ElcomSoft cracks iOS encryption system
Security researchers from Elcomsoft have discovered a method that allows them to copy and decrypt the memory of iPhones that have built-in hardware encryption (3GS and 4); hardware encryption is also built into the iPod Touch (3rd generation or later) and all iPad models. What makes their discovery special is that they apparently read the memory directly, which, for instance, even enabled them to restore deleted data. ElcomSoft says that this is particularly relevant for forensic investigations.
The researchers explained that a custom kernel with a special RAMDisk driver first needs to be loaded into the iPhone in DFU (Device Firmware Upgrade) mode – which works in a similar way to booting a PC from an external hard disk. Then, the Flash memory can be read without the need to access the iOS file system drivers and an exact copy can be obtained. ElcomSoft uses various keys to decrypt the image; these keys are extracted by special tools that can be run on the iPhone or calculated at run-time, .
Talking to The H's associates at heise Security, Andrey Belenko from ElcomSoft explained that the keys are not visible when running iOS applications in normal mode. The researcher said that the encryption system uses a hierarchy in which certain keys are derived from the AES key that is embedded in the hardware. Belenko didn't give any further details; however, he did add that the encryption system is very complex. If a passcode is in place, it will reportedly further encrypt some of the special protection class keys and certain files.
The researcher explained that additional measures are required to crack those, although they apparently don't present a major obstacle. When carrying out the attack, ElcomSoft had to crack the (simple, four-digit) passcode using brute force. For this purpose, an iPhone tool tried out the 10,000 possible number combinations within 40 minutes. The company didn't say anything about cracking longer passcodes that contain alphanumeric characters; however, a longer, well-chosen password should considerably hamper the attack.
If the iPhone is synchronised with a computer it is apparently possible to extract the escrow key from the PC and use it instead of the passcode key. What impact performing a remote deletion will have on key extraction also remains unclear; the remote deletion feature doesn't erase the iPhone's memory, it only erases the AES key (which can't be read via software).
ElcomSoft says that the decrypted memory images can be investigated using such forensic tools such as Guidance EnCase or AccessData FTK. However, the company said that the tools it developed for the attack will only be made available to established law enforcement, forensic and intelligence agencies as well as select government organisations.
- ElcomSoft Investigates iPhone Hardware Encryption, Provides Enhanced Forensic Access to Protected User Data, press release from ElcomSoft.
- Password breaker for iPhone backups, a report from The H.