In association with heise online

The iPhone vault

Under iOS, applications don't store important data such as passwords in configuration files, they store them in the keychain instead. The keychain is essentially a specially protected database with restricted access rights. In slightly simplified terms, every application is only allowed to read its own data; therefore, the Facebook app won't be able to access the VPN password. To achieve this, "entitlements" must be digitally signed by Apple before the system will accept them.

The keychain is an SQLite database and is stored as a file in /var/Keychains/keychain-2.db. In this database, the data to be protected is encoded via a device-specific key that can't be extracted from the device. The data is, therefore, only accessible on the iPhone itself – where the operating system regulates database access in such a way that only apps which have the correct "entitlements" can read the data.

Break me

Despite all these security measures, claims that anyone with physical access to an iPhone can gain access to all its data, even if the passcode lock is enabled and the passcode is unknown, have been making the rounds on the internet for some time. Access is apparently not even limited to the information that is openly accessible via the user interface, it also applies to anything that is stored in a file somewhere on the phone. Even the keychain can be read. Therefore, not even the information that has been specially passcode protected appears to be safe from prying eyes. In short: Anyone who gains physical access to an iPhone can ultimately access all the data that is stored on it.

Zoom Part of Elcomsoft's iPhone toolkit
Of course, the data can't simply be accessed in passing, but the phone's security mechanisms won't hold up when probed with the right tools. Vendor Elcomsoft sells a forensic toolkit that reportedly allows all the data to be extracted, though the company only supplies the toolkit to government investigators or their contractors. However, security researchers Jean-Baptiste Bédrune and Jean Sigwald at Sogeti subjected the iPhone's protective mechanisms to a detailed analysis and presented their findings at the "Hack In The Box" conference. The researchers foundPDF that it is indeed possible to bypass the measures without major effort. They have underpinned their conclusions with a comprehensive tool collection whose source code is freely available.

Ultimately, such attacks always follow the same principle. They exploit the iPhone's maintenance mode, specifically the option for the Device Firmware Upgrade (DFU) which is also used by iTunes. It can be activated manually by pressing the power and home buttons in the right combination. Once enabled, the mode allows a program to send a firmware image via the USB port, and the device will unpack and boot the image.

Firmware files must generally be digitally signed by Apple if the system is to accept them, but the jailbreaking community overcame this hurdle a long time ago. For instance, hacker George Hotz discovered a programming flaw in the iPhone's boot ROM that can be exploited to inject and execute arbitrary code when sending data via USB. Incidentally, this is the very same "geohot" Sony recently took to court over his PS3 hacks.

As the flaw occurs very early on in the communication, the injected code can patch the system in such a way that digital signature checks will always produce successful results. In the same way, jailbreaks open iPhones for apps that haven't been sanctified with a digital signature, and acceptance to the app store, by Apple. All current jailbreaks such as the P0wnage tool or Redsn0w exploit the boot ROM hole.

As the flawed code is part of the permanently installed boot ROM, Apple can't fix it with a software upgrade. Apart from the iPad 2, all devices are vulnerable irrespective of the iOS version that is installed on them; the hole can even be exploited in preview versions of iOS 5.

Zoom Tethered and opened up image - DFU mode exploited
In practice, the whole thing goes like this: a specially crafted firmware image is prepared by modifying the updates released by Apple. Ultimately, the ipsw files Apple provides are simple zip archives. The firmware update is injected into the iPhone in DFU mode via a "tethered boot". Incidentally, "tethered" in this context means assisted booting; it has nothing in to do with "tethering", where the iPhone makes its mobile internet connection available to such devices as a notebook.

This is a one-off boot process intervention; the regular system start remains unchanged. All additional files are only stored in a ramdisk and won't be copied to the permanent flash memory. After a reset, the original system is started again; consequently, users have no way of noticing the intrusion.

The specially crafted image installs components such as an SSH server and tools for exploring the system internally. Using the USB multiplex daemon (usbmuxd) and a small TCP forwarder written in Python, it is then possible to access the SSH server from a PC/Mac via

# ssh -p 2222 root@localhost

and create a shell connection on the iPhone. The root account password is factory set to "alpine" on all iOS devices.

iPhone under SSH control
Zoom iPhone under SSH control
The useful thing here is that the system continues to have access to the embedded AES keys and will, therefore, continue to transparently decode the encrypted file system. As a consequence, a data thief can simply log into the iPhone via SSH and then copy all the files to a PC in plain text.

Next: Cracking the chains

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit