The Tech Herald

New forensics kit offers near-instant access to iOS 5 data

by Steve Ragan - Nov 1 2011, 14:10

ElcomSoft has released an update to their iOS Forensics kit, which touts a faster recovery time for protected system dumps and other tasks. The update increases ElcomSoft’s abilities to crack and extract data from iOS version 3.x, 4.x, and 5, on any Apple device.

“There was no break-through in the iOS security model”, says Andrey Belenko, ElcomSoft leading developer.

“The architectural changes are more of an evolution of the existing model. However, we highly welcome these changes, as they present better security to the end user. In particular, the number of keychain items that can be decrypted without the passkey is now less than it used to be. Device passcode is one of the hallmarks of Apple’s security model, and they are expanding the use of it to cover more data than ever before.”

Apple did make one major change in iOS 5 however, by replacing the keychain encryption algorithm entirely, and making Escrow Keybagging useless by protecting escrow keys with the device passcode.

This means that before anything can be done, ElcomSoft will need to brute force the passcode from the device. After that, full data recovery and analysis from the keychain is only a matter of time.

The keychain contains tons of information that is highly valuable to investigators, including stored logins and passwords to various websites, Wi-Fi hotspots, email accounts, and applications.

But what of the other data? Apple’s iOS accumulates huge amounts of information.

Besides the obvious pieces such as pictures, email and SMS messages, Apple’s devices store advanced usage information such as historical geolocation data, viewed Google maps and routes, browsing history, call logs, and nearly everything typed on the iPhone.

Most of this data is stored in the backups produced by iTunes, but was nearly impossible to get at in some cases.

“I love challenges”, says Dmitry Sklyarov, ElcomSoft’s leading cryptanalysis specialist.

“The new system release presented a perfect case. When we just started, we didn’t even know if we have a chance to break it. There are all-new encryption algorithms, changed keychain protection, new data structures… the list goes on and on. We did most of it before at the time of iOS 4 release, but the new system presented some unexpected challenges.”

In the new release, ElcomSoft says they can recover all of the encrypted data stored in the backups in about 20 minutes on a 16GB iPhone, or 40 minutes for the 32GB version.

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

Fastest Car in The World: The ultimate guide

EVERYONE wants to know what the fastest car in the world is and here is a list of the cream of the crop. It gives you a thorough guide as to the main contenders, talks you through the rest of the world’s fastest automobiles, and reveals the two main future potential holders of the most [...]

The post Fastest Car in The World: The ultimate guide appeared first on Autosaur.

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.

Nissan 370Z Nismo to rock the Gumball 3000 rally

The Nissan 370Z Nismo will be one of the cars in the 2013 Gumball 3000 rally where  â€” as the guys from TV show Jackass put it — “filthy stinking rich” people drive super-expensive cars 3,000 miles through 13 countries across Europe. The car, above, will be driven by a team from publishing and production [...]

The post Nissan 370Z Nismo to rock the Gumball 3000 rally appeared first on Autosaur.