Russian security firm cracks iOS 4's hardware encryption

Matthew DeCarlo

Posts: 5,271   +104
Staff

A Russian security firm has announced the first commercially available toolkit capable of cracking the encryption and passwords on Apple's latest mobile devices. ElcomSoft says its software can bypass the security that protects data such as SMS messages, pictures, emails, geolocation data, web browsing history on the iPhone 3GS, iPhone 4 as well as recent iPods and iPads.

Starting with iOS 4, Apple has employed a hardware encryption system called Data Protection that stores a user-defined password on an embedded chip using 256-bit AES encryption. What's more, files stored on iOS 4 are secured with a device-specific encryption key known as a unique ID or UID. Naturally, ElcomSoft's toolkit obtains these keys -- one way or another.

Although the company didn't offer any great details on how its software procures a device's UID, it noted that the default "Simple passcode" option used by Apple's device can be bruteforced with relative ease as it only requires a four-digit password. With only 10,000 possible combinations, an iPhone 4's passcode can be hacked in 20 minutes (40 minutes being the longest).

If the user's passcode can't be bruteforced outright, the firm's toolkit can obtain a device's escrow keys. "Escrow keys are created and stored by the iTunes when you first plug an iOS device to the computer. Having a set of escrow keys collected from a computer to which an iOS device was once connected gives the same powers as knowing the passcode," ElcomSoft explained.

ElcomSoft's software won't be available to everyone, considering it can unlock essentially all of the personal data someone might have on an iOS device. The company says it will only sell its tools to established law enforcement, forensic and intelligence agencies, and "select" government organizations. That said, ElcomSoft does publicly sell an iOS-compatible "password breaker."

Permalink to story.

 
The iphone is the perfect tracking device for government and citizens alike. The fact you can't remove the battery allows it to listen in any time. FBI have officially stated they have the ability to turn on your phone's microphone even when it's off since the 9-11 false flag attack.
 
Likely not the last time they crack some type of communications or technological circuit or whatever I dont know what I'm really talking about....
 
They didn't crack the hardware encryption. They figured out most people use a 4 number pass code and it brute forces the pass code. With that logic you could say all encryption has been hacked if you have the time.
 
Although the company didn't offer any great details on how its software procures a device's UID, it noted that the default "Simple passcode" option used by Apple's device can be bruteforced with relative ease as it only requires a four-digit password
@BrianUMR
It talked about one aspect the software can do, not all, in-case you missed that

FYI cryptography has gotten well pass the days of brute force being in issue
 
It seems like every website, mobile device, game, etc. can and has been penetrated/hacked at some point or another...I also feel computer and network security is a bigger issue than it really 'should' be..uh oh, I'm playing the 'should' game..

Show me a device or breakthrough in security that yields computers, devices "unhackable" (if thats even possible) and I say theres something worth writing an article about.

LOL with everybody else at iphone govt. statement. Sure they can access the data if they need to (criminal investigation), but get real with thinking that somebody is sitting in an office tracking your every move..your probably not that important.
 
They didn't break the encryption, they found ways to get around it. This isn't like someone figuring out the password to a vault, this is like someone turning intangible and walking through the door.
 
spydercanopus said:
The iphone is the perfect tracking device for government and citizens alike. The fact you can't remove the battery allows it to listen in any time. FBI have officially stated they have the ability to turn on your phone's microphone even when it's off since the 9-11 false flag attack.

yup, that about sums it up.
 
Instead of replying to spydercanopus's comment with cheeky remarks, why don't any of you provide real facts that show he is wrong?
 
Guest said:
Instead of replying to spydercanopus's comment with cheeky remarks, why don't any of you provide real facts that show he is wrong?

That isn't how an argument works. If he presents something as fact HE needs to put evidence to back it up. Evidence has already supported claims against his, we don't need to provide jack ****.
 
Back