I Just Got into iCloud Keychain on my iPad Air With Phone Breaker


| Deep Dive

Page 3 – Breaking My iPad, Final Thoughts on Phone Breaker, and Pricing

Breaking My iPad

The Phone Breaker has a graphical user interface that is easy to use, and doesn’t require specialized knowledge except knowing what certain things are, and pressing buttons. As long as you have the Apple ID and password in question, you can:

  • Download iCloud backups, files, photos, keychains and other synced data
  • Decrypt and browse through iTunes backups
  • Decrypt a Mac’s FileVault disk
  • Extract an authentication token from a non-live macOS system
Screenshot of main screen of the Phone Breaker with different options.

Main screen of the tool, with different options.

I started using the tool by creating an encrypted backup of my iPad Air through iTunes. Once that was done, I fired up the Phone Breaker and browsed to the backup image (it fills in the directory path to those files automatically). I entered my backup password, and within seconds I was exploring my iCloud Keychain, as you can see in the image below. It included such things as:

  • Apple IDs
  • Wi-Fi accounts
  • Mail accounts
  • Browser passwords: Including creation date, modification date, URL, and username
  • Credit cards (which I don’t store)
  • DSIDs & Tokens: Stands for Destination Signaling IDentifier [PDF], and is an unique ID assigned to the user when registering at iCloud.com.

You can even create a wordlist of the passwords that can be used in future brute-force attacks on other systems. A wordlist is basically a giant list of passwords used in a dictionary attack to crack passwords. Additionally, the Phone Breaker supports GPU accelerated password cracking, which is faster and more efficient than relying on a CPU.

Screenshot of phone breaker screen to browse iCloud Keychain data.

Exploring iCloud Keychain to view and export sensitive data.

Final Thoughts

Decrypting and extracting data from a local iTunes backup was the furthest I wanted to do. I wasn’t keen on breaking into iCloud, and I saw and read enough to come to the conclusion that this is real. For the first time, the sanctity of iCloud Keychain has been breached. I reached out to Apple’s Product Security team for a comment, but they referred me to Apple’s general public relations contact, and they didn’t respond at all.

Logo of Elcomsoft Phone Breaker tool.

Phone Break Pricing

How much is the Phone Breaker anyway? There are three editions available for Windows and macOS:

  • Home Edition: US$79
  • Professional Edition: US$199
  • Forensic Edition: US$799

Much of the functionality is only available in the Forensic Edition, such as:

  • Supporting Apple IDs with two-step verification and two-factor authentication
  • Accessing iCloud without login and password
  • Decrypting FileVault 2 hard disks
  • Downloading files from iCloud
  • Decrypting Blackberry 10 backups

Apple takes security very seriously, but we don’t know what Cupertino thinks of forensic tools such as Elcomsoft’s Phone Breaker. It’s a tool that allows law enforcement like the FBI—or anyone else—to extract more data from iPhones and iPads in their possession–if they have your login credentials. For now, Apple seems to allow it in that they haven’t done anything to stop its use…yet.

And, as Dave Hamilton of The Mac Observer pointed out, there are certain situations where having a tool access your iCloud Keychain might be okay. Maybe you forgot your login and password and need your data. I’ve also read stories in the news where a family wanted to access their loved one’s device, but couldn’t because of the device encryption.

3
Leave a Reply

Please Login to comment
3 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
jimmyjellpnielanDoug Petrosky Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
jimmyjell
Member
jimmyjell
pnielan
Member
pnielan

Andrew,

The first paragraph of your article indicates your broke into your iPad. But doesn’t say how you used the software, how long it took, how good your password was, etc. You didn’t say what you knew and what you didn’t know when you started to break in. And so on.

The whole rest of the story, the remaining 95%, looks like press release stuff for the software.

Can you provide some details about YOUR experience?

Thanks.

Doug Petrosky
Member
Doug Petrosky

Nothing has been breached any more than what the KeyChain Access app has been able to do or what Apple gave us access to on iOS devices in iOS 11 under Accounts & Passwords. They give you the ability to do what you have the ability to do if you have account ID’s Passwords and trusted devices. They just gave it a UI. If I hand you my locked iPhone, or iPad, this gives you no way to access my data. If you know my AppleID, this gives you no way to get into my iCloud account to access my… Read more »