iOS 4 Hardware Encryption Cracked By Forensics Firm - InformationWeek
01:52 PM

iOS 4 Hardware Encryption Cracked By Forensics Firm

The iPhone 4 is at risk, but the forensics tool will only be sold to law enforcement, intelligence agencies, and forensics investigators.

Slideshow: Apple iPhone 4, A True Teardown
Slideshow: Apple iPhone 4, A True Teardown
(click for larger image and for full slideshow)
Russian digital forensics toolmaker Elcomsoft said that it's the first forensics company to have successfully cracked the data security scheme of the iPhone 4. What that means is that digital forensic investigators will be able to circumvent, in many cases, the hardware-based encryption introduced by Apple with iOS 4.

Elcomsoft, however, said that its related tool for cracking iPhone 4 encryption, released Monday, will only be made available to law enforcement agencies, intelligence agencies, and professional forensic investigators.

Why the one-year lag between the first release of iOS 4, and tools able to retrieve data from such devices? According to a blog post from Elcomsoft CEO Vladimir Katalov, his company "found a way to decrypt bit-to-bit images of iOS 4 devices. Decrypted images are perfectly usable, and can be analyzed with forensic tools such as Guidance EnCase or AccessData FTK--or any other tool which supports raw drive images and HFS+ file system."

Before iOS 4, he said, it was relatively easy to recover data from Apple iPhone, iPod Touch, and iPad devices by taking a bit-level snapshot of the devices' file system--akin to making a disk image or converting a DVD into an ISO file. But with iOS 4, Apple introduced hardware-based encryption, meaning that even though the file system can still be recovered, it's useless without knowing the encryption key.

To successfully extract data off of a device, an investigator must also have physical access to it until the data is decrypted. "Decryption is not possible without having access to the actual device because we need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition," said Katalov.

The information that can be recovered from an iOS 4 device is limited, however, unless a forensic investigator (or attacker) recovers the passcode for the device. Accordingly, one of the best ways to protect an iOS 4 device is to disable its "simple password" setting and to use a long, complex password that can't be guessed via dictionary attacks, since this makes it extremely difficult or even impossible to brute-force the password.

Interestingly, Elcomsoft's announcement parallels the release of new research that details iOS 4 data security protections. Security researchers Jean-Baptiste Bedrune and Jean Sigwald, who work at IT services company Sogeti, last week presented a paper at the Hack In The Box conference in Amsterdam that details security changes to iOS 4, as well as how to crack them.

They also released free tools to create a copy of the RAM disk for forensic purposes, decrypt iTunes backups (slowly, they said), and to brute-force simple passwords that contain four digits or fewer, in 20 minutes or less.

According to the researchers' presentation overview, "using the built-in iOS functions--that use the passcode--you can actually brute-force the passcode of the phone with a small application on the phone. If you boot the phone from a RAM disk you can do this without knowing the passcode. Using the brute-forced passcode, the Keychain can be read and decrypted."

Andrey Belenko, a security researcher at Elcomsoft, said his company's research occurred separately from the Sogeti researchers' investigations. "We did our research on our own," he said in a blog post. In addition, "our set of tools uses [a] somewhat different approach, which we believe allows for greater flexibility and compatibility."

Innovative IT shops are turning the mobile device management challenge into a business opportunity--and showing that we can help people be more connected and collaborative, regardless of location. Read the new report from InformationWeek Analytics. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll