Russian password-cracking company Elcomsoft has released new software that can in some instances figure out the password used to encrypt backed-up iPhone data.
Elcomsoft said Apple somewhat changed the way their encryption system works for its latest iPhone 4 software. When an iPhone is plugged into its home computer, its data -- such as e-mail passwords, calendar events, text messages -- are automatically backed up in a so-called "keychain."
That information was previously encrypted using a device-specific encryption key, but with "iOS 4 this is not necessarily the case" if someone choose a master password to access the data, according to Elcomsoft.
If a person chooses to encrypt the data, the backup is encrypted with a master password selected by a user. But if the person can't remember their password, the data can't be restored to an iPhone. A user would have to do a full software restore and set up a new backup, with all of the other data lost.
But Elcomsoft says it can figure a password out with its latest iPhone Password Breaker application. The company says that Apple's encryption of the backup is excellent, as the passwords can only be figured out using brute-force attacks, where a computer tries millions upon millions of possible combinations, or dictionary attacks, which use lists of commonly used words.
Elcomsoft said its software doesn't have a 100 percent success rate, but if a person selects a short and simple password, it could be recovered in seconds. Other factors in how long its software takes to recover a password depends on a person's computer and the power of its CPU and graphics card.
Once the password is recovered, Elcomsoft said its software allows a person to examine their keychain and export that data into XML (Extensible Markup Language) or plain text document.
The iPhone Password Breaker is legal for people to use on their own backups or if they have the permission from someone to examine their iPhone. The software costs £79 (US$126) for the home edition and £199 for the professional edition.
Send news tips and comments to firstname.lastname@example.org