[ISN] Apple iPhone encryption cracked by Russian firm

From: InfoSec News <alerts_at_private>
Date: Thu, 26 May 2011 00:03:14 -0500 (CDT)

By John E. Dunn 
25 May 11

Having cracked Apple iPhone backups last year, Russian security company 
ElcomSoft appears to have found a reliable way to beat the layered 
encryption system used to secure data held on the smartphone itself.

Since the advent of iOS 4 in June 2010, Apple has been able to secure 
data on compatible devices using a hardware encryption system called 
Data Protection, which stores a user's passcode key on an internal chip 
using 256-bit AES. Adding to this, each file stored on an iOS device is 
secured with an individual key computed from the device's Unique ID 

Apple products containing this security design include all devices from 
2009 onwards, including the iPhone 3GS (which can be upgraded to iOS 4), 
iPhone 4, iPad, iPad 2 and recent iPod Touch models.

ElcomSoft has not explained how it hacked the hardware-stored key system 
in detail for commercial reasons, but the first point of attack appears 
to have been the user system passcode itself as all other keys are only 
vulnerable to attack once the device is in an unlocked state.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 25 2011 - 22:03:14 PDT

This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 22:07:04 PDT