One of the roadblocks that Apple has faced in entering the enterprise market has been its perceived lack of security when compared to competitors such as RIM’s Blackberry phones. With iOS 4, Apple released hardware encryption to keep all of the data on your portable device safe and secure and even allowed third party developers to use the encryption APIs for more protection. Now, according to Geek.com, a Russian security and audit company has managed to circumvent the encryption layer leaving all of your personal data at risk.
The company’s name is ElcomSoft and although details of the attack are vague at this point, it appears that they have found a way to extract the encryption keys from the device. An attacker still needs physical possession of the phone because part of the attack relies on brute forcing the passcode, but the article states that this process takes less than an hour. Once the passcode has been compromised, the attacker can load the image into their favorite forensics tool in order to identify sensitive information such as usernames, passwords, and even deleted data from the device.
It remains to be seen whether this attack will evolve to a point where instead of requiring the physical device, a simple image of the device will be all that is needed. Although there is still a level of danger that losing your iPhone could result in compromising much of your personal information, it’s nice to know that a quick remote wipe can still protect the end user. Regardless, this could still be a big blow to Apple’s attempts to penetrate the corporate market.
Image Courtesy of Geek.com