Elcomsoft releases iPhone 4 password cracker

Apple changed the iPhone 4 software in a way that makes it easier to recover the plain-text password used to encrypt data
  • Jeremy Kirk (IDG News Service)
  • — 06 August, 2010 05:34

Russian password-cracking company Elcomsoft has released new software that can in some instances figure out the password used to encrypt backed-up iPhone data.

Elcomsoft said Apple somewhat changed the way their encryption system works for its latest iPhone 4 software. When an iPhone is plugged into its home computer, its data -- such as e-mail passwords, calendar events, text messages -- are automatically backed up in a so-called "keychain."

That information was previously encrypted using a device-specific encryption key, but with "iOS 4 this is not necessarily the case" if someone choose a master password to access the data, according to Elcomsoft.

If a person chooses to encrypt the data, the backup is encrypted with a master password selected by a user. But if the person can't remember their password, the data can't be restored to an iPhone. A user would have to do a full software restore and set up a new backup, with all of the other data lost.

But Elcomsoft says it can figure a password out with its latest iPhone Password Breaker application. The company says that Apple's encryption of the backup is excellent, as the passwords can only be figured out using brute-force attacks, where a computer tries millions upon millions of possible combinations, or dictionary attacks, which use lists of commonly used words.

Elcomsoft said its software doesn't have a 100 percent success rate, but if a person selects a short and simple password, it could be recovered in seconds. Other factors in how long its software takes to recover a password depends on a person's computer and the power of its CPU and graphics card.

Once the password is recovered, Elcomsoft said its software allows a person to examine their keychain and export that data into XML (Extensible Markup Language) or plain text document.

The iPhone Password Breaker is legal for people to use on their own backups or if they have the permission from someone to examine their iPhone. The software costs £79 (US$126) for the home edition and £199 for the professional edition.

Send news tips and comments to jeremy_kirk@idg.com

Tags: telecommunication, iOS 4, passwords, security, Elcomsoft, Access control and authentication, encryption, Mobile operating systems, software, mobile, Apple

Turkey’s ISPs hijack Google’s DNS service, killing bypass for Twitter, YouTube ban

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.