iOS4 Encryption Cracked
Apparently the stuff on your iPhone is encrypted with AES 256. Elcomsoft announced that it found a way to brute force the phone’s 4 digit passcode. They use the API in a way that bypasses the “Wipe after 10 failed attempts” option, making brute force possible.
Not surprising, mobile security has always been weak. What is surprising, is that Apple encrypted the information in the first place. I had thought that the passcode screen was just that, a screen lock, and not a way of encrypting the phone’s contents.
So kudos to Apple.
Added 13 Aug: Your pin code or passphrase encrypts a key that is used to decrypt the file system. This is much the same way programs like TrueCrypt work and is very effective. Even when mounting the file system outside of Windows you are required to unlock the phone.
No comments yet.