Security News > 2011 > May > Apple iPhone encryption cracked by Russian firm

http://news.techworld.com/security/3282137/apple-iphone-encryption-cracked-by-russian-firm/ By John E. Dunn Techworld.com 25 May 11 Having cracked Apple iPhone backups last year, Russian security company ElcomSoft appears to have found a reliable way to beat the layered encryption system used to secure data held on the smartphone itself. Since the advent of iOS 4 in June 2010, Apple has been able to secure data on compatible devices using a hardware encryption system called Data Protection, which stores a user's passcode key on an internal chip using 256-bit AES. Adding to this, each file stored on an iOS device is secured with an individual key computed from the device's Unique ID (UID). Apple products containing this security design include all devices from 2009 onwards, including the iPhone 3GS (which can be upgraded to iOS 4), iPhone 4, iPad, iPad 2 and recent iPod Touch models. ElcomSoft has not explained how it hacked the hardware-stored key system in detail for commercial reasons, but the first point of attack appears to have been the user system passcode itself as all other keys are only vulnerable to attack once the device is in an unlocked state. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/

News URL

http://news.techworld.com/security/3282137/apple-iphone-encryption-cracked-by-russian-firm/