Slashdot Mirror
iPhone 3Gs Encryption Cracked In Two Minutes
An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"
who would trust phones nowadays anyways?
No government will have to strong-arm Apple to give it a back door into the iPhone operating system. ;-)
I know security can be a minefield but for Apple to leave a hole this big is pretty inexcusable.
Steve Jobs cast no shadows, and his followers commit no crimes. There is nothing to worry about here.
I put privacy glass on the bottom half of the shower door so I don't have to look at the people watching me, which seems to be the same kind of privacy I can expect on my iPhone 3G.
This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.
"What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
I am confused. Does it suck, or does it blow? These are opposites, are they not?
<Complete your profile by adding a signature!>
The king is dead, all hail the king. Stevey thinks we don't know any better, but I think we've already seen the card that he keeps up his sleeve.....
Until the Fortune 500 and the military stop using Microsoft products, I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.
My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.
In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?
Ok, I just watched the linked demonstration and what I noticed was he only placed his "private data" on the phone after he removed the pincode. I'd be interested to see a demonstration of him pulling data off the phone that was present before he reset the pin, to demonstrate that resetting the pin didn't just revert it back to factory defaults and remove all previous data.
That said, I'll take his word for it now, it's quite interesting in the least. I have to wonder if this is an intentional "feature".
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
I know this seems a little conspiritorial ...I have always had the feeling all mainstream mobile platforms are intentionally insecure.
Anything having to do with voice communications is broken severly from a security perspective. Entire voice oriented protocol stacks such as SIP have piss poor security properties or get shit wrong enough that they can be easily be circumvented.
I know that trust and key management are hard problems and very difficult to get right but mainstream mobile platforms have not even so much as tried to get it right. Maybe there just isn't any market value in it?
security theatre: (1) security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security, usually resulting from political absurdity, poor engineering, the need to present an image of security more than real security, or some combination of these factors. (2) The real mission of the Transportation Security Administration.
Examples: airport screening, "No-Fly" lists, random searches on subway systems, 1950's "duck and cover" drills in U.S. public schools
Apple with poor security? No way! Oh wait, their operating system does have almost 4 times the number of critical vulnerabilities that M$ XP has, every single year since it's release. Impressive record.
Well, when one has diarrhea, one 'blows' chunks out of their ass. This 'sucks' when it happens. So I guess we can say Apple is 'shit'.
He even encrypted his last name.
Apple has never been one to sit still when the evil green spotlight of bad publicity is pointed on them. I'm sure that there are teams mobilizing even now... even if those teams are probably mostly lawyers.
It should be noted that iTunes does not encrypt backups by default, but you can enable that with a checkbox in the iPhone preferences. So the real question is - with a PIN set and encryption on, can it still be hacked?
I don't know what kind of crack I was on, but I suspect it was decaf.
The real question is whether or not you should be storing sensitive material on your iPhone in the first place?
If the answer is: What kind of idiot are you? Of course my iPhone is the center of my universe and the repository of everything that will ever matter to me right at my finger tips, then there's a huge opportunity just waiting for some programmer at the Apps Store who can code faster than I can to supply a cheap App that actually provides true security...
...provided that Apple and the government will let them.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
For a moment, I thought you were the author of the Windows File Copy Dialog...
My vacuum can suck and blow, but it doesn't have the capacity for hot air that apple does.
Anything can be found funny, from a certain point of view.
Did anybody else read the docs on this feature? It seems that encryption was only done as a means to remotely wipe the phone. Was he able to destroy the keys remotely and then have someone read the data off the phone? I don't understand.
Why bother
And UNIX as we all know is the be-all, end-all in ... ALL !!
I mean, if this FAILS, what is to keep all UNIX from FAIL ??
This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.
I Cracked my iPhone the first time I dropped it, 30 seconds flat. But if you read the fine print, it turns out Apples warranty doesn't cover the screen.
The story blurb was an interesting one aside from the gratuitous flamebait question at the end. Don't the editors do any editing at all. if not we need a new name for the slashdot editors. They seem to have the same no-added value functionality of the men's room attendants who are there to hand you a towel as thought you could not get one yourself.
Some drink at the fountain of knowledge. Others just gargle.
The best technique involves both sucking and blowing, in an alternating fashion.
Microsoft could probably patent it since they've been doing both since Windows 1986 (quite literally the worst OS of that year).
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Oh great, now all those secret emails about the money laundering are going to be found by the government because I'm the only major corporate executive who uses an iPhone to talk about all our illegal activities. I thought my data would be so safe, with no other weak links in the chain... like my email server or anything of that sort that could possibly also be hacked...
I am confused. Does it suck, or does it blow? These are opposites, are they not?
The verb that solves this logical conundrum is: fellate.
For a moment, I thought you were the author of the Windows File Copy Dialog...
I actually miss the animation from the XP file copy dialog. It rotates all the files 90 degrees, turning them imaginary.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Comment removed based on user account deletion
Because if that same hacker had a Blackberry in his possession with encryption enabled, he would not be able to get in.
RIM has taken the trouble to get FIPS certification for various parts of the Blackberry infrastructure (devices, server software, etc.):
http://na.blackberry.com/eng/ataglance/security/certifications.jsp
While it won't handle Secret (or even Confidential), it shows some initiative and effort to protect sensitive information. It should be suitable for most business data (unless government-sponsored corporate espionage is occurring).
We have a winner...
The real issue at hand is how much time nerds spend thinking of ways they are right, instead of trying to understand how they might be wrong. iPhone 3gs was never marketed as having strong encryption (http://www.apple.com/iphone/specs.html), the /. crowd simply saw "something" was implemented and decided that the intent was to hide data.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
OK, the real problem is expectation and marketing, from the story, the encryption is (egregiously) useless.
... ) misrepresents that.
If the device is in your hands, you can physically remove the memory, and then examine it breaking the weak encryption on the fly.
The marketing (surprise
The trick, instead, is concentrating and protecting important information
That's great, but... if only someone could crack the ipod classic hard drive secrets as easily. rockbox needs your help.
For this:
They used the password "GOD".
I'd like to add that anyone that thinks a 4 digit pin was ever going to provide any sort of strong protection, particularly for "sensitive data", is an idiot.
At the worst it'd take less than an hour to brute force it manually.
Four digits means 10,000 possible combinations. Blackberrys (also four digit PINs) can be configured to wipe themselves after the tenth incorrect PIN entry. So you therefore have a 1 / 1000 of guessing and getting in (assuming the PIN is somewhat random, and not the year of birth of a loved one).
Did you ask yourself that? If that Blackberry is just sitting there, even asking for a passcode, is it still receiving and storing data? It is, it can receive SMSes for example. It knows how to decrypt everything on itself with the information it has. The only difference between it and an iPhone in this case is the hacker doesn't know how to get the data off, not that it is impossible to do so.
Maybe a Blackberry has a hardened mode, where it goes inert when you lock it, where it won't receive data because it has forgotten the key to its own storage.
Either way, if you only have to enter a 4-digit number to get in, then even if the device slows down accepting PINs after a while, if you could pry it open and get the data off, all you need to do is try 10,000 combinations and you'll find one that decrypts the internal key needed to view the data on it.
http://lkml.org/lkml/2005/8/20/95
Only in Apple land, this is +5 informative.
For fuck sake, the whole point of encrypting your goddamn fucking jesus phone is that if it gets stolen, your data is still not available to anybody else.
Apple fucking whoring mods, at least don't make your mods too blatant that people stop reading any and every apple story out there.
Fucking apple whores.
This is a pisspoor attempt at trying to discredit Apple for a CONSUMER product. Spore was hacked two weeks before the game was released. The Sony PSP has been hacked since the beginning of it's formation. The X-Box was not only hacked to put in bigger drives, but also was hacked to put Linux on it (which took a little longer but still) Windows XP is easily hacked by booting up in Safe Mode, you have immediate free admin access to add users and change passwords. Windows Vista/2000(2003) Server are all hackable with a quick linux boot CD, takes about three minutes (I've done this multiple times on many machines). You can either change the password, or just load all the persons files onto an external drive (I usually do this for when someone windows dies but you could easily take all their information unencrypted right off). Every consumer device and software product is usually hacked before it's even released, if not shortly after it's released. The fact that this article was just barely posted actually makes me wonder how stupid they are for failing this long at trying to break a consumer product. I've never seen a single ad for the iPhone, PSP, or X-Box advertising their "security". They generally intentionally have loopholes because they realize that users (like the person who wrote this article) are freaking idiots and are going to lock themselves out. The biggest loophole is having an admin user (:O) reset their password. And getting that password from them is as simple as starting their pubes on fire if not using the previously mentioned boot disk to simply wipe the password and log in. This isn't any sort of fail on Apple's part. They can't handle everything in the universe on their phone. Nor was it PSP's fail when it got hacked. Or windows when it gets hacked. There's BLATANT fails that generally get fixed, but not really any here. Sorry folks, move along.
...unless you've got it set to delete all data on your phone after 10 incorrect attempts.
That would make sabotaging someone's phone pretty easy. Just pick it up, make ten wild ass guesses at a PIN, and rest assured their precious data is now gone.
Your e-mail is on the server, your contacts are sync'd with Outlook / Address Book / whatever regularly, your photos are in Picassa / iPhoto, your music is in iTunes / whatever.
What's the big deal? Restore from backups.
It's a temporary DoS until the owner can resync. Inconvenient and annoying yes? Sure, but hardly devastating.
I keep telling people that Apple is just a closet socialism tool. Nobody believes me. Big brother Steve Jobs makes things for Bigger Brother Obama.
.. a thousand apple fanboi's cried out and then were suddenly silent....
If you mod me down, I will become more powerful than you can imagine....
It is not just the security issues i guess ...
I am an Iphone 3G user here in Singapore and the Iphone has failed on me 5 times since i first bought it.
2 x battery issue
1 x unable to power on
1 x unable to get on 3G network on provider Sim card but other works
1 x unable to charge (the port failed)
Each of those time, the telcom which i bought the phone from (Singapore Telecom) replace with an unit and i wonder it is refurbished unit ... or there is some serious QC issue ...
After 5th time, the telcom still wants to replace the same 3G model to me ... i am totally lost confidence ... Sigh i have paid so much to buy it and this is the painful experience since my journey with Iphone ...
for Apple to release a patch to . . . re-re-secure devices from Palm?
With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?
Well, as someone who isn't part of any Fortune-100 corporation or military force, I guess my response would be "Not at all."
It's generally understood and widely acknowledged that the secrecy in such organizations functions primarily to keep their inner workings private from their own populations, i.e., us "little people" who pay to keep them running but aren't allowed to look into their inner workings. If they are riddled with holes in their communications because they're using iPhones or MS Windows or whatever, that means that there's a good chance that investigators can find out what they're up to and inform the rest of us.
Consider the last few years of disasters in the American financial industry. It's pretty clear now that the perpetrators knew quite well what they were doing, and were profiting quite well from it all. It's the "little people" who are paying for the collapse, while the officers of the corporations are still taking home huge paychecks and bonuses. The reason it went on for so long was that the companies involved were able to keep their shady dealings secret from the great majority of their investors. If we'd had better security holes to see inside them, maybe some of the disaster could have been avoided.
It's hardly a secret that military security primarily functions to hide their internal corruption (and bungling) from their own citizenry. Making their internal communications available to the citizenry via poor comms security seems like a win for the country as a whole.
(Yeah; I know; "Such a dreamer." ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
All he did was disable a four-digit passcode lock. Let's see him install an enterprise configuration with full security settings and then bypass that. First, the standard consumer device does not have all the features enabled out of the box; you have to turn them on (see the documents here). Obviously a four-digit passcode can be cracked in at most 10,000 tries (that is, his software could have connected to the device, read the encrypted data, and tested decryption with all 10,000 possible keys); you need to configure the device to use a longer passcode for enterprise security.
This thread is fellatious.
Isn't that also known as breathing?
I wasn't even aware of this feature until I started reading echo-chamber blog articles about how weak the encryption was. This doesn't make the issue any more or less legitimate but it sure does make the post seem a little fantastic.
I am confused. Does it suck, or does it blow? These are opposites, are they not?
first it sucks, then it blows.
--
DK
She's gone from suck to blow!
To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
Thank you Apple for protecting me from myself yet again. I certainly wouldn't want to hide anything from the government! I LOVE the way that Apple "just takes care of me!" It's the best thing I've ever had!
No, it's a jet engine. It sucks and blows at the same time.
regardless of who manufactures it, I have access to the data. If I have access to the physical machine I have access to the data. If you are carrying sensitive information and the only thing blocking my access is a four digit code then you are an IDIOT regardless of what OS you are using.
Common people where is the news here? You actually think a Blackberry, Nokia or any other phone on the market today has any kind of encryption that can't be broken into with a bit of research.
DRM? No thanks, I'll just get it somewhere else...
That would make sabotaging someone's phone pretty easy. Just pick it up, make ten wild ass guesses at a PIN, and rest assured their precious data is now gone.
Nope, it's on the computer they sync with.
All you managed to do is prove you are an asshole, not actually destroy anything (except perhaps something they did that day).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
That's what she said!
Upward mobility is a slippery slope - the higher you climb the more you show your ass.
I'll probably get moderated troll for that but it's pretty obvious to me:
Put your data into a (trusted) cloud and not onto the phone itself, use encryption on the way and you are as safe as you can get. The phone is only useful when connected anyway, so why should I have to carry the data on the phone?
On other smart phone platforms, if your data is really precious and if you need more than average security, you install security solutions.
As my data is not that precious, I have just trialed commercial, easy to install security solutions like Kaspersky Mobile, F-Secure. Both has firewalls on socket and application level, heuristics, anti spam, remote locking and in Kaspersky'es case, even a "white hat rootkit" to track your phone after it has been stolen. I can easily say that they will be never possible on iPhone since Apple won't allow anything running in such deep level 24/7 and commercial security companies won't tell people how to crack their device to install or put any work in such EULA breaking application.
There are far more basic but real solutions like an application turning off Bluetooth after certain amount of time, tens of password vaults which all uses different systems (so hard to target) and especially J2ME apps which enjoys sandbox provided by Java naturally. They aren't possible too.
On the other hand, the solution making sense is also impossible with current policies. I mean "iPhone enterprise edition" which would allow such solutions from trusted Apple partners. If you have single more model of iPhone doing better things, entire iphone scheme is broken.
Good nice to see that freakin Apple are in the shit again all i can say is keep it up find more holes in those pox infested iPhone things
in fact in Apple in general
when the devices are not to blame at all? It's the users who are the weak link, since they are not actively and proactively educated to protect themselves.
This security theater has been staged centuries ago. I believe that all devices are expressly designed to be crackable or with backdoors for various reasons. True security is worth true money (think of banks) and true privacy is reserved for government use.
If our society (and governments) were really interested in protecting our privacy and our assets, there would exist several laws enforcing manufacturers to state explicitly in their products' User Manuals, and using big bold letters, disclaimers like this:
"WARNING! This device does NOT provide security in case it comes to the wrong hands. Therefore, do NOT use it for storing passwords, bank account details or any sensitive information. Our Company cannot be and will not be held liable for the loss of your Identity, Material or Intellectual Property or for other damages etc etc"...
I don't care whether the Device Under Test does not claim to offer any security in its specifications. What I'm raged about is that it does not state explicitly, in a language comprehensible even by a child, that "the device does NOT offer security, don't use it as a safe, don't trust it, period".
In this sense (unless such a disclaimer actually exists in the iPhone's user manual), I accuse Apple (and any portable device manufacturer at that) of actively and purposefully misguiding customers into a sense of false security hidden behind the bling (damn, it costs $650, has all these PINs and passwords and fingerprint/face recognition, it must be totally secure!).
I realize the submitter might not know the meaning of the word, but the editor could have at least glanced at the article and realized there's no cracking involved.
I know, "welcome to Slashdot."
it's 'like putting privacy glass on half your shower door.'
So, he's saying that the encryption is perfectly adequate for male users, whereas female users are less well protected, but at least it stops people seeing the really good bits?
The article clearly says that this requires a jailbroken iPhone...which requires restoring the phone anyway, therefore erasing everything in the process. It's worse than useless and just a bunch of FUD.
Actually, "sucking" is a misnomer. Vacuums do not suck, technically they push (matter is "pushed" into the vacuum). :)
Interesting how your argument is that Apple considers the iPhone a CONSUMER device, but markets it, also, as a BUSINESS/ENTERPRISE device.
http://www.apple.com/iphone/business/
It's odd that Apple would get a pass on not properly securing their CONSUMER phone that is also marketed as "the best phone for business."
iPhone 3GS offers highly secure hardware encryption that enables instantaneous remote wipe.
In the words of Bart Simpson, "I didn't think it was physically possible, but this both sucks and blows."
On a side note, I'm surprised no one made this Simpsons comment yet.
"I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-