ElcomSoft has managed to break the encryption used by Apple to store data on the iPhone, according to the company.
With iOS 4 Apple introduced a feature called Data Protection which implemented hardware-based encryption in all devices starting with iPhone 3GS and select subsequent models, including iPhone 4, iPhone 3GS, both models of iPad and last generations of iPod Touch. The feature effectively enabled encryption of all user data stored on the device. Using an industry-standard AES-256 protection, the content of iPhone devices was considered to have adequate protection against even the best equipped intruders, including forensic analysts and law enforcement agencies.
ElcomSoft researchers were able to develop a toolkit to not only extract all relevant encryption keys from iPhone devices running iOS 4, but to make use of those keys to decrypt iPhone file system dumps. This in turn can provide enhanced forensic access to all information stored in iPhone devices, even if the device is passcode-protected.
The company notes that decryption is not possible without having access to the actual device because they need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition.
In particular, those keys include:
● Keys computed from the unique device key (UID), which is believed to be embedded in the hardware and is not extractable (so-called keys 0×835 and 0x89B);
● User passcode key which is derived from users’ passcode using the unique device key (UID);
● Escrow key(s) which are derived from escrow pairing records using the unique device key (UID);
● Effaceable storage area which stores number of encryption keys.
This enhanced functionality offers access to much more information than is stored in iPhone backups. In fact, ElcomSoft believes that its new discovery opens access to too much information of a highly sensitive nature. Due to the nature of data being available to analysts using the new toolkit, ElcomSoft restrict the use of its software to established law enforcement, intelligence and forensic organizations as well as select government agencies.
Read More
With iOS 4 Apple introduced a feature called Data Protection which implemented hardware-based encryption in all devices starting with iPhone 3GS and select subsequent models, including iPhone 4, iPhone 3GS, both models of iPad and last generations of iPod Touch. The feature effectively enabled encryption of all user data stored on the device. Using an industry-standard AES-256 protection, the content of iPhone devices was considered to have adequate protection against even the best equipped intruders, including forensic analysts and law enforcement agencies.
ElcomSoft researchers were able to develop a toolkit to not only extract all relevant encryption keys from iPhone devices running iOS 4, but to make use of those keys to decrypt iPhone file system dumps. This in turn can provide enhanced forensic access to all information stored in iPhone devices, even if the device is passcode-protected.
The company notes that decryption is not possible without having access to the actual device because they need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition.
In particular, those keys include:
● Keys computed from the unique device key (UID), which is believed to be embedded in the hardware and is not extractable (so-called keys 0×835 and 0x89B);
● User passcode key which is derived from users’ passcode using the unique device key (UID);
● Escrow key(s) which are derived from escrow pairing records using the unique device key (UID);
● Effaceable storage area which stores number of encryption keys.
This enhanced functionality offers access to much more information than is stored in iPhone backups. In fact, ElcomSoft believes that its new discovery opens access to too much information of a highly sensitive nature. Due to the nature of data being available to analysts using the new toolkit, ElcomSoft restrict the use of its software to established law enforcement, intelligence and forensic organizations as well as select government agencies.
Read More