Using a tool called Elcomsoft Phone Breaker, I was able to view data stored in iCloud Keychain—data that’s not supposed to be accessible.. This data includes Apple IDs, Wi-Fi accounts, Mail accounts, browser passwords, credit cards, DSIDs & tokens, even metadata like creation date and modification date. I did this on my own iPad Air, first generation, running iOS 11 public beta 6.
The Phone Breaker
A couple of days ago, I got an email from Elcomsoft about a big update to Phone Breaker. This is a forensic tool that lets you extract data from iPhones, Blackberry phones, and Microsoft accounts. I don’t know much about these tools but the Phone Breaker seems fairly standard, and mirrors other products of its kind.
But the recent update—version 7.0—does something previously thought to be impossible, or at least extremely hard to do. It is the first, and right now only, tool that can directly access and decrypt passwords, app authentication credentials, payment information and other sensitive data stored in iCloud Keychain. According to a blog post by the company, iCloud Keychain has remained impenetrable for almost four years.
Apple’s iCloud security page gives details about iCloud Keychain. It uses 256-bit AES encryption to store and transmit passwords and credit card information. It also uses elliptic curve asymmetric cryptography and key wrapping.
- iCloud Keychain encryption keys are created on your devices, and Apple can’t access those keys. Only encrypted keychain data passes through Apple’s servers, and Apple can’t access any of the key materials that could be used to decrypt that data.
- Apple can’t see or access the contents of your iCloud Keychain.
- Only trusted devices that you approve can access your iCloud Keychain.
- Advanced settings allow you to choose an iCloud Security Code longer than four digits or have your device generate one for you.
- You can choose to disable keychain recovery, which means that iCloud Keychain is kept up to date across your approved devices, but the encrypted data is not stored with Apple and cannot be recovered if all of your devices are lost.
Next: Questions about Phone Breaker and Where Is Your Keychain