I Just Got into iCloud Keychain on my iPad Air With Phone Breaker

Using a tool called Elcomsoft Phone Breaker, I was able to view data stored in iCloud Keychain—data that’s not supposed to be accessible.. This data includes Apple IDs, Wi-Fi accounts, Mail accounts, browser passwords, credit cards, DSIDs & tokens, even metadata like creation date and modification date. I did this on my own iPad Air, first generation, running iOS 11 public beta 6.

The Phone Breaker

A couple of days ago, I got an email from Elcomsoft about a big update to Phone Breaker. This is a forensic tool that lets you extract data from iPhones, Blackberry phones, and Microsoft accounts. I don’t know much about these tools but the Phone Breaker seems fairly standard, and mirrors other products of its kind.

But the recent update—version 7.0—does something previously thought to be impossible, or at least extremely hard to do. It is the first, and right now only, tool that can directly access and decrypt passwords, app authentication credentials, payment information and other sensitive data stored in iCloud Keychain. According to a blog post by the company, iCloud Keychain has remained impenetrable for almost four years.

iCloud Keychain

Apple’s iCloud security page gives details about iCloud Keychain. It uses 256-bit AES encryption to store and transmit passwords and credit card information. It also uses elliptic curve asymmetric cryptography and key wrapping.

• iCloud Keychain encryption keys are created on your devices, and Apple can’t access those keys. Only encrypted keychain data passes through Apple’s servers, and Apple can’t access any of the key materials that could be used to decrypt that data.


• Apple can’t see or access the contents of your iCloud Keychain.


• Only trusted devices that you approve can access your iCloud Keychain.


• Advanced settings allow you to choose an iCloud Security Code longer than four digits or have your device generate one for you.


• You can choose to disable keychain recovery, which means that iCloud Keychain is kept up to date across your approved devices, but the encrypted data is not stored with Apple and cannot be recovered if all of your devices are lost.

Next: Questions about Phone Breaker and Where Is Your Keychain

Page 2 – Questions about Phone Breaker and Where Is Your Keychain

Questions

First, keep in mind that this is a forensic tool that lets you extract all of the data from an iOS device in bulk. You can’t use it without knowing the Apple ID and password in advance. So you won’t be using the Phone Breaker to crack into some random person’s device. Tools like this are used by law enforcement on devices they collected from suspects.

I know what you’re thinking, because I had the same thought: “If you already have the login credentials, what’s the point of this software when you can already browse through the device?” I posed this question to Vladimir Katalov, Elcomsoft’s CEO. He responded:

Apple devices seem to sync more with the iCloud than the documentation says. That may include not just passwords but also tokens, encryption keys etc. That is even more risky than passwords, because tokens may allow [you to log in] even if two-factor authentication is enabled, no questions asked.

Keychain is a bit more than just user-password pairs. There are also [metadata] and that could be extremely important evidence. And many other records have some additional fields of interest (we have not explored all of them in detail, that requires additional work – but of course, we download everything we can).

In summary, there is important data and metadata that users can’t normally access on their devices. Phone Breaker can extract things like access tokens, encryption keys, Wi-Fi passwords, etc. Normally, forensic access to this is very limited because of several layers of encryption that Apple uses. Direct, physical access to a locally stored Keychain is usually impossible.

iPhone Unlock

Where Your Keychain Is Stored

After iOS 10.2, Apple slowed down the recovery procedure for passwords. Software can now guess about 5 passwords per minute using a CPU or 100 passwords per second using a GPU. Out of billions of possible password combinations, this can take a long time. In that case, the only way to extract the passwords is to download iCloud Keychain, which the Phone Breaker can now do (it wasn’t possible before).

It’s confusing because Apple isn’t entirely clear on whether iCloud Keychain stores passwords in the cloud, or local storage only. In an FAQ, Apple gives a question and answer:

Q: Can I set up iCloud Keychain so that my information isn’t backed up in iCloud?

A: Yes. When you set up iCloud Keychain, you can skip the step to create an iCloud Security Code. Your keychain data is then stored locally on the device, and updates across only your approved devices.

But it seems like even when this is the case, certain factors come into play when it comes to storing it in the cloud, even if you choose not to. Elcomsoft found that the ability to extract data in iCloud Keychain depends on whether it’s stored in the cloud or not. In testing, they discovered a combination of factors where the Keychain wasn’t stored in the cloud, and so couldn’t be extracted. Apple implements the Keychain in a couple of different ways.

Cloud vs. Local

Your Keychain IS NOT stored in the cloud if: 

• The user’s Apple ID account has no Two-Factor Authentication and no iCloud Security Code.

Your Keychain IS stored in the cloud if: 

• The user’s Apple ID account has no Two-Factor Authentication but has an iCloud Security Code (iCloud Security Code and one-time code that is delivered as a text message will be required)


• Two-Factor Authentication is enabled (in this case, one must enter device passcode or system password to any device already enrolled in iCloud Keychain)

If the Keychain is not stored in the cloud, that means the Phone Breaker can break into it. In this instance, if you don’t have the login credentials, the tool will create a binary authentication token by having you attempt to log in once using iCloud Control Panel.

Next: Breaking My iPad, Final Thoughts on Phone Breaker, and Pricing

Page 3 – Breaking My iPad, Final Thoughts on Phone Breaker, and Pricing

Breaking My iPad

The Phone Breaker has a graphical user interface that is easy to use, and doesn’t require specialized knowledge except knowing what certain things are, and pressing buttons. As long as you have the Apple ID and password in question, you can:

• Download iCloud backups, files, photos, keychains and other synced data


• Decrypt and browse through iTunes backups


• Decrypt a Mac’s FileVault disk


• Extract an authentication token from a non-live macOS system

Main screen of the tool, with different options.

I started using the tool by creating an encrypted backup of my iPad Air through iTunes. Once that was done, I fired up the Phone Breaker and browsed to the backup image (it fills in the directory path to those files automatically). I entered my backup password, and within seconds I was exploring my iCloud Keychain, as you can see in the image below. It included such things as:

• Apple IDs


• Wi-Fi accounts


• Mail accounts


• Browser passwords: Including creation date, modification date, URL, and username


• Credit cards (which I don’t store)


• DSIDs & Tokens: Stands for Destination Signaling IDentifier [PDF], and is an unique ID assigned to the user when registering at iCloud.com.

You can even create a wordlist of the passwords that can be used in future brute-force attacks on other systems. A wordlist is basically a giant list of passwords used in a dictionary attack to crack passwords. Additionally, the Phone Breaker supports GPU accelerated password cracking, which is faster and more efficient than relying on a CPU.

Exploring iCloud Keychain to view and export sensitive data.

Final Thoughts

Decrypting and extracting data from a local iTunes backup was the furthest I wanted to do. I wasn’t keen on breaking into iCloud, and I saw and read enough to come to the conclusion that this is real. For the first time, the sanctity of iCloud Keychain has been breached. I reached out to Apple’s Product Security team for a comment, but they referred me to Apple’s general public relations contact, and they didn’t respond at all.

Phone Break Pricing

How much is the Phone Breaker anyway? There are three editions available for Windows and macOS:

• Home Edition: US$79


• Professional Edition: US$199


• Forensic Edition: US$799

Much of the functionality is only available in the Forensic Edition, such as:

• Supporting Apple IDs with two-step verification and two-factor authentication


• Accessing iCloud without login and password


• Decrypting FileVault 2 hard disks


• Downloading files from iCloud


• Decrypting Blackberry 10 backups

Apple takes security very seriously, but we don’t know what Cupertino thinks of forensic tools such as Elcomsoft’s Phone Breaker. It’s a tool that allows law enforcement like the FBI—or anyone else—to extract more data from iPhones and iPads in their possession–if they have your login credentials. For now, Apple seems to allow it in that they haven’t done anything to stop its use…yet.

And, as Dave Hamilton of The Mac Observer pointed out, there are certain situations where having a tool access your iCloud Keychain might be okay. Maybe you forgot your login and password and need your data. I’ve also read stories in the news where a family wanted to access their loved one’s device, but couldn’t because of the device encryption.

Share this post