Mining iPhones and iCloud For Data With Forensic Tools

SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target's iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone's security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone's data, or access to a computer that simply has stored credentials.

The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target's phone. The author concludes, "Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device."

Re:No no no...

[93+Escort+Wagon]

Given the exploit requires the installation of a jailbreak, it's not actually going to work unless you already have the user's security code - the device needs to be unlocked in order to install the jailbreak.

I do think Apple was a bit disingenuous regarding the "bad passwords" used by celebrities, given the iBrute tool apparently was able to keep trying different passwords against Find My iPhone without any sort of delay - a shortcoming Apple apparently fixed a few days back.