Apple in the past received its share of criticism over the lack of data protection prior to iOS 4. It was a big issue for businesses who couldn’t even fathom losing unprotected sensitive information from stolen devices. The iPhone 3GS introduced a chip for hardware-based encryption and iOS 4 brought out the Data Protection feature that secures your data with a 256-bit encryption.
ElcomSoft, a team of Russian forensic experts behind security software used by law enforcement and certain three-letter agencies, has managed to crack both the on-device data protection and backup file encryption. Bright side of news interviewed Elcomsoft’s Vladimir Katalov who explained how the GPU-accelerated Phone Password Breaker tool unlocks Apple and BlackBerry backups. The program might also come in handy should you ever forget your backup file password, but there are some caveats.
Breaking into the encrypted device backups created at each iTunes sync requires having access to the actual device, Katalov explained. “Decryption is not possible without having access to the actual device because we need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition,” he said.
Said keys are computed from hardware-related information such as the unique device ID (believed to be embedded in the hardware and not extractable), the user’s passcode, escrow pairing records and effaceable storage area.
Speaking in Layman’s terms, lifting someone’s device backups from their computer is just half the story – unless, of course, they put themselves at risk by not checking the “Encrypt iPhone backups” on the device Summary tab in iTunes.