Forgot your password?
typodupeerror
Security Apple Your Rights Online

Apple's iOS 4 Hardware Encryption Cracked 208

Posted by samzenpus
from the what-took-so-long? dept.
adeelarshad82 writes "Russian company ElcomSoft is claiming to have cracked the 256-bit hardware encryption Apple uses to protect the data on iOS 4 devices, and is offering software that allows anyone to do it. ElcomSoft can now gain full access to what is stored on a gadget such as the iPhone 4. This includes historical information such as geolocation data, browsing history, call history, text messages and emails, usernames, and passwords."
This discussion has been archived. No new comments can be posted.

Apple's iOS 4 Hardware Encryption Cracked

Comments Filter:
  • by bbk (33798) on Wednesday May 25, 2011 @05:26PM (#36244194) Homepage

    This just lets you brute force the passkey, easy as if you're using a 4-digit numeric passkey there are only 10000 combinations.

    If you're using a more complex alphanumeric key, which can be enabled with the iPhone config utility, then this probably won't work that well...

    • Re: (Score:2, Insightful)

      by geekoid (135745)

      And there are tons of ways to make windows more secure.

      People tend to be lazy.

      • This isnt a story, because we've long known that bruteforcing 10000 combinations isnt hard. Throwing the iPhone's name out there is perhaps a way to make this sound impressive or novel, but its not.

    • by kybred (795293)

      This just lets you brute force the passkey, easy as if you're using a 4-digit numeric passkey there are only 10000 combinations.

      I wonder if it tries '1234' first?

      • Damn, better change the combination on my luggage.
      • hunter2

    • by Fjandr (66656)

      According to their stated keys/sec, it would take as much as 33,619,417.2 millenia to break my Blackberry password, since it's immune to dictionary attacks.

      • by micheas (231635)

        Dictionary attacks on passwords tend to not use traditional dictionaries. Rather they use dictionaries of passwords that have been exposed via fishing attacks and then publicized.

        All that has to happen is for someone using the same password as you to fall for a phishing attack and you will be vulnerable to dictionary attacks, even if your password looks something like: XHdHNP4S.

        If that password has been exposed and is in the attackers password dictionary, you are vulnerable.

    • > If you're using a more complex alphanumeric key, which can be enabled with the iPhone config utility,

      So it needs to be enabled? how many users know how to do this, and do it?

      This fits the Apple pattern of convincing people they have something cool and powerful, while in reality other people sit with the keys.

    • Yes! So it's a device design flaw, the encryption itself is pretty secure if used properly. I see their software also lists Blackberry. Better change my 4-digit password too! gulp.

      Here is a great analogy of how strong the encryption is, if a secure password is used:

      Imagine a computer that is the size of a grain of sand that can test keys against some encrypted data. Also imagine that it can test a key in the amount of time it takes light to cross it. Then consider a cluster of these computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.

      If you want to brute-force a key, it literally takes a planet-ful of computers. And of course, there are always 256-bit keys, if you worry about the possibility that government has a spare planet that they want to devote to key-cracking.

      from: http://www.interesting-people.org/archives/interesting-people/200607/msg00058.html [interesting-people.org]

  • What thou doest encrypt thou can decrypt. Unless the encryption keys are not also stored on the device...sigh....

  • by mark-t (151149)
    Wake me up when somebody makes a free tool that does this.
  • by geekoid (135745)

    Year of the Mac Attack.

  • by iluvcapra (782887) on Wednesday May 25, 2011 @05:40PM (#36244412)

    It seems like this would work on any phone, in principle. If you're using a 4-digit numeric password to protect your phone, any kind of phone, yeah, somebody's eventually going to crack it in a non-end-of-the-universe timeframe, if they get unattended access to it, and you don't remote-wipe it.

    Use an alphanumeric password to protect your phone. Also, it's got a ton of your stuff on it, never leave it unattended for extended periods of time, never give it to people you don't trust. A cellphone is a very personal frob and no amount of engineering is going to make it safe from hacking, modulo the sensitivity of the data contained therein -- even if you pick a 20 char, completely random password, nefarious folk can still dust the screen for fingerprints, or surreptitiously videotape you unlocking your phone...

    • by kybred (795293)

      If you're using a 4-digit numeric password to protect your phone, any kind of phone, yeah, somebody's eventually going to crack it in a non-end-of-the-universe timeframe, if they get unattended access to it, and you don't remote-wipe it.

      Unless you limit the number of failed attempts (and then brick/erase the device), or have an increasing delay after each failed attempt.

      • by iluvcapra (782887)

        If you can circumvent the crypto hardware and the tool has raw access to the storage, it can try passphrases willy-nilly and any such limits won't be applied.

    • by joh (27088)

      It seems like this would work on any phone, in principle. If you're using a 4-digit numeric password to protect your phone, any kind of phone, yeah, somebody's eventually going to crack it in a non-end-of-the-universe timeframe, if they get unattended access to it, and you don't remote-wipe it.

      Well, on most phones (like Android ones) you don't need to go that far. The password ist just for protecting you against someone using the phone, but since the file system isn't encrypted at all on most phones, you can just dump the data and be done with it.

    • > nefarious folk can still dust the screen for fingerprints,

      I think that lipid-repellent surface of those screens is going to make this impractical. One thing Apple did right (though I hear they don't last forever).

  • by jmichaelg (148257) on Wednesday May 25, 2011 @05:58PM (#36244628) Journal
    From their FAQ: [elcomsoft.com]

    Only relatively short and simple passwords can be recovered in a reasonable time.

  • The application is called the ElcomSoft Phone Password Breaker and costs around $320 for the Professional edition.

    So this is not going to be another way to get your own apps onto the iPhone without jailbreaking, but rather reducing to a $320 barrier and sufficient period of time of your not having possession of your iPhone modulo the weakness of your passcode to your plausible deniability that someone has planted something on or used your iPhone for nefarious purposes without your knowledge.

    Remember, the answer to the question "Has this item ever left your sight?" is always "Of course it has." The question is to establ

  • You can bet that US and other law enforcement have probably been given the keys already. After all, how else would those [unconstitutional] mobile phone searches of US citizens used during US border crossings be able to work so easily and efficiently?

  • From my reading of their FAQ, it seems that this tool can be used to decrypt the encrypted backup images that iTunes takes when syncing the phone, not the phones themselves.

    Am I wrong? If it's the backup images, then I see the potential attack vector as slightly less serious as an iPhone is usually a lot easier to lose / have stolen from you than the machine you sync it with.

  • by Anubis IV (1279820) on Wednesday May 25, 2011 @06:31PM (#36244982)

    ...security is already compromised. We've known this forever. This new method requires 40 minutes of physical access to the phone. Either your phone has already been stolen, in which case they have all the time in the world to try number codes until it opens up for them, or it's been taken by the police, in which case you can probably be compelled to provide the codes necessary to access the device. Either way, this doesn't change too much. And if either of those concerns you as being too risky, why were you using a mobile phone to keep sensitive information in the first place, instead of something designed specifically to hold confidential information?

  • Unless you encrypt your backups and forget your password or your backups are stolen, its pretty much pointless.

    I really don't see the point in encrypting my backups because well, if someone can get to my backups, they'd be far better off just taking the source data off my laptop.

    Seriously, by the time someone can get to your backups, they have a larger more important device at their finger tips ... you know, the device that the iPhone got the data from in the first place, just use the source.

    This is basical

    • by Eivind (15695)

      That depends on how you do backups, I guess ?

      I do off-site backups by rsyncing to a TB-disc in the basement of a co-worker. (and he does his off-site backups by rsyncing to a disc in my basement)

      This gives us both reasonable security against possibilities like flooding, fire, burglars or lightning-strikes that could all potentially destroy both my laptop, and all in-house backups at the same time.

      By using encfs for the backup, I preserve the property of only needing to sync changed files, but at the same ti

  • TFA, TFA... (Score:2, Interesting)

    by Anonymous Coward

    Looks like TFA didn't read TFA.
    Or misunderstood it big time. All of the comments are also about their OLD TOOLS which are related to brute forcing and analysing the BACKUPS and have nothing to do with this hardware encryption getting cracked.
    If you read the blog post they say there that there is some data that's not included in the backup that you can access with the hardware encryption keys.
    Also they're saying they don't want this ending up in the "wrong hands" and will only offer it to governments and suc

  • I have an iphone, and several other phones (blackberry, android etc)...
    And correct me if i'm wrong, but when i power on the devices they boot up, and then automatically start talking to the network and retrieving email etc...

    Surely then, even if the data stored on the phones built in flash is encrypted, the key to that encryption must also be on the phone somewhere in order for it to boot on its own, otherwise it would require the key be entered in order to boot at all.

    Surely then, given that the encryption

  • Apple should just offer the means to view in regular format your stuff on your iphone in order to do easy backups....drag and drop from your device into a windows folder in order to have more control over the file system. Heck, the only reason why i would consider this tool, is to make sure my backups are properly made, that itunes has to be the worst piece of crap software i have ever used.....this whole thing with trying to manage your allowed devices vs. trying to limit who will replicate the data (if at

"Go to Heaven for the climate, Hell for the company." -- Mark Twain

Working...