iOS 4 Hardware Encryption Cracked By Forensics Firm - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

iOS 4 Hardware Encryption Cracked By Forensics Firm

The iPhone 4 is at risk, but the forensics tool will only be sold to law enforcement, intelligence agencies, and forensics investigators.

Slideshow: Apple iPhone 4, A True Teardown
Slideshow: Apple iPhone 4, A True Teardown
(click for larger image and for full slideshow)
Russian digital forensics toolmaker Elcomsoft said that it's the first forensics company to have successfully cracked the data security scheme of the iPhone 4. What that means is that digital forensic investigators will be able to circumvent, in many cases, the hardware-based encryption introduced by Apple with iOS 4.

Elcomsoft, however, said that its related tool for cracking iPhone 4 encryption, released Monday, will only be made available to law enforcement agencies, intelligence agencies, and professional forensic investigators.

Why the one-year lag between the first release of iOS 4, and tools able to retrieve data from such devices? According to a blog post from Elcomsoft CEO Vladimir Katalov, his company "found a way to decrypt bit-to-bit images of iOS 4 devices. Decrypted images are perfectly usable, and can be analyzed with forensic tools such as Guidance EnCase or AccessData FTK--or any other tool which supports raw drive images and HFS+ file system."

Before iOS 4, he said, it was relatively easy to recover data from Apple iPhone, iPod Touch, and iPad devices by taking a bit-level snapshot of the devices' file system--akin to making a disk image or converting a DVD into an ISO file. But with iOS 4, Apple introduced hardware-based encryption, meaning that even though the file system can still be recovered, it's useless without knowing the encryption key.

To successfully extract data off of a device, an investigator must also have physical access to it until the data is decrypted. "Decryption is not possible without having access to the actual device because we need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition," said Katalov.

The information that can be recovered from an iOS 4 device is limited, however, unless a forensic investigator (or attacker) recovers the passcode for the device. Accordingly, one of the best ways to protect an iOS 4 device is to disable its "simple password" setting and to use a long, complex password that can't be guessed via dictionary attacks, since this makes it extremely difficult or even impossible to brute-force the password.

Interestingly, Elcomsoft's announcement parallels the release of new research that details iOS 4 data security protections. Security researchers Jean-Baptiste Bedrune and Jean Sigwald, who work at IT services company Sogeti, last week presented a paper at the Hack In The Box conference in Amsterdam that details security changes to iOS 4, as well as how to crack them.

They also released free tools to create a copy of the RAM disk for forensic purposes, decrypt iTunes backups (slowly, they said), and to brute-force simple passwords that contain four digits or fewer, in 20 minutes or less.

According to the researchers' presentation overview, "using the built-in iOS functions--that use the passcode--you can actually brute-force the passcode of the phone with a small application on the phone. If you boot the phone from a RAM disk you can do this without knowing the passcode. Using the brute-forced passcode, the Keychain can be read and decrypted."

Andrey Belenko, a security researcher at Elcomsoft, said his company's research occurred separately from the Sogeti researchers' investigations. "We did our research on our own," he said in a blog post. In addition, "our set of tools uses [a] somewhat different approach, which we believe allows for greater flexibility and compatibility."

Innovative IT shops are turning the mobile device management challenge into a business opportunity--and showing that we can help people be more connected and collaborative, regardless of location. Read the new report from InformationWeek Analytics. Download it now. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll