Company finds way to bypass Apple's iOS encryption

One of the roadblocks that Apple has faced in entering the enterprise market has been its perceived lack of security when compared to competitors such as RIM’s Blackberry phones. With iOS 4, Apple released hardware encryption to keep all of the data on your portable device safe and secure and even allowed third party developers to use the encryption APIs for more protection. Now, according to Geek.com, a Russian security and audit company has managed to circumvent the encryption layer leaving all of your personal data at risk.

The company’s name is ElcomSoft and although details of the attack are vague at this point, it appears that they have found a way to extract the encryption keys from the device. An attacker still needs physical possession of the phone because part of the attack relies on brute forcing the passcode, but the article states that this process takes less than an hour. Once the passcode has been compromised, the attacker can load the image into their favorite forensics tool in order to identify sensitive information such as usernames, passwords, and even deleted data from the device.

It remains to be seen whether this attack will evolve to a point where instead of requiring the physical device, a simple image of the device will be all that is needed. Although there is still a level of danger that losing your iPhone could result in compromising much of your personal information, it’s nice to know that a quick remote wipe can still protect the end user. Regardless, this could still be a big blow to Apple’s attempts to penetrate the corporate market.

Image Courtesy of Geek.com

Report a problem with article
Previous Story

US PSN/Qriocity customers can now get their free ID theft protection

Next Story

Steve Ballmer needs to go, claims hedge fund manager

20 Comments

Commenting is disabled on this article.

@dangad999 the more characters used the longer it takes to crack so to make it hard use upper and lower case letters aswell as numbers and special characters like this
A@2s%9FD&#$g45h

Athlonite said,
@dangad999 the more characters used the longer it takes to crack so to make it hard use upper and lower case letters aswell as numbers and special characters like this
A@2s%9FD&#$g45h

it's talking about the 4 digit pass code lock, it's not like you can make that longer (or use anything other than 0-9).

ascendant123 said,

it's talking about the 4 digit pass code lock, it's not like you can make that longer (or use anything other than 0-9).

Settings - Disable simple passcode.

0-9, a-z, A-Z and as long as you want.

Biohead said,

Settings - Disable simple passcode.

0-9, a-z, A-Z and as long as you want.

Not having an iPhone (but thinking of getting one), it is nice to know that you can switch to a much more versatile and secure password rather than a simple 4-digit number Thanks for the heads-up.

so, if i use a strong alphanumeric passcode, that in theory should take longer to crack. or is the cracking done on a fixed length encryption key?

ElcomSoft is not some unknown security company. ElcomSoft specializes in cracking/recovering passwords from Office/zip/rar/eBooks... files, cracking Wi-Fi passwords, cracking encryption systems...

alexalex said,
ElcomSoft is not some unknown security company. ElcomSoft specializes in cracking/recovering passwords from Office/zip/rar/eBooks... files, cracking Wi-Fi passwords, cracking encryption systems...

Haha yeah I was going to say. And although their cracking programs are pretty amazing, they're very slow and bulky, pretty sure some other people could write a cracker that'd do this in 1/4 of the time.

alexalex said,
ElcomSoft is not some unknown security company. ElcomSoft specializes in cracking/recovering passwords from Office/zip/rar/eBooks... files, cracking Wi-Fi passwords, cracking encryption systems...

You got it. I've known of ElcomSoft for years and even used their software here and there when I had forgotten passwords to files. I would imagine they know what they are talking about and can document (prove) what they are claiming.

Does it work on a PIN locked device? There's already a policy option to erase after X failed PIN attempts, and this particular issue sounds like something that could at least be be fixed in the operating system by rate limiting key attempts if expanding the keyspace isn't feasible due to hardware limitations.

random_n said,
Does it work on a PIN locked device?
Yes.
random_n said,
There's already a policy option to erase after X failed PIN attempts, and this particular issue sounds like something that could at least be be fixed in the operating system by rate limiting key attempts if expanding the keyspace isn't feasible due to hardware limitations.
It sounds like deleting a file simply erases the record from the file system tree. Thus, the data is still on the internal drive that can be found. This is not really a slight toward Apple and it is pretty common for delete to behave in that manner (certainly faster). But, it is not secure.

If you read the article about this the bypass is a brute force attack on the key. By that that approach every form of encryption is busted.

evn. said,
If you read the article about this the bypass is a brute force attack on the key. By that that approach every form of encryption is busted.

If you read the article you will see that the brute force allows the bypass to be applied to the image of the phone. That reveals the information, not the brute force.

ccoltmanm said,

If you read the article you will see that the brute force allows the bypass to be applied to the image of the phone. That reveals the information, not the brute force.

You can decrypt anything if you have the key for it.

evn. said,
If you read the article about this the bypass is a brute force attack on the key. By that that approach every form of encryption is busted.

True, but it only takes an hour to brute force. That's not good.

rfirth said,

True, but it only takes an hour to brute force. That's not good.

if it's the 4-digit number passcode that they're talking about, I don't think that it would take a computer much time to break it.

einsteinbqat said,

if it's the 4-digit number passcode that they're talking about, I don't think that it would take a computer much time to break it.

10^4 = 10000 combinations for a 4 digit key.
So your right it would take like 5 minutes.

De.Bug said,

10^4 = 10000 combinations for a 4 digit key.
So your right it would take like 5 minutes.

So secondary safeguards are not present on the device. There is a reason any company serious about security has lockouts, timeouts, and a hardware security layer to prevent software from entering passwords/code (for example, a login model layer like Windows NT has used for 20 years.)

De.Bug said,

10^4 = 10000 combinations for a 4 digit key.
So your right it would take like 5 minutes.

It wouldn't take a computer that long to brute force a mere 10k combinations. That in itself is a rather lack luster security layer

thenetavenger said,

So secondary safeguards are not present on the device. There is a reason any company serious about security has lockouts, timeouts, and a hardware security layer to prevent software from entering passwords/code (for example, a login model layer like Windows NT has used for 20 years.)

That would fly in the face of Apple's "it just works" way of doing things.