Technology content trusted in North America and globally since 1999
8,397 Reviews & Articles | 64,166 News Posts

Apple's iOS 4, 256-bit hardware encryption has been cracked

Apple iOS 4 hardware encryption broken, $320 software allows full access
By Anthony Garreffa from May 25, 2011 @ 20:28 CDT

ElcomSoft, a Russian-based company is claiming they have cracked the 256-bit hardware encryption Apple use to protect the data on iOS 4 devices, but not only that, they are also offering the software that will allow anyone to do it. ElcomSoft is a well-known corporate security and IT audit company, which works with law enforcement agencies, the military and intelligence agencies to recover data and perform forensics on devices.




Their latest tech allows them to open up the data stored on any iOS 4-based device by circumventing the hardware encryption chip Apple use to protect it. ElcomSoft's software allows full access to what is stored on the iOS 4 device, such as geolocation data, browsing history, call history, text messages and emails, usernames and passwords, it even provides access to recover data that the user has deleted from the device.


ElcomSoft have effectively created a toolkit that allows for the extraction of the encryption keys from iOS 4 devices, with these keys it is possible to decrypt an image taken from an iPhone, iPad or iPod touch. Once that process is complete a forensic tool such as FTK or Guidance EnCase can be used to look at the data in great detail. Another shining star of this software is that it does not take long to access the data on the device.


ElcomSoft tools allow full advantage of hardware, such as the GPU or multiple GPUs in a system. However, you'll require access to the device in order to decrypt the data, not just an encrypted image of the device. This is because ElcomSoft brute-force the passcode which has to be done on the device, with the iPhone 4 as an example; this will take roughly 40 minutes to achieve. ElcomSoft offer this iOS 4 forensic toolkit to security and law enforcement agencies, but anyone is able to purchase the software to extract the encrypted data on a device.


The application is called ElcomSoft Phone Password Breaker and costs $320 for the Professional Edition. The Professional Edition supports up to 32 CPUs and 8GPUs.



Related Tags