Thursday, May 26, 2011

The encryption method of iOS 4 is Cracked

ElcomSoft, a Russian company specializing in computer security, has released a statement saying he had broken the encryption method of iOS 4. It provides a tool to access data encrypted by the phone, like the historical system of geolocation, Google Map, Internet browser, the incoming and outgoing calls, images, emails, text messages, names of users, passwords and even deleted data.

Recognizing the significance of this discovery, ElcomSoft promises not to sell its software to certain police forces, intelligence services or government agencies. The phone stores a lot more personal information than this backup in iTunes. It is thus possible to discover the keys that the user has typed and open the cover of the phone that even includes screenshots of applications, according ElcomSoft.

Specifically, he says he has found a way to extract the key that protects the information and claims to be the first company in the world to do so. For the record, since the iPhone 3G, Apple has a chip responsible for encrypting data from the phone, its latest iPod Touch or its shelves.

iOS 4 introduced Data Protection, a technology that uses this chip to protect users' data with 256-bit AES key. In principle, the method used to decrypt the files of the iPhone should work on all products iOS 4. Previously, when the police took possession of a device IOS, they could make a bit-wise copy of the file system to analyze its contents.

With iOS 4, data is protected and therefore unusable. The files are encrypted by the chip and some require more code to unlock the user. ElcomSoft explains on his blog that he found a way to extract the keys from the phone to open the disk image file system HFS + smartphone. The system is not capable of creating a new key.

ElcomSoft has just found a flaw in the key management by IOS which allows it to extract those used by the phone. As the company explains, that means it is necessary to have physical access to the phone, which is usually the case during an investigation or search. For files that require the unlock code from the user, the fact that Apple only four digits means that there are only 10,000 possible combinations.

ElcomSoft has developed a system of brute force that will try every possible combination on the phone. This demands a maximum of 40 minutes. It is true that an option to erase the iPhone after 10 wrong guesses, but the tool makes a copy Russian bit at the phone before trying to crack the code.

It is also possible to bypass this protection by obtaining a key used in the iTunes backup. In the end, experts have access to all phone files in less than an hour. ElcomSoft has a good reputation. The company has a catalog of computer analysis tools for law enforcement, the statement said.

It is an official partner of Intel and Microsoft. It has links with many governments around the world. It is also known for his prowess computer. The firm was the first to break the iTunes backup protection of the iPhone. She was also recently distinguished crack the protection pictures Nikon and Canon used for legal purposes.

She is also a pioneer in the use of GPGPU applications for brute force attacks. In 2008, she managed to break WPA 2 with the help of NVIDIA. In our tests on a GeForce GTX 480, ElcomSoft could generate 25,000 keys per second (see "We tested Hadopi: banish WEP!). In addition to relaunch the debate on security for smartphones, the data discovered by the Russian are frightening.

It is now clear that the iPhone stores a tremendous amount of data on user privacy. It is possible to understand that some of them may be used anonymously to improve telecommunications networks, such as location data. However, why have installed a keylogger recording everything the user types and why maintaining a cache so important? Although the tool to penetrate encrypted IOS image 4 does not fall into the hands of hackers, Apple has a problem.

He will face the horde of customers infuriated by the lack of respect for their personal data. It is true that all manufacturers of smartphones keep caches more or less important. This is not new. Nevertheless, it is now Cupertino on the front of the stage. He just cracked, and if Apple is taking "very seriously" the privacy of its users, as Steve Jobs said in an interview during the conference D8: All Things Digital, the firm will explain why it stores so much information.

We contacted Apple about this and await their response.

No comments:

Post a Comment