Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone 3Gs Encryption Cracked In Two Minutes

Posted by Soulskill on from the see-it-really-is-fast dept.

An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"

27 of 179 comments (clear)

  1. On The Bright Side... by NeverVotedBush · · Score: 3, Funny

    No government will have to strong-arm Apple to give it a back door into the iPhone operating system. ;-)

    I know security can be a minefield but for Apple to leave a hole this big is pretty inexcusable.

    1. Re:On The Bright Side... by wealthychef · · Score: 4, Informative

      Laugh, but this actually is the new feature as designed. This encryption was added to make it possible to remotely wipe an iPhone in seconds. (Delete the encryption key that is on the phone, no more reading the data off of it.) Apparently the intent was not to protect the data on the phone from a real attacker, I don't think anyone at Apple that worked on this would expect that to be the case with the encryption key on the device. (stolen from an AC because it's interesting)

      --
      Currently hooked on AMP
  2. But... by thePsychologist · · Score: 5, Funny

    This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.

    --
    "What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
    1. Re:But... by mdwh2 · · Score: 4, Funny

      Indeed, it doesn't matter that other phones have been cracked - Apple were the first ones to make it work Out Of The Box.

      It's all about the implementation. With the iPhone 3gS, your credit card details are integrated perfectly with crackers, thieves, and Steve Jobs.

  3. Re:Apple blows. by SomeJoel · · Score: 4, Insightful

    I am confused. Does it suck, or does it blow? These are opposites, are they not?

    --
    <Complete your profile by adding a signature!>
  4. Re:I put privacy glass . . . by frosty_tsm · · Score: 5, Funny

    I put privacy glass on the top half of the shower door so I don't have to look at the people watching me, which seems to be the same kind of privacy I can expect on my iPhone 3G.

    Fixed it for you.

  5. The same F500 and military that use Windows? by gig · · Score: 5, Informative

    Until the Fortune 500 and the military stop using Microsoft products, I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.

    My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.

    In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?

    1. Re:The same F500 and military that use Windows? by nxtw · · Score: 5, Insightful

      In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?

      Because if that same hacker had a Blackberry in his possession with encryption enabled, he would not be able to get in.

    2. Re:The same F500 and military that use Windows? by Anonymous Coward · · Score: 5, Insightful

      My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.

      Isn't the point of remote wipe to prevent unauthorized access to the data on the physical device? So, it doesn't matter how long it takes to do the remote wipe if the keys can be broken in 2 minutes since that leaves only a small window of time to do the wipe. Especially if the attacker can copy the entire contents of the iPhone to a remote storage device and do it offline.

      Disk encryption, especially mobile and laptop, should be designed specifically to prevent data retrieval when physical possession is obtained by an attacker.

    3. Re:The same F500 and military that use Windows? by thedak · · Score: 3, Insightful

      .. I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.

      That is because they are completely different cases with completely different mechanisms to prevent them. You're talking about the ability to load a spambot or something on a mobile device. The encryption is there to ensure your address book is safe, your calendar is safe, any photos and other data are safe. Not to ensure the device does not run arbitrary code. The problem with the data encryption being crackable within an arbitrary length of time is a large issue, as it is meant to be protection regardless of where the device lies, in hands or not.

      My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data

      That is exactly the purpose of encryption.

      enÂcrypt (Än-krÄpt) tr.v. enÂcryptÂed, enÂcryptÂing, enÂcrypts

      1. To put into code or cipher.
      2. Computer Science To alter (a file, for example) using a secret code so as to be unintelligible to unauthorized parties.
      http://dictionary.reference.com/browse/encryption

      So yes, it is a major issue, as it circumvents what the encryption is meant to accomplish.

    4. Re:The same F500 and military that use Windows? by Sir_Lewk · · Score: 4, Interesting

      My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant

      Perhaps I'm missing something here, but what's the point of doing a remote wipe of your iphone, if not to prevent someone that has physical access from accessing your data?

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  6. interesting by Sir_Lewk · · Score: 4, Interesting

    Ok, I just watched the linked demonstration and what I noticed was he only placed his "private data" on the phone after he removed the pincode. I'd be interested to see a demonstration of him pulling data off the phone that was present before he reset the pin, to demonstrate that resetting the pin didn't just revert it back to factory defaults and remove all previous data.

    That said, I'll take his word for it now, it's quite interesting in the least. I have to wonder if this is an intentional "feature".

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    1. Re:interesting by Sir_Lewk · · Score: 3, Interesting

      I'd like to add that anyone that thinks a 4 digit pin was ever going to provide any sort of strong protection, particularly for "sensitive data", is an idiot.

      At the worst it'd take less than an hour to brute force it manually.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    2. Re:interesting by PnjDbq · · Score: 5, Informative

      The iPhone starts injecting time delays into the login/wipe process, I believe after the first 5 incorrect attempts. First one minute, then 5 minutes, and I have never had the patience to watch much beyond that. You can still sabotage the phone, but it's not fast.

  7. security theatre by drDugan · · Score: 4, Insightful

    security theatre: (1) security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security, usually resulting from political absurdity, poor engineering, the need to present an image of security more than real security, or some combination of these factors. (2) The real mission of the Transportation Security Administration.

    Examples: airport screening, "No-Fly" lists, random searches on subway systems, 1950's "duck and cover" drills in U.S. public schools

  8. Re:Apple blows. by Anonymous Coward · · Score: 3, Funny

    Well, when one has diarrhea, one 'blows' chunks out of their ass. This 'sucks' when it happens. So I guess we can say Apple is 'shit'.

  9. Wow, this guy is hard core... by risk+one · · Score: 5, Funny

    He even encrypted his last name.

  10. Were the backups encrypted? by diamondsw · · Score: 4, Interesting

    It should be noted that iTunes does not encrypt backups by default, but you can enable that with a checkbox in the iPhone preferences. So the real question is - with a PIN set and encryption on, can it still be hacked?

    --
    I don't know what kind of crack I was on, but I suspect it was decaf.
  11. I cracked my iPhone way faster... by tbischel · · Score: 3, Funny

    This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.

    I Cracked my iPhone the first time I dropped it, 30 seconds flat. But if you read the fine print, it turns out Apples warranty doesn't cover the screen.

  12. Oh Great by maiotaku · · Score: 3, Funny

    Oh great, now all those secret emails about the money laundering are going to be found by the government because I'm the only major corporate executive who uses an iPhone to talk about all our illegal activities. I thought my data would be so safe, with no other weak links in the chain... like my email server or anything of that sort that could possibly also be hacked...

  13. Ding ding ding by earnest+murderer · · Score: 4, Insightful

    We have a winner...

    The real issue at hand is how much time nerds spend thinking of ways they are right, instead of trying to understand how they might be wrong. iPhone 3gs was never marketed as having strong encryption (http://www.apple.com/iphone/specs.html), the /. crowd simply saw "something" was implemented and decided that the intent was to hide data.

    --
    Platform advocacy is like choosing a favorite severely developmentally disabled child.
    1. Re:Ding ding ding by Alrescha · · Score: 4, Interesting

      "Sounds to me like they are implying your data is secure until you have a chance to wipe it remotely. Maybe that was the "something" the "/. crowd" saw and jumped to the wild conclusion that their data was actually protected???"

      You know, I read the paragraph you quoted and even after repeated readings never came to the conclusion that you did. In other words, nowhere does it say your data is protected by encryption. The feature it is touting is 'Remote Wipe' and that feature happens to use some encryption to do its business.

      A.

      --
      ...bringing you cynical quips since 1998
  14. Re:On the editor side by Architect_sasyr · · Score: 4, Funny

    They seem to have the same no-added value functionality of the men's room attendants who are there to hand you a towel as thought you could not get one yourself.

    I disagree - the mens room attendant acts like moderators around here do, they keep people from pissing all over the walls.

    The editors, on the other hand, seem to encourage that sort of behaviour!

    --
    Me failed English...
    FreeBSD over Linux. If my comments seem odd, this may explain...
  15. Reader Fail by marshzd · · Score: 3, Informative

    This is a pisspoor attempt at trying to discredit Apple for a CONSUMER product. Spore was hacked two weeks before the game was released. The Sony PSP has been hacked since the beginning of it's formation. The X-Box was not only hacked to put in bigger drives, but also was hacked to put Linux on it (which took a little longer but still) Windows XP is easily hacked by booting up in Safe Mode, you have immediate free admin access to add users and change passwords. Windows Vista/2000(2003) Server are all hackable with a quick linux boot CD, takes about three minutes (I've done this multiple times on many machines). You can either change the password, or just load all the persons files onto an external drive (I usually do this for when someone windows dies but you could easily take all their information unencrypted right off). Every consumer device and software product is usually hacked before it's even released, if not shortly after it's released. The fact that this article was just barely posted actually makes me wonder how stupid they are for failing this long at trying to break a consumer product. I've never seen a single ad for the iPhone, PSP, or X-Box advertising their "security". They generally intentionally have loopholes because they realize that users (like the person who wrote this article) are freaking idiots and are going to lock themselves out. The biggest loophole is having an admin user (:O) reset their password. And getting that password from them is as simple as starting their pubes on fire if not using the previously mentioned boot disk to simply wipe the password and log in. This isn't any sort of fail on Apple's part. They can't handle everything in the universe on their phone. Nor was it PSP's fail when it got hacked. Or windows when it gets hacked. There's BLATANT fails that generally get fixed, but not really any here. Sorry folks, move along.

  16. Re:Why can't the hacker get in? by nxtw · · Score: 4, Informative

    If that Blackberry is just sitting there, even asking for a passcode, is it still receiving and storing data?

    Yes. But the BlackBerry doesn't store the encryption key in-the-clear like the iPhone 3G S does, and you can't run arbitrary code on a BlackBerry just by plugging it in to a PC.

    Maybe a Blackberry has a hardened mode, where it goes inert when you lock it, where it won't receive data because it has forgotten the key to its own storage.

    In fact, it does. BlackBerries even have an option to not encrypt the address book so you can have names appear on caller ID while the device is locked.

    Either way, if you only have to enter a 4-digit number to get in, then even if the device slows down accepting PINs after a while

    No; the BlackBerry (or even the iPhone!) would be configured to wipe the device after a few invalid password attempts. My (corporate managed) BlackBerry wipes the device after 10 invalid password attempts, and my password is longer than 4 characters (and includes non-digits.)

  17. What, me worry? by jc42 · · Score: 4, Insightful

    With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?

    Well, as someone who isn't part of any Fortune-100 corporation or military force, I guess my response would be "Not at all."

    It's generally understood and widely acknowledged that the secrecy in such organizations functions primarily to keep their inner workings private from their own populations, i.e., us "little people" who pay to keep them running but aren't allowed to look into their inner workings. If they are riddled with holes in their communications because they're using iPhones or MS Windows or whatever, that means that there's a good chance that investigators can find out what they're up to and inform the rest of us.

    Consider the last few years of disasters in the American financial industry. It's pretty clear now that the perpetrators knew quite well what they were doing, and were profiting quite well from it all. It's the "little people" who are paying for the collapse, while the officers of the corporations are still taking home huge paychecks and bonuses. The reason it went on for so long was that the companies involved were able to keep their shady dealings secret from the great majority of their investors. If we'd had better security holes to see inside them, maybe some of the disaster could have been avoided.

    It's hardly a secret that military security primarily functions to hide their internal corruption (and bungling) from their own citizenry. Making their internal communications available to the citizenry via poor comms security seems like a win for the country as a whole.

    (Yeah; I know; "Such a dreamer." ;-)

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  18. Re:Apple blows. by NightRain · · Score: 4, Funny

    The best technique involves both sucking and blowing, in an alternating fashion.

    Isn't that also known as breathing?