ElcomSoft's Latest Tool Can Allegedly Access iMessages in iCloud, But Only in Extreme Circumstances

by

Russian company ElcomSoft today claimed that the latest version of its Phone Breaker software can remotely access iMessage conversation histories stored in iCloud, although there are several strings attached.

imessage logo
Namely, the person attempting to extract iMessages from an iCloud account would need the following before being able to do so:

  • Elcomsoft Phone Breaker version 8.3

  • The associated Apple ID email and password for the iCloud account

  • The passcode, if an iPhone, iPad, or iPod touch, or system password, if a Mac, of at least one device on the account enrolled in Messages in iCloud, which requires iOS 11.4 and macOS 10.13.5 or later

  • Access to a two-factor authentication method, such as a trusted secondary device, which may or may not have the same passcode or system password, or a SIM card for a phone number that has been authorized to receive one-time verification codes via SMS

It's worth noting that if the perpetrator has obtained physical access to at least one of your trusted secondary devices, and its passcode, they would be able to read at least part of your iMessage history regardless by simply opening the Messages app.

Apple obviously cares very deeply about the security of its customers, but if a bad actor has gained access to another person's Apple ID credentials, your passcode, and at least one of your Apple devices, or your SIM card, there arguably isn't really much the company can do at that point to protect you.

That's why it's so important, as Apple routinely stresses, to set a strong password for your Apple ID, not share that password with others, enable two-factor authentication, and keep careful possession of your devices. It also helps to set a strong alphanumeric passcode on an iOS device, rather than a four-digit one.

Apple says iMessages are protected with end-to-end encryption, and notes that messages can't be accessed by anyone without your device passcode. As an additional safeguard, Apple requires that users have two-factor authentication turned on for their Apple ID accounts to enable Messages in iCloud.

imessage encryption
ElcomSoft's tool seems to be taking advantage of the fact that, if iCloud Backups are turned on, a copy of the encryption key protecting iMessages is included in the backup, according to a support document on Apple's website:

If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup. This ensures you can recover your Messages if you’ve lost access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and it is not stored by Apple.

Given the extenuating circumstances required, the vast majority of users shouldn't have anything to worry about. But it's a good reminder to maintain strong security practices on all of your devices to stay safe.

Tags: ElcomSoft, iMessage, Security

Popular Stories

CarPlay Hero

Apple Releases Wireless CarPlay Fix

Wednesday April 16, 2025 11:28 am PDT by
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed. Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles." If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
Read Full Article76 comments
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Friday April 18, 2025 5:16 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article84 comments
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday April 17, 2025 4:12 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Read Full Article102 comments
Beyond iPhone 13 Better Triad

Apple's 20th Anniversary iPhone May Finally Go All Screen

Tuesday April 15, 2025 6:31 am PDT by
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself. Here's the case for Apple releasing a truly all-screen iPhone with no...
Read Full Article91 comments
maxresdefault

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Subscribe to the MacRumors YouTube channel for more videos. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and ...
Read Full Article134 comments
iOS 19 Roundup Feature

iOS 19 Will Add These New Features to Your iPhone

Tuesday April 15, 2025 7:37 am PDT by
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update. Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key...
Read Full Article35 comments
tvOS 18 Thumb 1

Apple Releases tvOS 18.4.1

Wednesday April 16, 2025 10:04 am PDT by
Apple today released tvOS 18.4.1, a minor update to the tvOS 18 operating system that came out last September. tvOS 18.4.1 comes two weeks after Apple released tvOS 18.4, and it is available for the Apple TV 4K and Apple TV HD models. tvOS 18.4.1 can be downloaded using the Settings app on the ‌Apple TV‌. Open up Settings and go to System > Software Update to get the new software....
Read Full Article13 comments
iPhone Security Feature 25

Five iPhone Security Features You Should Be Using

Wednesday April 16, 2025 4:15 pm PDT by
Apple has quite a few security features that it's added to iPhones, iPads, and Macs over the years. Now more than ever, it's important to make sure you're taking advantage of the built-in security tools that are available to keep yourself and your data safe, so we've rounded up a list of the most important options. If you don't already have these enabled, you might want to consider turning...
Read Full Article70 comments
vision air cable

Images of Apple 'Vision Air' Power Cable Emerge Online

Thursday April 17, 2025 5:55 am PDT by
More images of a redesigned power cable allegedly for a future Apple "Vision Air" headset were today shared online by the prototype collector and leaker known as "Kosutami." Yesterday, the leaker explained that the Apple "Vision Air" will feature a thinner design and switch the battery enclosure and several of its internal structures to titanium to reduce the device's overall weight. Most of ...
Read Full Article95 comments

Top Rated Comments

Chabba Avatar
Chabba
89 months ago
So they can access your data if they have access to your data...? Sounds like that to me.
Score: 46 Votes (Like | Disagree)
Christoffee Avatar
Christoffee
89 months ago
I'm not sure Elcomsoft Phone Breaker version 8.3 is required. o_O
Score: 39 Votes (Like | Disagree)
IJ Reilly Avatar
IJ Reilly
89 months ago
And our complete non-story of the day is...
Score: 26 Votes (Like | Disagree)
slimtastic Avatar
slimtastic
89 months ago
BREAKING NEWS: If someone gets your Apple ID, Password, Passcode, AND PHYSICAL ACCESS TO YOUR DEVICE, they may be able to get your info! You HAVE BEEN WARNED.

Lmao
Score: 23 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
89 months ago
HEY YOU KNOW WHAT I found a security hole in my bank's ATMs, if someone has my card and PIN they can take out my cash!!! HOLY CRAP WHAT WILL WE DO NOW!??!
Score: 21 Votes (Like | Disagree)
ViDeOmAnCiNi Avatar
ViDeOmAnCiNi
89 months ago
I've totally figured out how to access *anyone's* home! You'll need:

Their permission
Door key(s)
Alarm code(s)
Familiarity with their killer wiener dog, Bunz
Friendships with their neighbors as to not arouse suspicion

..and you are *totally* in!

Enjoy!
Score: 19 Votes (Like | Disagree)
Read All Comments