Elcomsoft Phone Breaker 10.1: bugfix and maintenance release

Elcomsoft Phone Breaker 10.1 fixes bugs and improves compatibility, adding support for macOS 12 Monterey and the ability to extract Apple Maps data from end-to-end encrypted containers.

Elcomsoft Phone Breaker 10.1 is a bugfix and maintenance release, adding compatibility with macOS 12 Monterey. In addition, the new release improves the authentication process for smoother iCloud extractions. The improved iCloud acquisition agent offers safer and smoother experience when performing trusted device extractions. The agent no longer requires the iPhone to maintain an active Internet connection during the extraction. Finally, we’ve improved support for Apple Maps data stored in end-to-end encrypted containers.

Improved iCloud extraction with trusted device

The last major release added a new iCloud authentication method. Once an expert has access to the user’s iOS device such as an iPhone or iPad that is signed in to their Apple ID at the time of extraction, they can use that device instead of the login and password to extract everything from the user’s iCloud account including end-to-end encrypted data.

EPB 10.0 required the device to remain online and connected during the entire extraction process. This is no longer the case. Elcomsoft Phone Breaker 10.1 no longer requires the trusted device go online even once; the trusted device may remain offline at all times.

End-to-end encryption of Apple Maps data

Every year, Apple tightens security by placing more types of data under the end-to-end encrypted umbrella. This time it’s about Apple Maps. Apple is moving more Apple Maps data from an ordinary container into the end-to-end encrypted one. Decrypting end-to-end encrypted data requires the user’s screen lock passcode in addition to their iCloud login and password. Elcomsoft Phone Breaker 10.1 is updated to support end-to-end encrypted Apple Maps data.

Compatible with macOS 12 Monterey

macOS 12 Monterey brings new security measures and tougher restrictions. Elcomsoft Phone Breaker 10.1 was adapted to conform to those measures, now running smoothly in macOS 12 Monterey.

The little things

Aside of the usual “bug fixes and performance improvements”, this release adds support for the keychain format used in Cellebrite UFED. Once you do the checkm8 extraction with UFED, you’ll receive a pair of files containing the file system image and the keychain. The keychain is stored as a custom .plist, which differs from the file produced by iOS Forensic Toolkit. We added support for the .plist format used in Cellebrite UFED to enable experts opening the keychain extracted with iOS Forensic Toolkit in Cellebrite UFED.

Elcomsoft Phone Breaker is the only tool on the market that can recover many end-to-end encrypted categories including the user’s passwords from iCloud Keychain, iCloud Messages, Health, Screen Time, Maps, and more.

The update is free of charge to all customers who purchased or renewed their Elcomsoft Phone Breaker or Elcomsoft Mobile Forensic Bundle license within one year. Discounted renewal is available to customers whose maintenance plan has already expired.

Elcomsoft Phone Breaker release notes:

  • Added compatibility with macOS 12 Monterey
  • Cloud acquisition agent (for trusted device) now does not require permanent Internet connection
  • Added support for synced Apple Maps data in iCloud created with iOS 15
  • Added support for Cellebrite UFED keychain format
  • Improved iCloud authentication process

Vedi anche