoft, “almost all data” stored on iOS devices remains encrypted until the user unlocks the iPhone with a password after rebooting. However, they need found variety of Keychain containing credentials for email accounts, passwords which will be easily extracted even in BFU mode by using security holes in Apple’s bootrom.
In addition to exporting data when the iPhone / iPad is locked, the toolkit has many other features, providing access to all or any protected information like SMS, email, call history, contacts, history. Web browsing, voicemail, account information, location history, messages, application data and Apple ID passwords in plain text state.
Elcomsoft’s iOS Forensic Toolkit is primarily used for law enforcement agencies, although businesses and even individuals can buy it. Russian security company is selling this software for $ 1495
The appearance of tools that allow data extraction on the iPhone / iPad may affect some users, but you do not need to worry because they require direct device connection. iOS to the computer via a physical cable, not remotely.
