Saturday, March 19, 2011 [Tweets] [Favorites]

Make Sure Your iOS Device Is Really Encrypted

Rich Mogull notes that in the (I would think, common) case of an iOS 3 device updated to iOS 4, your device isn’t actually encrypted unless you disable the passcode, back up, restore, and then re-enable the passcode. However, a standard four-digit passcode is probably easy to brute-force, so this may be a distinction without much difference.

4 Comments

Of course, you can always use a full passphrase, which is more secure. Then you have to balance to annoyance of punching it in every time you want to use your phone.

First, any 3Gs or later device is ALWAYS encrypted.

The issue above is about data protection, which is enabled for mail (and mail attachments) on all new devices. For upgraded devices you do have to do a restore.

Your comment on a 4-digit passcode being easy to brute force isn't really true: If you set the iOS device to do a local wipe on 10 missed passcodes, I guess the odds are 1:1000 they'll get it ;-)

As far as actually cracking it if they succeed in jailbreaking the passcode, there's a lot more to it than that. The PIN is combined with some other stuff in the encryption to make it way harder than just guessing a 4-digit PIN. A brute force attack of data protection is not simple at all, even with a 4-digit PIN.

@John Smith Are you saying that a 3GS is always encrypted, even if it doesn’t say “Data protection is enabled”? That squares with what I’ve read about the hardware encryption, but Mogull’s article seems to imply otherwise.

I’m assuming that there’s a way to brute-force it without physically tapping the numbers into the screen. The contents of the memory could be read directly, and that would bypass the auto-erase.

Geek.com reports on ElcomSoft’s claims of being able to brute-force the passcode (via Hacker News).

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment