iPhone 4 Encryption Remains Uncracked, but Password Keys Easy to Obtain

Russian company ElcomSoft hasn't cracked AES-256 encryption, but figured out a way to obtain the cryptographic keys necessary to decrypt all the data on Apple iOS devices.

Russian security firm ElcomSoft claims to have cracked the AES-256 encryption Apple used to encrypt data on user iPhones. Despite the claim of the company's CEO, that's not quite the case.

The publicly available ElcomSoft Phone Password Breaker application provides users with the ability to view encrypted data extracted from mobile devices running Apple iOS and decode encrypted data, ElcomSoft's CEO Vladimir Katalov wrote in a blog post May 23. The complete ElcomSoft toolkit with the decryption program will be marketed to law enforcement and intelligence agencies.

Apple introduced a hardware encryption chip on iOS 4 devices, which meant that anyone doing a hardware dump will get encrypted data. This includes geo-location data, browsing history, call history, test messages, emails, usernames and passwords. The files were encrypted with its own unique encryption key tied to the individual device, and some files were further protected with keys tied to both the device and the user's passcode.

ElcomSoft researchers were able to decrypt the iPhone's encrypted file system images, Katalov boasted in a blog post titled "ElcomSoft Breaks iPhone Encryption." With the file decrypted, the contents could be viewed using any number of forensic tools, Katalov said.

ElcomSoft is a well-known corporate security and IT audit company that works with law enforcement, military and intelligence agencies to recover data and perform forensics. Apple's data protection was considered "adequate against even the best equipped adversaries, including forensic analysts and law enforcement agencies," Katalov said. By "breaking" the protection, ElcomSoft made it possible to conduct "extremely comprehensive forensic analysis of affected iOS devices," he said.

Misleading blog post title aside, the fact is, ElcomSoft researchers did not crack AES-256, Luther Martin, a senior security architect at Voltage Security, wrote on the Superconductor blog on May 26. Digging deeper into Katalov's post reveals that ElcomSoft researchers didn't actually figure out a way to brute-force its way through the encryption, but circumvented the security measures altogether by obtaining the encryption keys stored on the device to unlock the data.

Simply put, ElcomSoft researchers didn't break the complicated lock on the door; they figured out how to get the key hidden under the flowerpot.

"What ElcomSoft has cracked is the iPhone's weak key management, not the encryption itself," Martin said. The Password Breaker application attacked the four-digit PIN that users assign to their phones. The passcode protects the encryption keys that were generated when encrypting the data on the device. Once the password has been broken, the person can extract the numbers used to generate encryption keys and decrypt content, according to Martin.

Cracking the "AES-256 key is still so hard that it's essentially impossible," Martin said.

"The extraction of file system encryption keys is nearly instant as opposed to lengthy dictionary or brute-force attacks which are required to obtain a password," Katalov acknowledged in his post.

The lesson learned from this particular technique is that using a four-digit code to protect a 256-bit key doesn't mean the data is being protected with "256 bits of cryptographic strength," Martin said. Anyone with access to a low-cost desktop can come up with the four-digit combination, so the passcode is not "providing a meaningful level of protection" to the encryption keys. For the iPhone 4, it takes about 40 minutes to crack the four-digit code.

Security expert Charlie Miller uncovered a similar method in February. Miller recommended that users use long complicated passwords instead of easily cracked four-digit codes.