back to article iOS 4 hardware encryption cracked

Russian security outfit ElcomSoft is shipping a toolset that cracks open the hardware encryption protecting iOS4-based iPhones – but it's only for spooks and law enforcement. In an announcement that will have black-hats working to replicate its results, the company says its tool can “extract all relevant encryption keys from …


This topic is closed for new posts.
  1. This post has been deleted by its author

  2. joe.user

    Or you can just use this...

    1. Anonymous Coward
      Anonymous Coward

      Different problem

      That's a completely different issue and it only gives access to some parts of the keychain. In particular see their FAQ question 2.15.

      This one gives access - after cracking the key - to the whole keychain plus everything else.

      But it does take quite a while. If it's really just brute force by just adding the standard alphabet to the password instead of just digits we're talking 4 days to crack, or almost 8 with capitalization. Make the password longer than 4 characters and that increases exponentially.

  3. jonathanb Silver badge


    Should the last sentence say "by a _plod_ suffering a rush of blood to his head. ®"?

    1. David David David David (formerly David 22)


      the author probably wanted to make a portmanteau word from "plod" and "clot".

      1. Anonymous Coward
        Anonymous Coward

        Re: whatever

        Clever and kind - but wrong.

        Typo now corrected

  4. Steve Evans


    Sorry, but are you saying hackers which are providing cracking methods to governments and snoop services are the white hats?

    1. Anonymous Coward
      Thumb Up

      Grey is the best description. They are white by Russian standards though

      Elcomsoft is the company which was involved in the Adobe DRM bypass bru-ha-ha a while back.

      It is an interesting company. It has demonstrated some key differences between UK and let's say Russia from a management perspective. The company director actually went to testify, took the charges onto himself and the company and face the charges so his software developer arrested on that case is released:

      I do not see a nowdays UK manager who treats his staff as human resource doing that. The ones I know are more likely to chew and swallow their MBA diploma without ketchup instead.

      1. Anonymous Coward
        Black Helicopters

        @AC 08:45

        Well you don't know the whole story do you?

        Maybe the software dev had some bigger dirt on the director that would make the charges seem almost like stealing candy from a child.

        It is Russia we're talking about right?

        1. Anonymous Coward
          Thumb Down

          I do not know the whole story, but I have worked both places

          Let me explain you the difference between UK and Russia in terms of management.

          In Russia (and many other European countries, especially towards the Eastern side), traditionally, the staff is disposable, the manager is doubly so. The spell Responsibility with a capital R.

          There the manager gets a bullet in the back of the head (literally or not so literally) FIRST when things go wrong. As a result he has no choice but to care about his staff and be responsible. If they are sent to "certain death" he will actually tell them where are they going. There if staff defects to a competitor there they usually go altogether led by the manager. And so on. I have seen it first hand for many years.

          In UK, traditionally, staff is disposable the manager is _NOT_ so. He gets a promotion and is moved to a different job FIRST when things go wrong. I have also seen that first hand for many years.

          USA is either way by the way. I have seen both cultures there. You have Jobs "shooting managers in the back of the head" for failing a project in front of the whole company while retaining the grunts and you have people carefully floating about on golden parachutes and moving "to have more time with the family" or "pursue new ventures" after they miserably failed at what they are doing. Well... we have all seen that one too...

  5. This post has been deleted by its author

  6. The Fuzzy Wotnot

    Why bother with this?

    Let's face it, under UK law, if threatened by the plod or the courts, you have hand over your passwords anyway, so what's this achieve?! The Plod are still going to reach for the rubber baton or the line "Sorry, Guv he fell down the stairs/walked into the cell door just before he gave us the password."!

  7. tomsof

    4 digit passcode

    Surely if you have sensitive data on your iPhone you wouldn't have the 'Simple 4 digit Passcode' enabled anyway. When you use the more complex passcode you're able to have an unlimited length alphanumeric & special charachter passcode.


    Simply activate the 'Erase Data' feature to wipe all data on the iPhone after 10 failed passcode attempts, stopping brute-force attacks.

    1. lansalot


      "Simply activate the 'Erase Data' feature to wipe all data on the iPhone after 10 failed passcode attempts, stopping brute-force attacks"

      The brute-forcing would be done offline against the specific files - you'd only be putting the derived key into the device. Hence this would be no defence.

  8. BristolBachelor Gold badge

    Thankfully for trusted organisations only!

    “we made a firm decision to limit access to this functionality to law enforcement, forensic and intelligence organisations and select government agencies”.

    Oh, sorry my mistake.

  9. Snark

    We don't want it to fall...

    But we will quite happily sell it!

  10. This post has been deleted by a moderator

  11. Anonymous Coward

    Am I the only one...

    ...who gets a funny feeling when he sees the phrase "Russian security outfit"?

    1. An ominous cow herd

      Probably not

      Doesn't mean it's OK to get that feeling, though.

    2. Anonymous Coward
      Anonymous Coward

      re: Am I the only one

      If you are over 50 it gives you a feeling of nostalgia for the days when things worked, personal freedom was taken for granted in the West, and we had sane opponents to deal with.

  12. uhuznaa

    Hard to get right

    A really watertight encryption of the file system is hard to do. Either you have the key on the device (which is mainly good for quick wiping and not much more) or you have an external key (like a strong password) and nobody wants to type a 64 characters alphanumeric password each time he wants to make a call.

    Many people seem to find even a 4-digit password as too inconvenient.

  13. Anonymous Coward

    Title is required but can no longer be bought from politicians

    "a plod suffering a rush of blood to the head" - so that'll be away from his brain then?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022