Friday, September 19, 2014

iOS 8 Encrypts More Data With Passcode

Apple:

On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

Chris Welch:

But has everything changed with iOS 8? This document on iOS 8 security measures suggests that’s the case, showing that Apple has extended deep encryption protections to more of its own apps. “Key system apps, such as Messages, Mail, Calendar, Contacts, and Photos use Data Protection by default, and third-party apps installed on iOS 7 or later receive this protection automatically,” it reads.

Jonathan Zdziarski:

It’s important to take a minute, however, to note that this does not mean that the police can’t get to your data. What Apple has done here is create for themselves plausible deniability in what they will do for law enforcement. If we take this statement at face value, what has likely happened in iOS 8 is that photos, messages, and other sensitive data, which was previously only encrypted with hardware-based keys, is now being encrypted with keys derived from a PIN or passcode. No doubt this does improve security for everyone, by marrying encryption to the PIN (something they ought to have been doing all along). While it’s technically possible to brute force a PIN code, that doesn’t mean it’s technically feasible, and thus lets Apple off the hook in terms of legal obligation. Add a complex passcode into the mix, and it gets even uglier, having to choose any of a number of dictionary style attacks to get into your encrypted data. By redesigning the file system in this fashion (if this is the case), Apple has afforded themselves the ability to say, “the phone’s data is encrypted with a PIN or passphrase, and so we’re not legally required to hack it for you guys, so go pound sand”. I am quite impressed, Mr. Cook! That took courage… but it does not mean that your data is beyond law enforcement’s reach.

For example, if they have access to your Mac:

While your photos and messages might indeed now be encrypted with a key derived from your PIN, the pairing records stored on your desktop have a “backup copy” of your keybag keys (the escrow bag), which can be used to unlock the encryption on your phone – without a PIN. Again, this was added so that iTunes could talk to your phone while it is still locked.

[…]

Fortunately, there are some precautions you can take to ensure your privacy. One small trick is to shut down your iPhone whenever you go through airport security or customs. Why? Because Apple has included a kill switch that prevents your pairing records from being able to unlock your iPhone if it’s been shut down. The pairing record vulnerability only works if you’ve used your phone since it was last rebooted. Secondly, make sure you’re using strong encryption on your desktop / laptops, and make sure your computers are all shut down when not in use… especially when going through airport security. There are a number of forensics tools capable of dumping the memory (and therefore, encryption keys) of your encrypted disk if you’ve left your computer asleep or in hibernate mode. Shut it down.

Comments RSS · Twitter

Leave a Comment