Apple’s iOS 4 hardware encryption has been cracked
ElcomSoft is well-known as a corporate security and IT audit company, working with law enforcement agencies, the military, and intelligence agencies to recover data and perform forensics on devices. Its latest work has managed to open up the data stored on any device running iOS 4 by circumventing the hardware encryption chip Apple uses.
Rather than relying on a hardware dump from such a device, which will be encrypted amd may be missing some of the important data a forensic investigation needs, ElcomSoft can now gain full access to what is stored on a gadget such as the iPhone 4. This includes historical information such as geolocation data, browsing history, call history, text messages and emails, usernames, and passwords. They can even recover data deleted by the user from the device.
Until now, anyone running an iOS 4 device has been safe in the knowledge their data was protected and the encryption too strong to be cracked in any usable timeframe. What ElcomSoft did was to create a toolkit that allows for the extraction of the encryption keys from such a device. With those keys it’s possible to decrypt an image taken from an iPhone, iPad, or iPod touch. Once that is done a forensic tool such as FTK or Guidance EnCase can be used to look at the data in great detail.
Gaining access to the stored data on the device does not take long due to the ElcomSoft tools taking full advantage of the GPU or multiple GPUs in a system. However, you need access to the device in order to decrypt the data, not just an encrypted image from a device. This is because ElcomSoft brute-force the passcode which has to be done on the device, and with something like an iPhone 4 that takes around 40 minutes to achieve.
ElcomSoft offer this iOS 4 forensic toolkit to security and law enforcement agencies, but anyone can purchase the software to extract the encrypted data on a device. The application is called the ElcomSoft Phone Password Breaker and costs around $320 for the Professional edition. The speed of decryption on a home PC depends on your setup with Password Breaker supporting up to 32 CPUs and 8 GPUs.