iPhone encryption broken

[neufuse Veteran]

AN INSECURITY EXPERT has warned that the Iphone's built-in encryption software, which has helped to make the posy device so popular with businesses, is about as useful as a chocolate teapot.

"I don't think any of us have ever seen encryption implemented so poorly before," Iphone developer and data recovery expert Jonathan Zdziarski told Wired.

Zdziarski reckons the encryption feature on the Iphone 3GS is simply "broken" and makes it easier to extract personal data from an Iphone 3GS than it was to obtain from its two predecessors which had no encryption utility.

Live data can be extracted in two minutes from a 3GS, and a full disk image can be transferred to a PC within about 45 minutes by installing a custom kernel on the phone using readily downloadable tools such as Purple Ra1n or Red Sn0w.

The remote kill feature can be circumvented simply by removing the SIM card to prevent the signal from being received.

The news will probably come as a shock to the many businesses that have been seduced into buying the pretty toy thinking it was safe for corporate applications.

When Apple's upbeat results were announced last Tuesday, Apple's chief operating officer, Tim Cook, was bragging that millions of Iphones have been bought by Fortune 100 companies, US Government departments and universities.

Perhaps they would like to form an orderly queue outside One Infinite Loop to ask for their money back. ?

http://www.theinquirer.net/inquirer/news/1...cryption-broken

[+Nik Louch Subscriber²]

So...

You need physical access to the device first, before any data can be stolen from it?

[neufuse Veteran]

So...

You need physical access to the device first, before any data can be stolen from it?

This is more for business users who were told "its safe, its encrypted! and you can remote wipe it if its stolen!" by apple

[Miuku.]

You need physical access to the device first, before any data can be stolen from it?

Yup, you gotta steal it.

[Argi]

The encryption isn't "broken" per se - just it can be bypassed using the regular jailbreaking techniques to replace the kernel, then SSH'ing in to dump a copy of the phone's memory.

[+Nik Louch Subscriber²]

I wasn't trying to make a point, I meant it as a legitimate question. Sorry if it was taken the wrong way...

[neufuse Veteran]

The encryption isn't "broken" per se - just it can be bypassed using the regular jailbreaking techniques to replace the kernel, then SSH'ing in to dump a copy of the phone's memory.

if you can get someones data that was supose to be "encrypted" then it's technically broken

[craybox]

this is good news it means that apple will now tighten the security on the device.

[Social]

this is good news it means that apple will now tighten the security on the device.

I fail to see the good news in this. :no:

[Miuku.]

I fail to see the good news in this. :no:

The fact that they now have to fix the obvious flaw in the security routines of the phone is a bad thing?

I can't see how.

[Argi]

if you can get someones data that was supose to be "encrypted" then it's technically broken

Semantics. :p It's not cracked/broken, but it's not doing it's job because the device has been hacked.

[DomZ]

What exactly does the encryption on the 3GS do? Just because they can jailbreak and ssh in and copy data doesn't mean anything if the data is actually encrypted?

[TruffleMuffin]

What exactly does the encryption on the 3GS do? Just because they can jailbreak and ssh in and copy data doesn't mean anything if the data is actually encrypted?

I have to concur with this. If the data has been encrypted, I fail to see how someone will be able to access the content of the data.

I am assuming even if one knows the Encryption algorithm, accessing the Key without the Users Login details via the Kernel (or finding the Database entry) will be impossible.

If however the hacker is claiming the mechanism in which the Encryption key is stored and accessed can be circumvented to learn the key without the Login Details, or using a new Kernel (maybe the iPhone kernel does something unwise at some point storing something in clear text and a new custom kernel can read that) to get the login details without the original user present, thus eventually learning the Decryption key for the phones data. That would be something I would consider broken. However, if he/she is only getting a dump of the memory, this is less broken more obvious someone would be able to do it at one point or another. After all, it is all stored in memory, which can be read.

[bob_c_b]

So a nameless cracker from an article posted on the inquirer now gets treated as fact? LOL, if it's broken Apple will fix it, non-event.

[neufuse Veteran]

So a nameless cracker from an article posted on the inquirer now gets treated as fact? LOL, if it's broken Apple will fix it, non-event.

Um, he's not some nameless hacker / cracker... he's one of the first people to hack the iPhone and even wrote a book on how to write apps for it even before there was an SDK for it (non-web apps)

http://www.oreillynet.com/pub/au/1861

[bob_c_b]

Um, he's not some nameless hacker / cracker... he's one of the first people to hack the iPhone and even wrote a book on how to write apps for it even before there was an SDK for it (non-web apps)

http://www.oreillynet.com/pub/au/1861

Well I stand corrected, but my point stands, it's only an issue is Apple doesn't correct it.

[TC17]

Um, he's not some nameless hacker / cracker... he's one of the first people to hack the iPhone and even wrote a book on how to write apps for it even before there was an SDK for it (non-web apps)

http://www.oreillynet.com/pub/au/1861

Funny how that guy does something illegal, yet is also helping law enforcement. Kinda hypocritical of himself and law enforcement for having anything to do with him. But then again this world is full of hypocrites.

There had to have been some backdoor, bug, or something for his "hack". You don't crack encryption in 2 minutes.

[Snowl]

You can't really fix the encryption. Apple will just need to re-send out a batch, that isn't affected by 24kpwn - not good. No jailbreak that means, for a while.

(That means replace the processor and get new NOR parts that arn't affected by 24kpwn.)

[dyn]

I read the original article the Inquirer is linking to. That article says the following:

Wondering where the encryption comes into play? It doesn’t. Strangely, once one begins extracting data from an iPhone 3GS, the iPhone begins to decrypt the data on its own, he said.

Watch the first video and it is exactly what he says.

The problem is not the encryption that is being used, it's all about how it's being used. That's a software problem and can be fixed by Apple (in the video the guy calls it a operating system design flaw, which it is).

The article itself is quite lame. The mentioned security problems/risk are not something that is limited to the iPhone. Mobile devices like the iPhone or a laptop are always a security risk! If the data is sensitive you do not let people take it with them, period. That's why a lot of companies forbid the use of any mobile device like a smartphone, laptop and even the usb sticks. Also, the encryption on something like the iPhone can be useless even if it works properly. Why? Because the service itself can be hacked (like email). If you want security you need to think bigger than just the mobile device and encrypting it. That also means thinking about how not to get it stolen in the first place, as well as securing the service you use on the mobile device (like mail, im, etc.). In other words: the warning on the end of the first video doesn't count for the iPhone, it counts for every mobile device!

The other problem I have with the demonstration: the same device with the same useraccount and the same iTunes is being used. That's not a good way of showing the problem. That would mean the thief would need to steal your iPhone and the machine you sync your iPhone to and hack that machine to hack the iPhone. Yeah..that makes sense... It would have been better if he used a completely different machine because that would really proof his point: the thief steals the iPhone and uses his own machine to hack it. Now he makes it completely unlikely this is a huge security risk since you need to steal a lot more than just the iPhone.

Edited July 25, 2009 by dyn