After 1 year ago, when the Russian security company ElcomSoft managed to crack Apple’s backup encryption, now they announced that they found a reliable way to beat even encryption on the secure layer that the system is using to store data.
I was curios about how they did it and after some googling around I found that the method is based on a concept flaw from Apple more then magic voodoo from the Russians
the first point of attack appears to have been the user system passcode itself as all other keys are only vulnerable to attack once the device is in an unlocked state. […] The company said it had been aided by subtle weaknesses in the security architecture used by Apple, starting with the default passcode length of 4 digits. This yields only 10,000 possible number variations, which the company said most users would likely use to secure their devices without question.
After a simple math, I found out that this bruteforce can done in max 1 hour.
Even if the company sells the software that can crack Apple’s encryption for ~90Eur, they claimed that:
We are responsible citizens, and we don’t want this technology to fall into the wrong hands,” said ElcomSoft CEO, Vladimir Katalov. “Therefore, we made a firm decision to limit access to this functionality to law enforcement, forensic and intelligence organisations and select government agencies.
.. yeahh.. right.
Russian hacker 2 – 0 Apple