iOS4 Cracked, Russian ElcomSoft Breaks the Backup Encryption
No more secrets. If you wan’t something to be completely secure, don’t have it on a smartphone, computer, USB flash drive or any network for that matter. Just store it in your brain, it should be safe for now. Apple is known for tight security, their Mac OSX OS is based on one of the most secure variants Unix-based operating systems. The iPhone OS is just as tight, however, Russian security firm ElcomSoft have managed to circumvent both the hardware data protection and the 256-bit backup file encryption of Apple’s iOS.
“Decryption is not possible without having access to the actual device because we need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition.”
Those backups you create everytime you “sync” your iOS device, those are the ones that can be cracked, but crackers will also need the physical iPhone or iPad itself to obtain any relevant data. Sure, it sounds like a long shot, first your desktop is stolen, then your iPhone too, basically with that much of your digital assets missing its no surprise you’re data isn’t going to be safe. Apple was smart by not storing the encryption keys from the device on the backup location, this makes it much more difficult and why the hardware is also needed; assuming you have access to the computing power necessary to crack the 256-bit AES. The only real threat we see, if you can even call it a threat, is the authorities. They’re the ones running AMD’s STREAM or nVidia CUDA to get at you and seize your hardware and software simultaneously.