A Russian-based cybersecurity company said it has found a new way into locked iPhone. Elcomsoft, which creates digital forensics software for governments and law enforcement agencies, said Friday that its iOS Forensic Toolkit can now extract some data from iPhone and iPad when locked in BFU mode.
Not on all iPhones, developers say they can even attack security on iOS 13.3.
Some iPhones, iPads are vulnerable to Checkm8 exploit
As it turned out , this company has a tool that takes advantage of a vulnerability. Known as the Checkm8 exploit (which allowed Checkra1n jailbreak), this “port” enables certain iPhone and iPad models to overcome the most complex security barrier. In addition to the existence of this method, Elcomsoft iOS Forensic Toolkit sells for $1.495.
The detail of BFU mode is important to refer to. BFU or Before First Unlock is the state an iPhone is in before a user first unlocks the device after the phone is started / restarted. It is the safest state of the device.
As an example, when you restart your iPhone and before unlocking it, you receive a call from your mother, her name will not appear, just the number. At that time, the phone is still in BFU mode.
As Elcomsoft says:
In Apple’s world, iPhone content remains safely encrypted until the user enters his screen unlock code. This code is absolutely necessary to generate the encryption key, which in turn is absolutely necessary to decrypt the iPhone file system. In other words, almost everything inside the iPhone remains encrypted until you unlock it with your code after the phone starts.
It is the “almost” part of the “everything” that we aim for in this update.
Where is the “hole” in Apple’s security system?
As noted, they have found that some data in the keychain, which is where Apple stores user passwords and other protected information, is actually accessible before a user unlocks the phone.
According to the company, this data includes email usernames and passwords.
Although the forensic tool works on iPhones and iPads running up to the latest versions of operating systems such as iOS 13.3, it does not work on all device models . Thus, the iPhone and iPad with the A12 chip, such as the iPhone XR, or the new U1 chip, such as the iPhone 11, are immune to the vulnerability. Vulnerable phones are those with previous A-series chips – from iPhone 5S to iPhone X.
iPhone: Nothing done without jailbreak
Because the forensic tool uses the Checkm8 exploit, it requires a jailbreak installation, known as Checkra1n , on BFU mode devices. However, this operation can be done while the iOS device is locked.
This news comes just over a week after Apple’s iOS device encryption came under fire during a Congressional hearing. The Cupertino giant has been a strong supporter of security protocols that make it almost impossible to remove private data from the locked iPhone.
Apple claims that even it cannot have access to locked devices. However, some law enforcement officials, such as Manhattan prosecutor Cyrus Vance, criticize Apple for these practices. These critics would now like Congress to step in and force companies like Apple to open the system to law enforcement officials.
The truth is that while it’s not easy, there are some security companies that have been able to bypass Apple encryption and crack cracked iOS devices. For example, Israel-based Cellebrite sells a $6,000 device that was used by law enforcement to break into locked smartphones.
US-based Grayshift signed an agreement with Immigration and Customs Enforcement earlier this year to use the company’s GrayKey iPhone hacking tool.
Elcomsoft’s latest tool shows again that even with Apple’s encryption, not all iPhone is as secure as you think. However, the latest ones seem to be a tough nut to crack (until you see it)!