Russia's Elcomsoft dissects the iPhone's encryption system

The knowledge gained from its research has been incorporated in to the company's Phone Password Breaker, allowing `investigators' access to encrypted information stored in iPhones and other iOS-driven devices.

According to the firm, whilst iPhone backups store a lot of information about the usage of the handset, they do not include everything.

This is where the iTunes data backups coming into play, as Elcomsoft says that - from a forensic perspective - "dumping the contents of the physical device is the only proper way to handle an investigation."

"This time around it's not about iPhone backups", said Vladimir Katalov, Elcomsoft's CEO. "Backups created with iTunes software already contain a lot of data, but not quite everything that’s being stored or cached in iPhone devices."

"In contrast, we were able to break into the heart of iPhone data encryption, providing our customers with full access to all information stored in iPhone devices running iOS 4", he added.

Because of its findings - which appear to marry the data retrievable from the iPhone and the data stored within the iTunes backup - Elcomsoft says that it has taken the decision to limit access to its complete analysis technology to law enforcement, forensic and intelligence organisations, as well as selected government agencies.

And here's where it gets interesting, as the Russian password recovery firm says that, using 256-bit AES, it was thought that even the security agencies could not extract the data from a iPhone.

"If, however, those keys are extracted from the device, it becomes possible to make forensic analysis of the iPhone device", says the firm.

This appears to imply that the encryption keys are either stored on the iPhone or its iTunes-based data - with both of these to hand, it seems that the iPhone may not be as secure as many professionals first thought, Infosecurity notes.

So has Elcomsoft truly cracked the iPhone's encryption?

This appears to be the case, but only where the investigator has access to the iPhone and its iTunes-based backup data, something that the Ubergizmo newswire appears to have picked up on.

"Apple did include a chip for hardware-based encryption on the 3GS, while iOS 4 saw 256-bit encryption thrown into the mix", says the newswire.

"The Russian forensic experts mentioned managed to circumvent both the on-device data protection and the backup file encryption", it adds.

Apple is unlikely to be pleased with this turn of events, especially when many sources predict that the iPhone 4S will be launched on June 7, and Apple stores are reported to have called staff in for special briefings this coming weekend.

What’s hot on Infosecurity Magazine?