Russian company ElcomSoft hasn't cracked AES-256 encryption, but figured out a way to obtain the cryptographic keys necessary to decrypt all the data on Apple iOS devices.
Russian security firm ElcomSoft claims to have cracked the
AES-256 encryption Apple used to encrypt data on user iPhones. Despite the claim of the company's CEO, that's not quite the case.
The publicly available ElcomSoft Phone Password Breaker
application provides users with the ability to view encrypted data extracted
from mobile devices running Apple iOS and decode encrypted data, ElcomSoft's
CEO Vladimir Katalov wrote in a blog post May 23. The complete ElcomSoft
toolkit with the decryption program will be marketed to law enforcement and
Apple introduced a hardware encryption chip on iOS 4
devices, which meant that anyone doing a hardware dump will get encrypted data.
This includes geo-location data, browsing history, call history, test messages,
emails, usernames and passwords. The files were encrypted with its own unique
encryption key tied to the individual device, and some files were further
protected with keys tied to both the device and the user's passcode.
ElcomSoft researchers were able to decrypt the iPhone's
encrypted file system images, Katalov boasted in a blog post titled "ElcomSoft
Breaks iPhone Encryption." With the file decrypted, the contents could be
viewed using any number of forensic tools, Katalov said.
ElcomSoft is a well-known corporate security and IT audit
company that works with law enforcement, military and intelligence agencies to
recover data and perform forensics. Apple's data protection was considered
"adequate against even the best equipped adversaries, including forensic
analysts and law enforcement agencies," Katalov said. By "breaking" the
protection, ElcomSoft made it possible to conduct "extremely comprehensive
forensic analysis of affected iOS devices," he said.
Misleading blog post title aside, the fact is, ElcomSoft
researchers did not crack AES-256, Luther Martin, a senior security architect
at Voltage Security, wrote on the Superconductor
blog on May 26. Digging deeper into Katalov's post reveals that ElcomSoft
researchers didn't actually figure out a way to brute-force its way through the
encryption, but circumvented the security measures altogether by obtaining the
encryption keys stored on the device to unlock the data.
Simply put, ElcomSoft researchers didn't break the
complicated lock on the door; they figured out how to get the key hidden under
"What ElcomSoft has cracked is the iPhone's weak key management,
not the encryption itself," Martin said. The Password Breaker application
attacked the four-digit PIN that users assign to their phones. The passcode
protects the encryption keys that were generated when encrypting the data on
the device. Once the password has been broken, the person can extract the
numbers used to generate encryption keys and decrypt content, according to
Cracking the "AES-256 key is still so hard that it's
essentially impossible," Martin said.
"The extraction of file system encryption keys is nearly
instant as opposed to lengthy dictionary or brute-force attacks which are
required to obtain a password," Katalov acknowledged in his post.
The lesson learned from this particular technique is that using
a four-digit code to protect a 256-bit key doesn't mean the data is being
protected with "256 bits of cryptographic strength," Martin said. Anyone with
access to a low-cost desktop can come up with the four-digit combination, so the
passcode is not "providing a meaningful level of protection" to the encryption
keys. For the iPhone 4, it takes about 40 minutes to crack the four-digit code.
Security expert Charlie
Miller uncovered a similar method in February. Miller recommended that
users use long complicated passwords instead of easily cracked four-digit codes.