Russian Form breaks iPhone encryption
A Russian software company, Elcomsoft, says it has broken the encryption on iOS 4. Reuters

The Russian security firm ElcomSoft has claimed to have managed to crack the iOS 4's encryption systems, demonstrating the vulnerability of numerous Apple products.

The company reported on its website that it has managed to create and will be selling a tool kit that helps crack the iOS's encryption and passwords.

The company listed its reason for creating the tool as to, "[create] the possibility of an extremely comprehensive forensic analysis of affected iOS devices.

"iPhone backups produced with Apple iTunes software already contained a lot of sensitive information, including keychains. ElcomSoft makes forensic analysis easier, faster".

ElcomSoft did confirm that the hack was by no means an easy feat, "explaining what we did to break this encryption is not exactly easy."

But from a post on its website, it seems the crack was done in three stages.

In the first stage of the crack, the company focused on retrieving the device's encryption key. This was reportedly done using certain digital forensic software to break down encrypted bit-to-bit images stored on the device.

Once these keys were found, the second stage saw the company take advantage of the fact that many iPhone and iPad users don't bother creating a password more than four characters long.

"By default (with "Simple passcode" option enabled), passcodes consists of only four digits, meaning that only 10,000 possibilities exist. Having to enter their passcode pretty often most users keep their passcodes to the default length of only four digits for the sake of usability.

"Ten thousand combinations do not sound like much. On a PC, breaking a passcode of this length would only take a few moments."

The third and final stage of the crack focused on obtaining the device's keychain. The keychain is a system-wide storage area where the device keeps information such as usernames and passwords.

The method ElscomSoft described itself as using to obtain the keychain was somewhat convoluted, "While Elcomsoft Phone Password Breaker already has the ability to display the contents of the keychain area, it could only read the keychain from iOS backups.

"As it turns out, not all data from the system keychain is exported into the backup. For example, the backup password itself is present in the system keychain but is never exported to the backup.

"Application developers utilizing Keychain can choose whether records stored by their application should go to the backup or not. That said, the complete Keychain including items not included with the backup can be read and decrypted using the same set of keys obtained from the device."

The company has stated that it will only sell its new iOS 4 cracking tool to, "established law enforcement, forensic and intelligence agencies as well as select government organizations."

But, it has also confirmed that it will be selling the tool to the highest bidder -- a fact that despite its previous claim may well make certain Apple customers twitchy.

The company has currently promised that the crack will work on any iPhone, iPod or iPad running iOS 4.