Russians crack Apple's iOS encryption

As any security expert will tell you, all security systems can be cracked. The issue is more whether the value of the information revealed justifies the effort required to do so.

Russian security company Elcomsoft just demonstrated that it can decrypt the information stored on iOS devices, including devices using the 256-bit hardware encryption used in iOS 4′s data protection feature. That means iPhone 4, iPhone 3GS,  iPod touch (3rd generation or later) and all iPad models.

The iOS 4′s data protection feature encrypts all user data on the device including geolocation data,viewed Google maps and routes, web browsing history and call logs, pictures, email and SMS messages, etc. Nearly everything typed on an iOS device is cached.

To do the decryption, ElcomSoft’s researchers needed to get hold of various keys on the device. They developed a toolkit to extract these keys and also to guess the passcode using a brute-force method. Since passcodes are only 4 digits long, breaking them takes 20 to 40 minutes on an iPhone 4.

Elcomsoft is making the toolkit available to law enforcement, forensic and intelligence agencies and government organizations. So be careful where you leave your iPhone from now on.

Here’s how the process works:

A bit-to-bit snapshot of an iOS device’s file system is the starting point for a forensic analysis of the device. This is similar to making an image of a disk or dumping a CD or DVD into an ISO file. Elcomsoft captured this image of the device’s encrypted file system and then decrypted offline.

A unique device-specific iOS key is stored in the secure hardware. Encryption keys for individual files are derived from this unique device key. Certain files use a key derived from both the device key and the user’s passcode. This means that those files cannot be decrypted unless the device is unlocked by the user or you can get hold of the passcode.

ElcomSoft’s toolkit was used to extract various keys including the user passcode key and encryption keys from the device as well as guessing the passcode. The keys and passcode are then used to decrypt the encrypted bit-to-bit snapshot and reveal all the data on the device.

We’ll be exploring the most disruptive mobile trends at our fourth annual MobileBeat 2011 conference, on July 12-13 at the Palace Hotel in San Francisco. It will focus on the rise of 4G and how it delivers the promise of true mobile computing. We’re also accepting entries for our mobile startup competition at the show. MobileBeat is co-located with our GamesBeat 2011 conference this year. To register, click on this link. Sponsors can message us at sponsors@venturebeat.com.