ElcomSoft have succeeded in decrypting the iPhone’s encrypted file system under iOS 4 and are making it available exclusively to law enforcement, forensic and intelligence agencies.
This is a major feat as since the launch of the iPhone 3GS, Apple have included hardware encryption in all of its devices (including the iPhone 4 and iPad). iOS 4 enabled this hardware-based encryption to encrypt all user data stored using AES-256. This encryption was thought to be strong enough to resist even the best equipped adversaries, including forensic analysts and law enforcement agencies.
ElcomSoft have found a way to decrypt bit-to-bit images of iOS 4 devices. Decrypted images are perfectly usable, and can be analyzed with forensic tools. But decryption is only possible with the actual device available because the decryption relies on getting the keys that are stored on it.
What is interesting (and worrying) is what ElcomSoft found stored inside the iPhone. According to them “iPhone devices store or cache humungous amounts of information about how, when, and where the device has been used. The amount of sensitive information collected and stored in Apple smartphones is beyond what had previously been imaginable. Pictures, emails and text messages included deleted ones, calls placed and received are just a few things to mention. A comprehensive history of user’s locations complete with geographic coordinates and timestamps. Google maps and routes ever accessed. Web browsing history and browser cache, screen shots of applications being used, usernames, Web site passwords and the password to iPhone backups made with iTunes software, and just about everything typed on the iPhone is being cached by the device.”