iPhone encryption? Not really

iPhone 3GS data folder

Sean Richmond from our Sydney, Australia office sent me a note yesterday asking if I had been following a thread on the Full Disclosure mailing list.

The author of the message noted that when he plugged in his iPhone 3GS to a Ubuntu 10.4 (Lucid Lynx) workstation he was able to access some of the data without authenticating to the phone or OS.

I must admit my focus on Apple security waxes and wanes, so I did some research into the topic. I booted the live CD version of the latest Ubuntu on my test workstation and performed the steps described in the post. I got an identical result which I have to admit was a great surprise.

Not that I don’t trust Apple, but they have been talking about how the iPhone is enterprise ready and secure ever since the launch of the 3GS.

On initial examination all that is required to access the “user content” areas of a fully encrypted iPhone is Ubuntu. No passcode required. Since we do encryption here at Sophos I was a bit startled by this as any proper encryption should have the keys protected by some sort of passphrase that is required in order to access the protected volume.

iPhone 3GS Photos

Many have pointed out that the most sensitive information is still unavailable like SMS history, email, address books, etc. After seeing the phone boot without the passcode though, I thought there may be more of a story to this.

If you use full disk encryption on your computer you will notice that it cannot boot until you have provided the passphrase.This is because the key that encrypts the volume is protected by your passphrase. If you turn on an iPhone it boots all the way up and allows access from USB.

If the device boots, it must be able to access the encryption key without a passphrase. In turn this means it is as good as unencrypted as soon as it is turned on.

I started digging some more and noticed some research done by Jonathan Zdziarski in July 2009. Jonathan shows how you can boot an altered kernel from RAM disk and gain access to the device.

He also has another video where he recovers all the data from a protected iPhone, all without altering the device in any way. He can recover all of your “keystrokes”, email, phone calls, voicemails, deleted messages and voicemail. Everything on the device is available without the passphrase.

Encryption is not difficult to do, but the way you choose to implement it is. As demonstrated by Apple’s implementation, a state of the art AES-256 encrypted device has no protection if keys are not handled appropriately.

At Sophos we strive to provide excellent security in the simplest manner possible. Like Apple we know users care about their security, but do not want it to get in the way. To implement security simply, but effectively is very difficult. Unfortunately for businesses or consumers who think their iPhones are secure, they are incorrect.

The good news is that it would appear Apple is taking more of a FileVault encryption approach for sensitive data in their new iPhone v4 software. On Apple’s site for “iPhone in Business”, they now have a statement implying they have changed their implementation to be more secure:

Data Protection
Security enhancements in iPhone OS 4 protect email messages and attachments stored on iPhone 3GS by using the device passcode as an encryption key. New data protection APIs can be used for custom and commercial apps so that business-critical information is protected even if a device is compromised.

It’s good to see Apple taking this problem on, and providing APIs for third party developers to secure their stored data as well. In the mean time if you have a 3GS or use an iPhone that contains sensitive information, be sure to not let it out of your sight.