Company finds way to bypass Apple's iOS encryption

Discussion in 'iPhone' started by TheSideshow, May 25, 2011.

  1. TheSideshow macrumors 6502

    Joined:
    Apr 21, 2011
    #1
    One of the roadblocks that Apple has faced in entering the enterprise market has been its perceived lack of security when compared to competitors such as RIM’s Blackberry phones. With iOS 4, Apple released hardware encryption to keep all of the data on your portable device safe and secure and even allowed third party developers to use the encryption APIs for more protection. Now, according to Geek.com, a Russian security and audit company has managed to circumvent the encryption layer leaving all of your personal data at risk.

    http://www.neowin.net/news/company-finds-way-to-bypass-apples-ios-encryption

    http://www.geek.com/articles/chips/apples-ios-4-hardware-encryption-has-been-cracked-20110525/

    ElcomSoft offer this iOS 4 forensic toolkit to security and law enforcement agencies, but anyone can purchase the software to extract the encrypted data on a device. The application is called the ElcomSoft Phone Password Breaker and costs around $320 for the Professional edition. The speed of decryption on a home PC depends on your setup with Password Breaker supporting up to 32 CPUs and 8 GPUs.
     
  2. scaredpoet, May 26, 2011
    Last edited: May 26, 2011

    scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #2
    From the Geek.com article (emphasis mine):

    That doesn't sound like cracking the encryption at all. It sounds more like brute-forcing the passcode to get at the contents.

    Which also begs the question: what happens if the user has the option enabled to wipe data after 10 failed passcode attempts? If ElComSoft has found a way around this, then maybe there's an actual story here.

    Otherwise, it would seem to me a true break of the encryption key would entail not having to even try brute-forcing any passcodes at all. You would just plug in and get the data, passcode or not... or, work off the encrypted image file without needing physical access tot he phone at all.

    So unless this story is written wrong, it seems like all ElComSoft has done is automate the process of guessing an iPhone user's passcode.

    Edit: The Proof is in the naming: ElComSoft calls this supposedly ingenious piece of software "iPhone Password Breaker."
     

Share This Page