iPhone 3GS Hardware Encryption "Useless"?


Wired.com talks to Jonathan Zdziarski, iPhone developer, hacker, forensics teacher, finder of the iPhone kill switch, creator of the AMBER alert app, about the iPhone 3GS' new hardware encryption, recently touted as giving consumers "enterprise-class" security. His take? It's implemented so poorly it can be cracked in two minutes, “like storing all your secret messages right next to the secret decoder ring”.

To steal an iPhone’s disk image, hackers can use popular jailbreaking tools such as Red Sn0w and Purple Ra1n to install a custom kernel on the phone. Then, the thief can install an Secure Shell (SSH) client to port the iPhone’s raw disk image across SSH onto a computer.

We've heard before that Jailbreaking strips away security layers on the iPhone, though that's been in the context of the users own device. This is using the Jailbreak process to actively get at another device's data.

Is Apple going to change the way they implement their hardware-based iPhone 3GS encryption in light of this? Can the current model be made more robust? And what, if any, changes made to keep bad guys out of the iPhone will effect users who simply want to gain access to their own iPhones?

[Thanks to Antony for the tip!]

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, ZEN and TECH, MacBreak Weekly. Cook, grappler, photon wrangler. Follow him on Twitter, App.net, Google+.

More Posts



← Previously

Amazon's Jeff Bezos Apologizes to Kindle (and iPhone Kindle App) Users

Next up →

The Competition: Palm webOS 1.1 Goes Live, Updates Over-the-Air

There are 15 comments. Add yours.

Memnautikus says:

What do you mean? English por favor?

Brown13 says:

Will the 3.1 update fix any of this problem?

Michael Chang says:

Means if I stole your phone, I could jailbreak it then access your data via SSH.

codespiro says:

Means that people with important info on their iphone should implement the Passcode Lock feature sooner rather than later.

Brad Zimmerman says:

Once someone has physical access to your computing device then it is more or less "game over" - it is merely whether it is going to take "not too long" or "a little while" before the bad guys break through any blocks you've set up.
When you lose your device, remote wipe it. Or, even better, just try not to lose it.

thybigfoot says:

Well for Jailbreaking device must be put in DFU-Mode. I wonder if it is possible if you put a security code on your device. If it is possible to go into DFU without entering security code, the encryption is indeed very useless...

codespiro says:

Even if you jailbreak it... after it reboots you still need the passcode to gain access. Just tried it!!

Doctor says:

I read the full article on Wired, which was referenced to by Engadget earlier today. It seems that even the passcode doesn't work...apparently if you plug an iPhone into a computer, even when passcode-enabled, you can access the phone.
Two thoughts here: First, there is no discussion on Wired (or Engadget) about the amount of ease involved when using a BlackBerry instead of an iPhone. It would be useful to have the comparison; otherwise, the story leads you to believe that the BlackBerry is 100% secure and encrypted. And that revelation makes you wonder if another source (RIM, perhaps?) didn't encourage this news article to be released (was the uber-hacker paid by anyone to research the vulnerabilities of the iPhone)?
Second, the premise of the article is that if your iPhone is stolen it isn't secure, and you can easily work around that security. How many thieves steal an iPhone for corporate secrets? The uber-hacker mentions that any thief worth their salt would immediately remove the SIM so that the phone could not be remote-wiped or followed with find-my-iPhon. We've already read on several blogs about how iPhone thieves were identified through the find-my-iPhone feature. So we're talking about a very small subset of thieves who are smart enough to be corporate spies, intentionally tracking CEOs, board members, and R&D engineers to steal their iPhones. Where I am going with this? Ultimately, if the end goal is to steal a device, and it is achieved, regardless of being an iPhone or BlackBerry...that corporate thief has unlimited time to crack that device and steal the secrets contained within, and I'd guess there are ways to break encryption on any device.
So: advice to Apple--beef up the encryption and security measures for the enterprise users that need it. Advice to all--keep track of your iPhone, BlackBerry, or notebook computer. If the device is in your hands, and not in the hands of a corporate thief, it is secure.

fassy says:

Good point about physical access -- but here the time to track makes a big difference, because it is not so much about losing the device, but losing track of it, temporarily.
Phones travel a lot, and, unlike workstations or even laptops, they are often kept loose inside other containers such as purses, backpacks, or briefcases. I would wager most users have at least 10 minutes each day where they cannot vouch for the exact location of their phone. At the very least, it would be naive to rely on 100% of employees not losing track of their phones for 10 minutes, forever.
A two minute attack vector gives a black hat plenty of time to snatch the phone, install a ssh daemon, and return it unnoticed. Yes, it sounds like spy movie paranoia, but, if I were the IT director of a company with extremely sensitive data, I would have to weigh it as an additional risk factor.

iBlackdude says:

What ?? Passcode will not help ?

icebike says:

The problem here is that Apple used an encryption method meant for physical disks, where the decryption is done by a pass-thru hardware encryption device once the OS hands it the proper key.
The problem is, the encryption key is built into the lowest level of the OS, so any time the baseband running and reading the flash it has the decryption key, and is decrypting data on the fly.
To fix this they need to have some portions of the flash decrypted by default (so that they can load their OS) and other portions encrypted by default to store your user data.
I'm betting there was a forehead slapping moment in Cupertino when they realized the encryption chip was an all or nothing solution, which would not allow you to partition the flash.
The bought the chipset it was already on the boards and when they got the OS developers involved they realized they couldn't even read their own flash to boot the phone without the key. Too late. Factory running full bore, management making big claims. Lets hope no one notices.
This would be a good solution for a removable storage, but not soldered in flash.
Talk about embarrassing.
The thing is, the OS engineers had to know this was the case. They either lied to management, or management chose to "lie" to the public. I say lie in quotes, because it is in fact encrypted, but if you can power the phone at all, you get it decrypted for you.

icebike says:

@Iblackdude: No Passcode will not help.

fassy says:

Direct link to watch the entire process on youtube -- the process apparently removes the passcode (but does not jailbreak the phone):

Sean peters says:

I'm betting that this is going to be used as the excuse to put in foolproof anti-jailbreaking features. And if that happens, what's the next move? Does Apple get sued for anti-competitive behavior (or other anti-consumer sins)?Will geekier customers abandon the iPhone for a more open platform? Interesting times.

iRoc says:

Wow seriously? You're telling me that Apple's security department has extremely sub par skills? Isn't this their jobs? They've been working on this since at least the 3G release if not before, and they couldn't get it right?
Something don't smell right!
And how does jailbreaking make the problem worse when any jailbreaker can tell you with SBSettings you can close ALL the open holes.
I understand the if someone gets their hands on your device part. That's the only part of this that makes ANY sense to me in this whole article, but I paid good money for my phone, and I never have my phone out of my sight. I mean people were getting mugged for iPods. You know some thief is going to want to steal your iPhone if you leave it somewhere.
IDK I'm gonna have to think about this for a while, but this seems pretty backa$$ward.