iOS 4 Encryption Hacked by Russian Forensic Experts

Published May 24, 2011
By Jordan K.

Apple just finished answering to questioning from a senate committee hearing on mobile security regarding questionable practices of storing user location data, and now may have another security scandal on their hands. Russian forensic experts from security firm ElcomSoft told Bright side of news they have managed to hack the iOS 4 backup file encryption and built-in device data protection.

Apple originally introduced in-device encryption using a new chip in the iPhone 3GS for encrypting data on the device itself using 256-bit encryption. Elcomsoft have released a GPU-accelerated “Phone Password Breaker” tool capable of cracking password protected, encrypted backups for both Apple’s iOS devices and RIM’s Blackberry phones. Of course its advertised as a recovery tool and would probably come in handy as exactly that in the event you forget your backup password. Backups typically contain user data consiting of everything from SMS, call logs, and contacts, to web browser history, applications, and email & voicemail settings.

Fortunately, its not going to be as easy for hackers to access your backups as you might think, as the ElcomSoft software requires physical access to the device in order to crack the backups. ElcomSoft’s Vladimir Katalow explains:

"Decryption is not possible without having access to the actual device because we need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition. “

ElcomSoft also distributes tool sets for decrypting the iOS 4 filesystem called Enhanced Forensic Access to iPhone/iPad/iPod/ Devices Running iOS 4. This software, however, is restricted to certain government entries such as law enforcement and intelligence agencies.

There have been a plethora of privacy and security concerns raised recently regarding many aspects of how devices such as Apple’s iPhone and Google’s Android devices handle user data. Maybe Apple and their competitors should consider getting Elcomsoft and the team behind these tools to address some of the privacy concerns associated with their mobile devices.

[via 9to5mac]

[SOURCE]