Russian computer forensics software company ElcomSoft offers a product called iPhone Password Breaker that enables uses to access backup data from iOS devices. Today the company announced an update to the software that enables users to crack iOS 4 keychains – which may include e-mail and other passwords – without altering the phone’s content. ElcomSoft claims to be the first company to be able to crack keychain passwords. According to the company’s press release, “Prior to the release of the updated iPhone Password Breaker, the keychains were considered impossible to obtain.”
iOS 3 devices used hardware encryption unique to each individual device to encrypt keychains, even when the keychains were exported to an external device. Apparently, this is not the case in iOS4. The keychains can be unlocked with only the backup password, which iPhone Password Breaker can recover. If an online backup has not been performed, the keychains aren’t accessible.
Enterprises using iPhones may wish to avoid the use of offline backups until Apple fixes the issue.
iPhone Password Breaker uses ATI and NVIDIA video acceleration hardware to recover backup passwords faster than traditional CPU-only approaches.
ElcomSoft uses the same technology in its other products for recovering passwords from a variety of software, but does not offer any other products specifically designed for recovering smart phone passwords. According to ElcomSoft, the company’s tools are used by most of the Fortune 500, various branches of the military and many governments.
Update: ElcomSoft CEO Vladimir Katalov wrote us to say:
To be honest, I would not call that a “vulnerability”. If Apple wants to have an ability to restore from backup to another/new device, there is no solution, i.e. keychain cannot be encrypted based on hardware keys anymore. So we have to choose between security and usability, as always 🙂 The only recommendation is to select long and complex passwords to backups.