Elcomsoft Phone Breaker 11 introduces a completely overhauled iCloud extraction mechanism to address Apple’s recent, sweeping changes to its authentication and encryption protocols. The new release restores the ability for law enforcement and forensic specialists to lawfully access critical cloud evidence.

This major update rebuilds our cloud extraction capabilities from the ground up after previous methods were entirely blocked by Apple's infrastructure changes. The new build restores support for downloading files stored in iCloud Drive and extracting synchronized iCloud data, with the current exception of end-to-end encrypted categories. We have also improved support for downloading iCloud backups; however, there are still unresolved technical issues that can affect backup extraction, which our development team is actively investigating to resolve in a future patch. In addition, the update brings full compatibility with macOS Tahoe.

Overhauled iCloud extraction

Apple recently introduced major changes to the iCloud infrastructure, significantly altering authentication, communication protocols, encryption, and the way devices are added to a trusted circle. The new release implements an overhauled extraction engine for accessing cloud data, restoring the ability to download files and data stored in Apple iCloud. Synchronized data may include pictures, videos, calendars, and many other critical files – apart from anything protected with end-to-end encryption such as iCloud Keychain, Health, and Messages.

Pulling backups from the cloud is often the only means of accessing critical evidence when a suspect’s device is missing or locked without the possibility of a hardware unlock. Elcomsoft Phone Breaker supports downloading these backups, with some known issues still being ironed out.

The update is free of charge to all customers who purchased or renewed their Elcomsoft Phone Breaker or Elcomsoft Mobile Forensic Bundle license within one year. Discounted renewal is available to customers whose free update period has already expired.

Elcomsoft Phone Breaker 11 Release Notes:

• iCloud: added support for updated Apple iCloud authentication and encryption
• iCloud: improved support for synchronized iCloud data (except end-to-end encrypted)
• iCloud: improved support for files on iCloud Drive
• iCloud: improved support for iCloud backups (known issues remaining)
• Platform: support for macOS Tahoe
• Platform: native support for Apple Silicon based Macs