A company that develops digital forensics tools for businesses and law enforcement specialists has found a way to hack into locked Apple iPhone devices running the latest version of iOS. The method is said to work on most iPhone models, from the
iPhone 5s through the
iPhone X, and is effective on iOS 12 through
iOS 13.3.
The company is called Elcomsoft, and the newly expanded ability comes by way of an update to its iOS Forensic Toolkit. Specifically, the update allows the software to extract select keychain records in the BFU (Before First Unlock). That means it can pluck sensitive data from affected iPhone devices that have been powered off or rebooted, without having to enter in a passcode.
"In Apple’s world, the content of the iPhone remains securely encrypted until the moment the user taps in their screen lock passcode. The screen lock passcode is absolutely required to generate the encryption key, which in turn is absolutely required to decrypt the iPhone’s file system. In other words, almost everything inside the iPhone remains encrypted until the user unlocks it with their passcode after the phone starts up," Elcomsoft explains.
Source: Elcomsoft
The key word in the above statement is "almost," and that is the part Elcomsoft targeted with its latest update. Elcomsoft says it discovered certain bits and pieces are available in
iOS devices even before the first unlock, including some critical keychain items containing authentication credentials for email addresses. Same goes for a number of authentication tokens.
These semi-exposed bits are by design, according to Elcomsoft, which says they are needed to allow iPhone devices to boot up correctly. It's not clear if a firmware remedy or software update on
Apple's part could render the company's technique ineffective. That said, there's no mention of this method working on Apple's latest generation
iPhone 11 series.
In addition, Elcomsoft has made it clear it cannot and will not help unlock iOS devices. Instead, its updated toolkit can help law enforcement officials and others get at the data inside an iPhone, without having to unlock it. no jailbreaking is required, either.
This even works on disabled devices, after a user has inputted an incorrect passcode 10 times in a row. At that point, Apple prompts the user to connect the handset to iTunes in order to completely reset the device, and the data on the iPhone is lost forever.
"Unless the Erase data option is enabled, the data is still there; it’s just not available for extraction via regular means. BFU acquisition still works even in this case, and you can even extract parts of the keychain," Elcomsoft says.
Elcomsoft sells its iOS Forensic Toolkit for $1,495, and it looks like it's available to anyone (not just law enforcement). It's one of several recovery program the company offers.