Forgot your password?
typodupeerror
Security Businesses Cellphones Encryption Apple

iPhone 3Gs Encryption Cracked In Two Minutes 179

Posted by Soulskill
from the see-it-really-is-fast dept.
An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"
This discussion has been archived. No new comments can be posted.

iPhone 3Gs Encryption Cracked In Two Minutes

Comments Filter:
  • figures... (Score:2, Insightful)

    by omegakidd (592638)
    who would trust phones nowadays anyways?
  • by NeverVotedBush (1041088) on Friday July 24, 2009 @07:13PM (#28814325)
    No government will have to strong-arm Apple to give it a back door into the iPhone operating system. ;-)

    I know security can be a minefield but for Apple to leave a hole this big is pretty inexcusable.
    • Re: (Score:2, Insightful)

      by MooseMuffin (799896)

      Lets not leave out the crappy job that the military and these enterprises did with their security audits.

      • by wealthychef (584778) on Friday July 24, 2009 @08:33PM (#28814963)
        Laugh, but this actually is the new feature as designed. This encryption was added to make it possible to remotely wipe an iPhone in seconds. (Delete the encryption key that is on the phone, no more reading the data off of it.) Apparently the intent was not to protect the data on the phone from a real attacker, I don't think anyone at Apple that worked on this would expect that to be the case with the encryption key on the device. (stolen from an AC because it's interesting)
        • Re: (Score:3, Insightful)

          Apparently the intent was not to protect the data on the phone from a real attacker, I don't think anyone at Apple that worked on this would expect that to be the case with the encryption key on the device.

          Ahhh, but that certainly hasn't stopped Apple touting it as a feature of the phone and a selling point into the enterprise, and fanboy gloating...

  • But... (Score:5, Funny)

    by thePsychologist (1062886) on Friday July 24, 2009 @07:14PM (#28814335) Journal

    This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.

    • Re:But... (Score:5, Funny)

      by mdwh2 (535323) on Friday July 24, 2009 @07:28PM (#28814457) Journal

      Indeed, it doesn't matter that other phones have been cracked - Apple were the first ones to make it work Out Of The Box.

      It's all about the implementation. With the iPhone 3gS, your credit card details are integrated perfectly with crackers, thieves, and Steve Jobs.

    • This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.

      I Cracked my iPhone the first time I dropped it, 30 seconds flat. But if you read the fine print, it turns out Apples warranty doesn't cover the screen.

      • by Steffan (126616)

        I Cracked my iPhone the first time I dropped it, 30 seconds flat. But if you read the fine print, it turns out Apples warranty doesn't cover the screen.

        On the off chance that you're not trolling, why would you think the warranty would cover accidental damage? If I run my car into a tree during the first 5/50, they're not going to give me a new car because the car was defective.

        I think Apple would happily replace the screen if something happened that was a manufacturing defect. If you can convince someon

        • by Tony Hoyle (11698)

          A phone that breaks from merely being dropped from a normal height *is* defective. Everyone drops things from time to time - it should be part of the design goals to cope with some moderate impact damage.

          I've seen Nokia phones thrown across rooms and suffer only minor scratches.. those things are pretty durable. I believe blackberries are the same.

          • by drinkypoo (153816)

            I dropped my RAZR V3i numerous times. I'm 6'7" so the distance to the ground can be significant. The hinge got a little floppy by its end-of-life (a couple years of heavy use mind you) but what usually happened in a fall is that the battery door would fly off like Citroen parts in a collision, and the phone would often not even show a scratch (from concrete and tarmac drops, no less... numerous ones)

            If the iPhone can't handle drops, I'm really glad that ATT doesn't allow their "authorized resellers" to sell

      • by quenda (644621)

        Ha, that's one kind of crack that can be fixed. Just replace the screen with plastic
        like Apple should have done in the first place, if Jobs wasn't so obsessed with form over practicality.

        http://arstechnica.com/apple/news/2007/09/fix-a-cracked-iphone-screen-on-the-cheap.ars [arstechnica.com]

        (then again, replacing cracked screens at $250 a pop is nicely practical from Apple's viewpoint.)

  • by gig (78408) on Friday July 24, 2009 @07:20PM (#28814387)

    Until the Fortune 500 and the military stop using Microsoft products, I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.

    My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.

    In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?

    • by nxtw (866177) on Friday July 24, 2009 @07:24PM (#28814429)

      In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?

      Because if that same hacker had a Blackberry in his possession with encryption enabled, he would not be able to get in.

    • by Anonymous Coward on Friday July 24, 2009 @07:51PM (#28814689)

      My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.

      Isn't the point of remote wipe to prevent unauthorized access to the data on the physical device? So, it doesn't matter how long it takes to do the remote wipe if the keys can be broken in 2 minutes since that leaves only a small window of time to do the wipe. Especially if the attacker can copy the entire contents of the iPhone to a remote storage device and do it offline.

      Disk encryption, especially mobile and laptop, should be designed specifically to prevent data retrieval when physical possession is obtained by an attacker.

      • Mod parent up (Score:2, Redundant)

        by Gnavpot (708731)

        For this:

        Disk encryption, especially mobile and laptop, should be designed specifically to prevent data retrieval when physical possession is obtained by an attacker.

    • Re: (Score:3, Insightful)

      by thedak (833551)

      .. I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.

      That is because they are completely different cases with completely different mechanisms to prevent them. You're talking about the ability to load a spambot or something on a mobile device. The encryption is there to ensure your address book is safe, your calendar is safe, any photos and other data are safe. Not to ensure the device does not run arbitrary code. The problem with the data encryption being crackable within an arbitrary length of time is a large issue, as it is meant to be protection regardl

    • by Sir_Lewk (967686) <(moc.liamg) (ta) (kwelris)> on Friday July 24, 2009 @08:06PM (#28814785)

      My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant

      Perhaps I'm missing something here, but what's the point of doing a remote wipe of your iphone, if not to prevent someone that has physical access from accessing your data?

      • Pffff nitpicking ;-)

      • To prevent most thieves from getting access to your data? I'm not sure Apple has ever advertised this as high-grade protection. The only reference I can find on their site is to remote wiping. Maybe I'm not looking in the right place?

    • It's more like 1 hour per 8GB, btw.

    • by gilesjuk (604902)

      He also had to jailbreak the phone to get into it.

      That's pretty much the same as using an exploit to gain super user access to a computer. We all know there's root kits and scripts which make this easy.

      Smarthones aren't all that secure, they typically all have some sort of boot loader which you can often use to read the contents of the flash.

  • interesting (Score:5, Interesting)

    by Sir_Lewk (967686) <(moc.liamg) (ta) (kwelris)> on Friday July 24, 2009 @07:23PM (#28814411)

    Ok, I just watched the linked demonstration and what I noticed was he only placed his "private data" on the phone after he removed the pincode. I'd be interested to see a demonstration of him pulling data off the phone that was present before he reset the pin, to demonstrate that resetting the pin didn't just revert it back to factory defaults and remove all previous data.

    That said, I'll take his word for it now, it's quite interesting in the least. I have to wonder if this is an intentional "feature".

    • Re:interesting (Score:4, Interesting)

      by Sir_Lewk (967686) <(moc.liamg) (ta) (kwelris)> on Friday July 24, 2009 @07:30PM (#28814471)

      I'd like to add that anyone that thinks a 4 digit pin was ever going to provide any sort of strong protection, particularly for "sensitive data", is an idiot.

      At the worst it'd take less than an hour to brute force it manually.

      • 0000.

        That's a good PIN right. Or maybe 0212, my birthday? Nobody would ever guess that.

        • Something tells me 0212 is going to do a lot better against an unknown attacker than the 19xx pins that are ever so common....
      • by m_ilya (311437)
        Doesn't SIM card lock after 3 tries with a wrong PIN code? How do you brute force this?
  • security theatre (Score:5, Insightful)

    by drDugan (219551) on Friday July 24, 2009 @07:27PM (#28814445) Homepage

    security theatre: (1) security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security, usually resulting from political absurdity, poor engineering, the need to present an image of security more than real security, or some combination of these factors. (2) The real mission of the Transportation Security Administration.

    Examples: airport screening, "No-Fly" lists, random searches on subway systems, 1950's "duck and cover" drills in U.S. public schools

  • by risk one (1013529) on Friday July 24, 2009 @07:34PM (#28814501)

    He even encrypted his last name.

    • by dzfoo (772245)

      It's not encrypted, it's Base64-encoded!

      Learn the difference. sheeeesh.

                -dZ.

  • by diamondsw (685967) on Friday July 24, 2009 @07:40PM (#28814555)

    It should be noted that iTunes does not encrypt backups by default, but you can enable that with a checkbox in the iPhone preferences. So the real question is - with a PIN set and encryption on, can it still be hacked?

  • The real question is whether or not you should be storing sensitive material on your iPhone in the first place?

    If the answer is: What kind of idiot are you? Of course my iPhone is the center of my universe and the repository of everything that will ever matter to me right at my finger tips, then there's a huge opportunity just waiting for some programmer at the Apps Store who can code faster than I can to supply a cheap App that actually provides true security...

    ...provided that Apple and the government
    • Government might, Apple will not unless it randomly falls into a list of auto-approved apps that doesn't exist.
    • I think if you have some data you just have to keep, and there are people willing to break into your home to take it from you, you might be better off with the data in your iPhone than something bigger.
    • Re: (Score:2, Insightful)

      by PuckSR (1073464)

      Ummm...no

      Who would store "sensitive" data on a cell phone?
      Well, consider that most companies, agencies, etc consider their email "sensitive". Why do you think most businesses purchase 'smartphones'? TO ACCESS COMPANY EMAIL
      It isn't just a matter of company email carrying sensitive data, it carries normal data that would be highly beneficial to a bit of social engineering.

      Still don't understand the whole 'smartphone'/sensitive data issue?
      Ask yourself this question. Why won't the secret service let Obama ca

      • by Tony Hoyle (11698)

        You access company email remotely. You don't store it locally (it goes without saying you don't use POP for company email). A compromised phone might have the latest email hanging around somewhere, but everything else is safe.

    • by dzfoo (772245)

      You're thinking sensitive material as in the plans to the Death Star, or the combination to the bank's vault. However, sensitive material may just be a seemingly inocuous e-mail to your boss telling him how the business proposal was received, or a voice memo you prepared highlighting some new product ideas, while on the road to meet a client.

                -dZ.

  • curious... (Score:3, Interesting)

    by sbeckstead (555647) on Friday July 24, 2009 @07:46PM (#28814625) Homepage Journal
    Did anybody else read the docs on this feature? It seems that encryption was only done as a means to remotely wipe the phone. Was he able to destroy the keys remotely and then have someone read the data off the phone? I don't understand.
    • Ding ding ding (Score:5, Insightful)

      by earnest murderer (888716) on Friday July 24, 2009 @08:26PM (#28814921)

      We have a winner...

      The real issue at hand is how much time nerds spend thinking of ways they are right, instead of trying to understand how they might be wrong. iPhone 3gs was never marketed as having strong encryption (http://www.apple.com/iphone/specs.html), the /. crowd simply saw "something" was implemented and decided that the intent was to hide data.

  • Oh Great (Score:3, Funny)

    by maiotaku (1605209) on Friday July 24, 2009 @07:54PM (#28814703) Homepage
    Oh great, now all those secret emails about the money laundering are going to be found by the government because I'm the only major corporate executive who uses an iPhone to talk about all our illegal activities. I thought my data would be so safe, with no other weak links in the chain... like my email server or anything of that sort that could possibly also be hacked...
  • OK, the real problem is expectation and marketing, from the story, the encryption is (egregiously) useless.

    If the device is in your hands, you can physically remove the memory, and then examine it breaking the weak encryption on the fly.

    The marketing (surprise ... ) misrepresents that.

    The trick, instead, is concentrating and protecting important information
  • They used the password "GOD".
  • Reader Fail (Score:3, Informative)

    by marshzd (1605229) on Friday July 24, 2009 @09:24PM (#28815281)
    This is a pisspoor attempt at trying to discredit Apple for a CONSUMER product. Spore was hacked two weeks before the game was released. The Sony PSP has been hacked since the beginning of it's formation. The X-Box was not only hacked to put in bigger drives, but also was hacked to put Linux on it (which took a little longer but still) Windows XP is easily hacked by booting up in Safe Mode, you have immediate free admin access to add users and change passwords. Windows Vista/2000(2003) Server are all hackable with a quick linux boot CD, takes about three minutes (I've done this multiple times on many machines). You can either change the password, or just load all the persons files onto an external drive (I usually do this for when someone windows dies but you could easily take all their information unencrypted right off). Every consumer device and software product is usually hacked before it's even released, if not shortly after it's released. The fact that this article was just barely posted actually makes me wonder how stupid they are for failing this long at trying to break a consumer product. I've never seen a single ad for the iPhone, PSP, or X-Box advertising their "security". They generally intentionally have loopholes because they realize that users (like the person who wrote this article) are freaking idiots and are going to lock themselves out. The biggest loophole is having an admin user (:O) reset their password. And getting that password from them is as simple as starting their pubes on fire if not using the previously mentioned boot disk to simply wipe the password and log in. This isn't any sort of fail on Apple's part. They can't handle everything in the universe on their phone. Nor was it PSP's fail when it got hacked. Or windows when it gets hacked. There's BLATANT fails that generally get fixed, but not really any here. Sorry folks, move along.
  • .. a thousand apple fanboi's cried out and then were suddenly silent....
  • What, me worry? (Score:5, Insightful)

    by jc42 (318812) on Friday July 24, 2009 @10:37PM (#28815657) Homepage Journal

    With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?

    Well, as someone who isn't part of any Fortune-100 corporation or military force, I guess my response would be "Not at all."

    It's generally understood and widely acknowledged that the secrecy in such organizations functions primarily to keep their inner workings private from their own populations, i.e., us "little people" who pay to keep them running but aren't allowed to look into their inner workings. If they are riddled with holes in their communications because they're using iPhones or MS Windows or whatever, that means that there's a good chance that investigators can find out what they're up to and inform the rest of us.

    Consider the last few years of disasters in the American financial industry. It's pretty clear now that the perpetrators knew quite well what they were doing, and were profiting quite well from it all. It's the "little people" who are paying for the collapse, while the officers of the corporations are still taking home huge paychecks and bonuses. The reason it went on for so long was that the companies involved were able to keep their shady dealings secret from the great majority of their investors. If we'd had better security holes to see inside them, maybe some of the disaster could have been avoided.

    It's hardly a secret that military security primarily functions to hide their internal corruption (and bungling) from their own citizenry. Making their internal communications available to the citizenry via poor comms security seems like a win for the country as a whole.

    (Yeah; I know; "Such a dreamer." ;-)

    • by BitZtream (692029)

      You are rather disconnected from reality. No one who matters in the military, the ones with real secrets, are putting that data on an iPhone. The little people who don't actually know anything truely important are using iPhones.

      We didn't find out about the banking issues because some piece of software was hacked, we found out because the ran out of money to keep the scam going or because someone (not a peon) who was higher up in the organization blew the whistle.

      Most 'leaks' are entirely intentional, some

  • much-touted? (Score:3, Insightful)

    by csimicah (592121) on Friday July 24, 2009 @11:02PM (#28815773)
    I wasn't even aware of this feature until I started reading echo-chamber blog articles about how weak the encryption was. This doesn't make the issue any more or less legitimate but it sure does make the post seem a little fantastic.
  • by MeNeXT (200840) on Saturday July 25, 2009 @12:45AM (#28816187)

    regardless of who manufactures it, I have access to the data. If I have access to the physical machine I have access to the data. If you are carrying sensitive information and the only thing blocking my access is a four digit code then you are an IDIOT regardless of what OS you are using.

    Common people where is the news here? You actually think a Blackberry, Nokia or any other phone on the market today has any kind of encryption that can't be broken into with a bit of research.

     

    • by fadir (522518)

      Pretty fitting post!

      As my former employer (mmo developer) used to say: Why the heck should we invest time and money into encrypting our protocol to protect the client from being run via proxies to cheat, when there is literally no way to enforce it because as soon as you own the end point (in that case the game client, in the case here the mobile phone) you have (fairly easy) access to everything anyway.

    • by kwerle (39371)

      Cute username.

      ...

      Common people where is the news here? You actually think a Blackberry, Nokia or any other phone on the market today has any kind of encryption that can't be broken into with a bit of research.

      Yes.

      http://www.resourcecenter.blackberry.com/resource/xHCO-BlackBerry_Enterprise_Solution_Security_version_4.pdf [blackberry.com]

      I'd rather use an iPhone, but company policy is BB. Then again, the BB is encrypted. 10 bad attempts at a password and it nukes itself.

      The US does not make it easy to sell encryption products, but this (slip from Apple) is pathetic. I'm generally unhappy with Apple's security standards. AFS mounts in the clear by default, and inconvenient to do securely? Come on.

    • by Dan541 (1032000)

      Most security measures are designed to thwart low level attacks.

      A 4 digit pin number will indeed keep most attackers at bay, same goes for screen-saver passwords. Or even the lock on your front door.

      Although I can not deny the problem that exists when highly confidential data is protected ONLY by one of these low level options, similar to using a $2 padlock to secure a missile silo.

    • by miro f (944325)

      If I have access to the physical machine I have access to the data.

      Ever seen a Thales card payment system HSM? These are the devices that protect your PIN, credit card verification number, bank interchanges, all sorts of different keys. Try getting an encryption key out of one of those:
      http://en.wikipedia.org/wiki/Hardware_Security_Module [wikipedia.org]

      Not to mention any modern EFTPOS devices, while more compact. are good enough that pretty much anyone can be given one and we can remain confident that the key is safe in there.

      When you control the hardware, it is possible to hide the key.

  • I'll probably get moderated troll for that but it's pretty obvious to me:
    Put your data into a (trusted) cloud and not onto the phone itself, use encryption on the way and you are as safe as you can get. The phone is only useful when connected anyway, so why should I have to carry the data on the phone?

    • by kkelly (69745)

      I'll probably get moderated troll for that but it's pretty obvious to me:
      Put your data into a (trusted) cloud and not onto the phone itself, use encryption on the way and you are as safe as you can get. The phone is only useful when connected anyway, so why should I have to carry the data on the phone?

      The phones are useful when not connected because you have stored your important data on the device. Because cell phone coverage and WIFI are not ubiquitous, a phone connected to the cloud is essentially useless in the absence of a signal. I have visited places all over this country where a flare gun would have been more a effective means of communication than my smartphone, but I could still call up that important office document, pdf or diagram because it was stored locally on the device. Less secure, p

  • On other smart phone platforms, if your data is really precious and if you need more than average security, you install security solutions.

    As my data is not that precious, I have just trialed commercial, easy to install security solutions like Kaspersky Mobile, F-Secure. Both has firewalls on socket and application level, heuristics, anti spam, remote locking and in Kaspersky'es case, even a "white hat rootkit" to track your phone after it has been stolen. I can easily say that they will be never possible o

  • I realize the submitter might not know the meaning of the word, but the editor could have at least glanced at the article and realized there's no cracking involved.

    I know, "welcome to Slashdot."

  • it's 'like putting privacy glass on half your shower door.'

    So, he's saying that the encryption is perfectly adequate for male users, whereas female users are less well protected, but at least it stops people seeing the really good bits?

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne

Working...