Elcomsoft has unveiled Phone Breaker 9.0, the first forensic software extraction tool that can remotely access Apple Health data directly from iCloud. Previous Phone Breaker releases have demonstrated the tool’s ability to siphon off passwords, messages, photo libraries, call logs, and other data from smartphones.
Jesse Hollington elaborates on Elcomsoft’s remote healthcare data acquisition process in iLounge:
…although Phone Breaker 9.0 can now access Apple Health data, this shouldn’t be considered an iOS security issue as the tool still requires the user’s Apple ID and password to access even basic Health data, while access to more detailed health information will also require an investigator to supply the user’s lock screen password. Apple Health data is end-to-end encrypted within iCloud, preventing Apple itself from releasing most of this data when serving law enforcement or GDPR requests, however the user’s Apple ID and password along with the device passcode provides the keys necessary to decrypt the data that is stored in iCloud, in much the same way that the user’s own iPhone accesses this data.
For forensic investigators, access to Health data can provide additional useful evidence, including records of heart rate, sleeping habits, location points, workouts, steps, and walking routines. As Elcomsoft notes, the Apple HealthKit framework makes use of low-energy sensors that constantly collect information about the user’s physical activities, and can collect even more information if users have an Apple Watch or Bluetooth fitness tracker connected to Apple Health, and the user may also use the Health app to manually add information such as water, caffeine, and food intake, either directly or via other third-party apps which integrate with the HealthKit framework.
