What you need to know
- Elcomsoft says its iOS Forensic toolkit can now extract some files whilst a device is in BFU mode.
- It says it can extract select keychain records in "Before First Unlock" mode.
- The device has to be jailbroken using checkra1n.
Elcomsoft says its iOS Forensic Toolkit can now extract some files from iOS devices in BFU mode before a user has even entered their passcode for the first time.
Elcomsoft's iOS Forensic Toolkit allows users who purchase it to perform physical and logical acquisition of iPhone, iPad, and iPod touch devices. It can be used to image device file systems and extract passwords, encryption keys, and data. Elcomsoft's iOS Forensic Toolkit allows users who purchase it to perform physical and logical acquisition of iPhone, iPad, and iPod touch devices. It can be used to image device file systems and extract passwords, encryption keys, and data. According to Elcomsoft's Blog, the toolkit can now extract select keychain records whilst a device is in BFU mode. The blog states:
Elcomsoft affirms that it cannot and will not help to unlock iOS devices, but that it is often possible to extract data from devices without unlocking them. In particular, Apple devices with a bootrom vulnerability that has been exploited by the checkra1n jailbreak can have some of their system files extracted even if you don't know the passcode.
This also works if a device has been disabled after a password has been entered incorrectly 10 times, as long as Erase data isn't enabled. In terms of the data that can be extracted:
Elcomsoft says it will continue to work in chekra1n integration and checkm8 within its tool. It also says that iOS acquisition by jailbreaking is currently the only method to get data, but that it's not "forensically sound" as it alters the content of the file system. Of course, jailbreaking itself is also risky. They conclude by saying:
As 9to5Mac notes, less relevant to everyday consumers, Elcomsoft sells its tools mostly to law enforcement agencies, governments, and business as well as individuals.
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9
I’m sorry, would you please clarify?: do iOS users who are not jailbreaking their devices have anything to worry about?
They do not! You can't use this feature without the toolkit ($1500 or so) - and a jailbroken phone.
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.