No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

All, your, iPhones, are, belong,
How unique is your presence on the Internet?
You might think that thousands, nay millions of people will be on the Internet...
Read More

More From

Popular Threads

All of your iPhones are belong to us

David Heath
Saturday, 28 May 2011 23:46

Business IT - Security

View Comments

Despite having a dedicated hardware data encryption chip, Russian security company Elcomsoft has devised a method to bypass nearly all security and access the stored data on any iOS 4 device.

An iOS 4 device secures pretty-much all of its content using AES-256 encryption; almost certainly unbreakable.  Unfortunately, the way in which it releases the encryption key is laughably simplistic.

We all have our simple 4-digit unlock code which (Apple tells us) will cause a lock-out if entered incorrectly 10 times.  Enter it correctly and direct access to release the key is granted.  In other words, despite what the very complex AES key looks like, it is released by a 4-digit PIN.

Next Elcomsoft tells us, they found a way to bypass the 10 attempts lockout by running their brute force attack directly on the security chip, bypassing the API that counts the attempts.

So, how does the average iOS user defeat the attack?  Actually it's quite easy - don't rely on a 4-digit access code.  Using the 'complex' passcode option to create a (minimum) 8-digit code would essentially defeat the attack.  The brute-force must be performed upon the device and unlike a PC where it would happen in a few moments, an exhaustive scan of all 10,000 possible values takes around 40 minutes.  Doubling the length would take 400,000 minutes (just under 280 days).

BTW, owners of the iPhone 3GS running iOS 3 should be even more scared, all an attacked has to do is delete the 4-digit code to gain full access to the device (there is no encryption chip).

This is only a quick report of the work Elcomsoft has done; interested readers should follow the link above to learn more about the attack.

In writing about their work, Elcomsoft's Vladimir Katalov gives some context: "Let's make it very clear: no privacy purist should ever use an iPhone (or any other smartphone, probably). iPhone devices store or cache humungous amounts of information about how, when, and where the device has been used. The amount of sensitive information collected and stored in Apple smartphones is beyond what had previously been imaginable. Pictures, emails and text messages included deleted ones, calls placed and received are just a few things to mention. A comprehensive history of user's locations complete with geographic coordinates and timestamps. Google maps and routes ever accessed. Web browsing history and browser cache, screen shots of applications being used, usernames, Web site passwords and the password to iPhone backups made with iTunes software, and just about everything typed on the iPhone is being cached by the device."

Elcomsoft has packaged all this into a simple toolkit which (fortunately?) is currently available only to "select government entries such as law enforcement and forensic organizations and intelligence agencies."  One can only wonder how long until it gets into the hands of the bad guys.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases