From time to time, the Elcomsoft Russian company that offers data extraction tools on locked devices comes with a new promise or feature for its product catalog, always challenging an Apple security barrier. Today one of those days.
The company announced that the iOS Forensic Toolkit has been updated with a new capability: capture certain types of data from keychain, how email credentials, passwords and tokens Authentication. The feature works with any model of iPhone or iPad with chips between the A7 it's the A11, running from iOS 12 to 13.3 (yes, the latest public version of the system).
More worryingly, the feature works with the smartphone in virtually any state, even in BFU mode (Before First Unlock), where the device is before it is first unlocked after a reboot is considered the safest state of an iPhone, since much of its data is still encrypted behind the login password.
Elcomsoft has a full technical explanation of how it can perform data extraction, but basically the whole thing revolves around the exploit “Checkm8”, a vulnerability present in several “A” chips. The company found that some items of the keychain Authentication credentials are available before unlocking the device so that iPhone is already running as expected when unlocked and these are exactly the items that can be extracted by the tool.
Note that for the extraction to work, the device must have the jailbreak checkra1n applied; Elcomsoft's own tool is capable of doing so, requiring only the user to put the device in DFU mode).
For those who are interested, iOS Forensic Toolkit is selling on Elcomsoft's website for the trifle of almost $ 6,000. Who is going?
via iPhone Hacks