ElcomSoft Releases iPhone Decryption Tools

| Product News

ElcomSoft is taking iPhone password hacking to the commercial market with its forensic tools designed to give investigators and government agencies access to encrypted data on iOS devices.

iPhone securityNeed to hack iPhone passwords? There’s an app for that.

The forensic toolkit requires physical access to the iPhone, iPad or iPod touch under investigation, and can perform brute-force attacks on the default four-digit passcode protection iOS offers, and can recover the device’s UID identifier code, and the keys used for pairing escrow keys and UID codes.

Apparently ElcomSoft’s forensic tools rely on similar techniques to those detailed by the Fraunhofer Institute for Secure Information Technology earlier this year, according to Ars Technica

The tools are available to law enforcement and other government agencies, so don’t plan on picking them up just to see what’s on your friend’s iPhone.

Comments

Lee Dronick

“The tools are available to law enforcement and other government agencies, so don?t plan on picking them up just to see what?s on your friend?s iPhone.”

What kind of guarantee is there of it not getting into the hands criminals?

Tiger

Shouldn’t that say “What kind of credible guarantee….?”

Gary

I’m think this toolkit has been on the market for a while - it’s not new, it’s just an update.  (A media-attention grab?)

It sounds as if it would still be ineffective against a complex passcode, ie not just the simple 4-digit codes you get by default.

Lee Dronick

It sounds as if it would still be ineffective against a complex passcode, ie not just the simple 4-digit codes you get by default.

I wonder if in the next version of iOS that we will get, or least the option, of having longer passcodes.

Gary

> the option, of having longer passcodes

No need to wait - you have that option right now.

?Settings > General > Passcode Lock > Simple Passcode

This is on by default.  You can turn it off and use the most complex passcode that you can deal with.  For example: SirHF-reallySecure20!1 would be a valid passcode.


As an aside, if I was supplying you with a work iPhone (or iPad for that matter), I would apply a configuration profile which enforced a similar degree of complexity to the passwords used to log on to machines on our work Active Directory environment.  ie a minimum of 8 characters and a mix of upper case, lower case, numeric, non-alphanumeric, etc.

When my colleagues who administer the Blackberries recently began enforcing similar passcodes on those devices, I decided that I should follow suit with my work supplied iPhone.  I spent several months with a 9-character passcode.  It was horrible to become used to at first, though I did get there in the end.  It would have been considerably easier, I expect, on an iPad.

ry

We have that right now:
Settings > General > Passcode Lock > Simple Passcode = OFF

Lee Dronick

Thanks Gary and Ry, that is a real handy tip! Looking at the preference pane I had assumed that we were restricted to 4 characters. I had also read the Manual and the Missing Manual, but must have missed the longer passcode option.

Here is the Apple support document for iOS passcodes

Log-in to comment