Slashdot Mirror
Apple's iOS 4 Hardware Encryption Cracked
adeelarshad82 writes "Russian company ElcomSoft is claiming to have cracked the 256-bit hardware encryption Apple uses to protect the data on iOS 4 devices, and is offering software that allows anyone to do it. ElcomSoft can now gain full access to what is stored on a gadget such as the iPhone 4. This includes historical information such as geolocation data, browsing history, call history, text messages and emails, usernames, and passwords."
This just lets you brute force the passkey, easy as if you're using a 4-digit numeric passkey there are only 10000 combinations.
If you're using a more complex alphanumeric key, which can be enabled with the iPhone config utility, then this probably won't work that well...
So why doesn't the fantastic mathematically complex encyption ever work? Why should I trust https? Or any other encrypted transmission?
Encryption does work: the flaw is normally in the key handling.
There's a fundamental incompatibility between security and convenience: people encrypt the data on their phone with 256-bit AES using a password of 'password' and are surprised that it can be broken. Or they rely on the phone to encrypt their data with a key that is... stored on the phone.
FYI guys, ElcomSoft is the company where Dmitry Skylarov worked -- the research guys who cracked the encryption on Adobe's PDF files.
Skylarov was arrested after flying to the U.S. to give an eBook security talk at DEF CON under the DMCA for software copyright circumvention blah blah.
http://www.object404.com
Well, the flaws are always implementation details. Implementation details are usually botched in mobile devices, for convenience of the designer and (perhaps) because of hardware limitations, and in web applications, for the sake of interoperability and usability. And stupidness. Don't forget the stupid.
But, if you use a known good implementation (as much as it can be known, but pretty good with some FOSS) yourself (not implemented by a web service, but by you on your machine), then it's much less likely to be vulnerable, because the convenient and intentional weaknesses tend to be eliminated.
It's a case of "damned if they do and damned if they don't" for Apple currently.
This is precisely what happens when you turn yourself into an "evil" company like Sony did and Apple are a long way through the process of doing - you will attract the hacker community and there will be thousands of people simultaneously trying to shame that company.
It's "infinite monkeys & infinite typewriter" syndrome - the majority of hackers will have no success with breaking into the systems or devices, but because there's *THAT MANY* doing it *ALL OF THE TIME*, eventually some will be successful.
As someone who works in security, I can tell you honestly that no company reveals successful or failed hack attempts on their systems unless they really have to - in the case of the Sony credit cards, they *HAD* to because of the potential fraud on those cards that could take place.
So you can pretty much guarantee that Sony, Apple and other "Evilcorps" are being pounded & hacked all of the time, but they hush it all up as best they can.
Gentoo Linux - another day, another USE flag.
Only relatively short and simple passwords can be recovered in a reasonable time.
http://gizmodo.com/303171/apple-says-unlocked-iphones-will-brick-after-software-update-+-what-does-it-mean
That story from 2007 is not a threat, it's a warning that users can wipe out data on their jail broken phones and possibly not get it back.
http://news.cnet.com/apple-iphone-jailbreaking-violates-our-copyright/
Apple's responding to a complaint the EFF made. There's no Apple equivalent of GeoHot.
http://tech.slashdot.org/story/05/08/01/0421248/Mac-OS-X-Intel-Kernel-Uses-DRM
You're 1 for 3. The ppl who spent mod points on this post didn't read the stories that were linked to.
Apple doesn't actively prohibit "rooting" of their devices.
http://gizmodo.com/303171/apple-says-unlocked-iphones-will-brick-after-software-update-+-what-does-it-mean
From the linked article:
"But first, the bricking. Was this done on purpose? Lam doesn't think so. Jacqui at Ars believes that the firmware was completed weeks ago, and the bricking is unintentional."
Apple doesn't pursue the iOS "hacker" community with legal threats, DMCA takedown notices, etc.
http://news.cnet.com/apple-iphone-jailbreaking-violates-our-copyright/
Partially true. Apple did say this, and a Federal Court disagreed. Apple however, didn't appeal the decision, and unlike many Android device manufacturers, has not done an end-run around that decision by putting "fuses" in their microcontrollers, signed bootloaders, etc.
So, it seems that Apple had one opinion, and the Feds had another, but in the end, Apple respected the process. It sure seems like those other manufacturers are simply taking a disingenuous advantage of the fact that the lawsuit didn't name them, specifically, and that Android users (and curiously, the EFF) seem to be disinterested in pursuing the issue. Wonder why? Could it be that the EFF has an Anti-Apple bias? Nah, couldn't be!
Apple doesn't infest its products with an OS (Windows 7) that has DRM from the driver-level up.
http://tech.slashdot.org/story/05/08/01/0421248/Mac-OS-X-Intel-Kernel-Uses-DRM
Wow! Old story much?!? How long did you have to search for that one!?!
If you look at the article, you will see that that referred to the DEVELOPER PREVIEW PLATFORMS when Apple did the Intel Switch. The TPR protection did NOT make it into the actual RELEASE CODE. Obviously, Apple had a pretty strong interest in keeping their very-restricted Beta release OS protected. Let's see what that actually ended up being in the RELEASE code. A simple deleteable file and deletable kernel extension that says "Please Don't Steal OS X". Wow. Some DRM! This article refers to TPR on OS X as "The Myth That Won't Die." And of course, the very existence of Hackintoshes kinda belies strong TPM protection, doesn't it?
As I said: DISinformative. But his post is modded +5 Informative, and mine will be punish-downmodded, of course.
Ah, undergrads. I love how smart they are. Able to master an entire domain in a single semester..
Now, if you don't mind, I have to go hook my atomic vector plotter up to my preferred source of entropy (a nice cup of hot tea substitute). I'm going on a trip..
Do daemons dream of electric sleep()?
> Apple doesn't hide rootkits in their software or media files.
Nor are they a content company like sony is.
Are you actually DEFENDING Sony's rootkits HERE, on Slashdot?!? Wow! No wonder you posted AC!!!
> Apple doesn't actively prohibit "rooting" of their devices.
Yeah, steve just loves those jailbreaks right? Its not like the appstore tries to prevent this or anything.
Huh? Citation, please!
> Apple doesn't pursue the iOS "hacker" community with legal threats, DMCA takedown notices, etc.
Apple tried very hard to prosecute people who develops and performs jailbreaks but where shot down by the courts. They also issue dmca takedown notices to any hacker community who would have the balls to inform people how to install or virtualize osx on a pc (Which is a 100% pure drm stye lockdown as a modern mac IS a high spec pc) regardless of wether they want to buy the software.
First, Apple had one opinion, the EFF had another. The Feds sided with the EFF. However, since then, Apple hasn't tried to do an end-run around that decision, like many Android Device manufacturers. No "fuses" in microcontrollers. No encrypted bootloaders. In short, no REAL effort to stop Jailbreaking. In the end, Apple respected the adversarial process. Doesn't make them evil. At all. In fact, quite the opposite.
As far as their prohibition against virtualizing OS X: As Apple has stated many, many, many times, they are a HARDWARE company. That is unabashedly they claim to make their money. Not from the sale of OS X. So, their prohibition against virtualizing OS X on non-Apple hardware is exactly in concert with their prohibition against installing it directly on non-Apple hardware. Their OS. Their rules. Doesn't make them evil, though. Just protecting their primary revenue stream, which is the sale of HARDWARE.
Besides, as pointed out in this article, it is quite possible to install OS X on, for example VMWare running under Windows 7, just like it is quite simple to install OS X on any number of hardware-compatible non-Apple computers. Apple says "Please". It does NOT run around like the Artist Now Again Known as Prince, (or the widow of Frank Zappa!), filing DMCA takedown notices of Hackintosh websites, or articles like the one above regarding installing OS X (illegally) on VMWare Server on Windows 7, let alone prosecute anyone who attempts to do so. Illegally.
> Apple doesn't embrace DRM every day, and in every way
Osx is locked using drm to prevent it running in a virtual enviroment (Which really sucks for developers),
No it isn't. See above.
and iPod is most certainly an attempt of a locked in device that uses both drm and propriatary formats to faux competitive mp3 players. Only the competition forced them to abandon this strategy.
Anyone can CLAIM anything without proof. But I DO know that NOBODY forces Steve Jobs to do ANYTHING. And least of all, write an Open Letter decrying DRM, like this.
> Apple doesn't infest its products with an OS (Windows 7) that has DRM from the driver-level up.
Ehh..What do you mean? And how does that compare to sony anyway???
> Now, let's compare the above to Sony... ....
How does it compare to Sony? Sony COULD install Linux on its machines (Apple doesn't count; because they have created their own OS). But instead, they have embraced Vista, and then Windows 7. I can't find the article now, but both have so much DRM that, even after Vista shipped (which was LONG after there was a "driver stable" version available for developers) ATi couldn't even write a damned video card driver! I guess