Apple has worked hard to gain the trust of its smartphone users, introducing a number of tighter security measures on its iPhone OS. But a crack team from Russia has found a way to circumvent Apple’s iOS force field, though it seems hackers need access to both laptop and iPhone to do much damage.
Apple introduced a chip for hardware-based encryption on the 3GS, and 256-bit encryption was added for iOS 4. But a team of Russian forensic experts has cracked both the on-device data protection and the backup file encryption.
As reported on Bright Side of News, Vladimir Katlov who was part of the crack team at ElcomSoft explained that its Phone Password Breaker tool unlocks Apple and BlackBerry backups. But Katalov explained:
“Decryption is not possible without having access to the actual device because we need to obtain the encryption keys that are stored in (or computed by) the device and are not dumped or stored during typical physical acquisition.”
So, this basically means that obtaining someone’s backups from their computer is only half of the solution to properly cracking iOS 4. Hackers would need to get their hands on someone’s iPhone handset too to obtain any data.
Whilst this shows that iOS 4 isn’t impenetrable, iPhone users shouldn’t be overly concerned if they take at least a little precaution. For example, don’t pack your laptop and iPhone together in the same bag, and always ensure that you check the ‘Encrypt iPhone Backups’ on the device summary tab in iTunes. If you do this, iOS 4 should still be a force field to be reckoned with.