Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:22 PM
Dark Reading
Dark Reading
Products and Releases

ElcomSoft Speeds Up Phone Password Breaker, Enables Real-Time iCloud Recovery

Forensic tool enables access to user data stored in Apple and BlackBerry mobile devices

MOSCOW, August 22, 2013 /PRNewswire/ --

ElcomSoft Co. Ltd. [http://www.elcomsoft.com ] announces the update to Elcomsoft Phone Password Breaker [http://www.elcomsoft.com/eppb.html ], a forensic tool that enables access to user data stored in Apple and BlackBerry mobile devices.

The new release enables selective recovery of certain types of data stored in Apple iCloud, enabling true real-time access to forensically significant information. By enabling real-time access to information stored in iCloud, ElcomSoft provides law enforcement organizations with live access to users'

online backups, eliminating the need to wait while the full backup with irrelevant information gets downloaded. At this time, Elcomsoft Phone Password Breaker remains the only tool on the market that can download iCloud backups to a PC. Apple does not support direct data downloads, only allowing to restore iCloud backups onto a freshly initialized iOS device.

In addition, the newest release of Phone Password Breaker now offers robust support for large data sets stored in the cloud, resolving the issue of authentication token expiring mid-session.

Selective Access to Apple iCloud

A major improvement available in the new release of Elcomsoft Phone Password Breaker [http://www.elcomsoft.com/eppb.html ] enables investigators to choose what types of data should be downloaded - instead of waiting hours while the complete data set is retrieved. While the complete data set can be retrieved as well, initial download may take several hours because of the bandwidth limitations of Apple's iCloud service. Opting for immediate access to only those types of data that are essential for an investigation allows significantly faster initial access to highly sensitive information.

In this release, investigators can selectively access the following types of


- General device information including UDID, serial number, model name, IMEI, iOS version and more

- Camera roll (photos and videos)

- Messages (SMS and iMessage)

- Message attachments (can be retrieved even if the conversation was deleted)

- Phone settings

- Call log

- Address book

- Notes

- Calendar

The program also extracts other important information that could be used as evidence, such as Wi-Fi connections (including access point settings, last connection time and amount of data transmitted), Bluetooth pairings, last viewed latitude and longitude on the map, email account settings (except passwords), and more.

These data sources are relatively compact, which allows Phone Password Breaker to retrieve them in minutes instead of hours. Future releases of Elcomsoft Phone Password Breaker will add the ability to selectively download geo location or other types of essential information.

About iCloud Recovery

Apple iCloud is a popular service providing Apple users with storage space to back up the content of their devices. According to Apple, some 250 million customers are using this online backup service.

Elcomsoft Phone Password Breaker [http://www.elcomsoft.com/eppb.html ] was the first and remains the only third-party forensic tool that can retrieve and decrypt backups stored in iCloud. The ability to access backups without having access to the physical device is a valuable feature among the company's forensic, law enforcement and intelligence customers. Notably, Apple does not provide means for downloading iCloud information to a PC, so Elcomsoft Phone Password Breaker remains the only tool available for that purpose.

No lengthy attacks and no physical access to an iPhone device are required: the data is downloaded directly onto investigators' computers from Apple remote storage facilities in plain, unencrypted form. Investigators need to know user's original Apple ID and password in order to gain access to online backups.

If a user owns more than one device, and those devices are registered with the same Apple ID, their online backups can be seamlessly recovered from iCloud with no extra effort.

About Elcomsoft Phone Password Breaker

Elcomsoft Phone Password Breaker provides forensic access to encrypted information stored in popular Apple and BlackBerry devices. By recovering the original password protecting offline backups produced with compatible devices, the tool offers forensic specialists access to SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings stored in those backup files. The new iteration of the product can also retrieve information from online backups stored in Apple iCloud providing that the original Apple ID and password are known.

Pricing and Availability

Elcomsoft Phone Password Breaker [http://www.elcomsoft.com/eppb.html ] is available immediately. Home and Professional editions are available; iCloud recovery is only available in the Professional edition. Elcomsoft Phone Password Breaker Pro is available to North American customers for $199. The Home edition is available for $79. Local pricing may vary.

Elcomsoft Phone Password Breaker supports Windows XP, Vista, Windows 7 and 8, as well as Windows 2003, 2008 and 2012 Server. Elcomsoft Phone Password Breaker operates without Apple iTunes or BlackBerry Desktop Software being installed.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. [http://www.elcomsoft.com ] is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry's performance records. ElcomSoft is Microsoft Gold Independent Software Vendor, Intel Software Premier Elite Partner, member of Russian Cryptology Association (RCA) and Computer Security Institute.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.