The second time the tech blogosphere mentioned Elcomsoft’s Phone Breaker (or the Elcomsoft Phone Password Breaker), it was when the Internet was full of Hollywood celebrity nudes as a result of an celebrity iCloud account hack (via Business Insider).
Now the Russian software maker is back in the news, and there is a good reason why: the developers managed to release a workaround for Apple’s iCloud authentication system, and with the latest update, now the Phone Breaker can even bypass the two-factor authentication.
Furthermore, with the software at hand, users have access to practically all of your data — if they have your Apple ID and password or collected a valid authentication token from a computer used to log into the cloud.
With this information in their hands, you won’t even notice that your 1Password password database, WhatsApp communication — you name it — is getting downloaded and decrypted from the cloud.
Apple currently provides cloud solutions for roughly 250 million people who use iCloud to back up their iPhones or iPads. The updated Phone Breaker will access that data without any problems, and it will do so without you noticing, as the hackers managed to bypass Apple’s two-step authentication method, including the email and security code that are sent to the given address and trusted device, respectively.
For North American customers, the Elcomsoft Phone Breaker had been available for $199, but the latest additions push the price up to $799. And let’s not forget that this forensic tool can be bought by anyone.