Apple Encryption cracked

After 1 year ago, when the Russian security company ElcomSoft managed to crack Apple’s backup encryption, now they announced that they found a reliable way to beat even encryption on the secure layer that the system is using to store data.

I was curios about how they did it and after some googling around I found that the method is based on a concept flaw from Apple more then magic voodoo from the Russians

the first point of attack appears to have been the user system passcode itself as all other keys are only vulnerable to attack once the device is in an unlocked state. […] The company said it had been aided by subtle weaknesses in the security architecture used by Apple, starting with the default passcode length of 4 digits. This yields only 10,000 possible number variations, which the company said most users would likely use to secure their devices without question.

After a simple math, I found out that this bruteforce can done in max 1 hour.

Even if the company sells the software that can crack Apple’s encryption for ~90Eur, they claimed that:

We are responsible citizens, and we don’t want this technology to fall into the wrong hands,” said ElcomSoft CEO, Vladimir Katalov. “Therefore, we made a firm decision to limit access to this functionality to law enforcement, forensic and intelligence organisations and select government agencies.

.. yeahh.. right.

Russian hacker 2 – 0 Apple

Resources:
http://news.techworld.com/security/3282137/apple-iphone-encryption-cracked-by-russian-firm/

Advertisements

About Stefan Fodor

inscriptie pe un mormant
This entry was posted in IT Security, Week 21. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s