The first set of commercially sold tools for cracking into an iPhone’s security have been made available by a Russian company. You might want to change your iOS passwords to something more solid than “1234.”
According to a story from Ars Technica, Russian data security company ElcomSoft has created a set of software tools that can be used to break through the encryption on an iPhone. Part password-breaker, part scanner for encryption numbers to get further data out of the phone, the tools are only being made available to law enforcement. Here’s a quote from Ars’ story:
“The decryption tool requires access to the device in question, but once it's in hand, a few different kinds of keys need can be scraped from it, including the unique device key (UID) and escrow keys calculated using the UID and escrow pairing records. If the device is only protected by a 4-digit passcode, the program then only needs to brute-force its way through that to get access to all of the decryptable information.”
As Ars points out, the security features of Apple’s iOS platform aren’t exactly impregnable, and the story goes on to mention that a similar decryption method was created by the Fraunhofer Institute for Secure Information Technology in February. The difference is that those tools aren’t for sale.
And though the decryption tools exist, they’re not infallible, either. Switching out a 4-digit code for a longer and more complex password basically stops the commercially available tools dead, since the password breaker works by trying number combinations until it finds the right one. Mix it up, and the first step of the decryption gets stalled out.
Another good way to beat the decryption: Keep your iPhone stuffed full of incriminating information out of the hands of the coppers. Without the device, they got nothin’.
With smartphones becoming more and more prevalent, though, data and information stored on them is being used in ways their creators and owners might not have considered. It’s a good idea to keep in mind that the things you do on your smartphone might not remain private.
The U.S. Senate is considering an amendment to a law that would offer more protections to citizens about the use of their data in the cloud and on smartphones by law enforcement, but it’s not infallible. It came out just a few weeks ago that law enforcement officials were using a bug in iPhones to track their owners’ movements for investigations, with no warrant required.
Moral of the story: Use your smartphone cautiously, both for your security and your privacy.