ElcomSoft to sell iPhone decryption toolkit

The Russian company says it has a way to decrypt iPhone file system dumps and thus let law enforcement agencies get forensic access to the smartphone.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
3 min read

A Russian computer forensics company, ElcomSoft, says it has developed a toolkit that can help law enforcement agencies quickly access encrypted file systems on Apple's iPhone.

ElcomSoft's toolkit is an important development as smartphone security and privacy have become a hot-button issue.

Last month, researchers discovered that the iPhone was tracking users' locations as they moved from place to place. The information was stored in an unencrypted file on the iPhone, as well as in iTunes backups. After privacy advocates complained that the iPhone was tracking user movements, Apple responded saying that it had no desire to track users, and the issue was simply a bug.

"Apple is not tracking the location of your iPhone," the company wrote on an FAQ page last month. "Apple has never done so and has no plans to ever do so." Earlier this month, Apple released iOS 4.3.3 to remove the location-tracking feature.

Other smartphones, including those running the Windows Phone 7 and Android operating systems, also track a certain amount of location data.

Apple's fix could be a setback to law enforcement agencies, which for months have been using iPhone and iPad geolocation data in criminal investigations.

Enter ElcomSoft.

"This time around it's not about iPhone backups," ElcomSoft CEO Vladimir Katalov said in a statement. "Backups created with iTunes software already contain a lot of data, but not quite everything that's being stored or cached in iPhone devices. In contrast, we were able to break into the heart of iPhone data encryption, providing our customers with full access to all information stored in iPhone devices running iOS 4."

Gaining access to that data was no simple task. With the release of iOS 4 last year, Apple unveiled a new security feature for its mobile devices called Data Protection. That offering delivered hardware-based, AES-256 encryption on the iPhone 3GS, iPhone 4, iPads, and last-generation iPod Touch, effectively keeping the device's data, including SMS messages, e-mail, passwords, and other content, safe from malicious hackers.

ElcomSoft said yesterday that the devices also feature data wipe keys in addition to "hardware-dependent encryption keys." So, the company said, "if a data wipe key is lost or destroyed, all data stored in the iPhone is rendered inaccessible, and essentially useless."

In order to address that issue, ElcomSoft created its toolkit to "extract all relevant encryption keys" from devices running iOS 4 and then used those keys to decrypt iPhone file system dumps, allowing the researchers access to all the previously protected information stored on the device. Moreover, the company said, access to that content is possible even if the Apple product is protected by a password.

Considering ElcomSoft's toolkit can provide users with practically all the information stored on the iPhone, the company is being cautious with its commercial plans. After acknowledging that its tool "opens access to too much information of a highly sensitive nature," the company said that it will sell its solution only to "law enforcement, intelligence, and forensic organizations." It will also make it available to "select" government agencies.

ElcomSoft did not reveal pricing.