Thursday, 16 December 2010

Apple iOS Devices and Encryption

As I've had cause recently to spend some time looking at Apple iOS encryption, and I've picked up some information that was new to me, I thought it'd be worth putting hand to keyboard about it.

Recent iterations of Apple's iOS based devices (iPad, iPhone, iPod touch) have got a number of encryption features which can protect data on them. However some of the descriptions of the features can leave people with a false sense of security, so it's important to realise what they can and cannot do for you.

First up is Apple's "Hardware Encryption". By default all data on the user partition of an iOS device is encrypted with keys stored in hardware on the device. Apple describe this as protecting "data at rest" and also enabling their fast remote wipe capability.

One interesting thing to realise about this capability is that it is not designed to protect user data from a "lost or stolen device" scenario. In looking at my own iPad, which has the latest version of iOS installed, it was initially possible to get access to all the user information stored on it, without knowing the passcode.

Accessing this information can be done by booting an alternate operating system and then using SSH to view and copy data from the device, over the Apple connector cable (a description of the requirements and process for setting this up is available here ). So whilst this attack is relatively technical, there's really no major barrier for a technically savvy attacker, as all the information required is in the public domain.

Apple also have an additional layer of protection available to them, which is their Data Protection feature. This feature encrypts specific information on the device with a key derived from the users passcode.

There's two interesting things to note about this feature. Firstly, it requires applications to specifically support its use, and at the moment there don't appear to be many that do. From Apple's perspective, only their mail client supports it in current iOS release.

Secondly, if a device has had iOS 3.X on it and has been upgraded to iOS 4.X, then Data Protection is not enabled, until the device has had a complete operating system restore carried out on it, as described in this Apple Support Document .

Once Data Protection is enabled, e-mail data seems to be quite well protected, although it's worth pointing out that as the key is derived from the users passcode, it becomes very important to ensure that the user has a strong passcode set (ie, not just the 4 digit simple passcode option), to prevent a brute-force attack.

From having seen some of Apples technical information around Data Protection it actually seems like a good concept for mobile device protection, so once it's more widely in use, I think that it'll greatly enhance iOS devices resistance to attack in a "lost device" scenario, but at the moment it's a bit limited.

2 comments:

  1. This is great information and has prooven exceptionally useful, in conjunction with the links below, in our decision:
    whether or not we want to allow Apple devices to receive mail
    which iOS versions to support
    how exposed are we if a device is lost/stolen etc.

    Support Document on Data Protection http://support.apple.com/kb/HT4175
    Support Document on iPhone Security http://images.apple.com/iphone/business/docs/iPhone_Security.pdf
    Support Document on iPad Security http://images.apple.com/ipad/business/docs/iPad_Security.pdf

    ReplyDelete
  2. Thanks for the feedback Julius, good to know that it was useful.

    ReplyDelete