Incident of the Week: Free iPhone Password Breaker Released

Back in October you may remember our post on Elcomsoft, a Russian software company that came out with program to decrypt common wireless network signals.  Well, they’re back this week with a program that will "enable[ ] forensic access" to password-protected backups for Apple iPhone and iPod touch devices.  In other words, if someone obtains access to the computer you use to sync your iPhone they could also get access to "backups containing address books, call logs, SMS archives, calendars, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache."  And while the program is in beta testing, Elcomsoft is even giving the program away for free

The program apparently uses the computing power of the latest generation of video cards to perform a dictionary or "wordlist-based attack" to recover the password needed to unlock the backup files.  This means that if your password can be found in a dictionary or a hacker’s wordlist, there is a program out there that will unlock it.  With technology like this out there to decode commercially available encryption schemes, the best protection we may have is to select a sufficiently complex password to defeat wordlist based attacks (and not to use the same password for all your online activities as Twitter’s recent incident and Trusteer’s recent survey (.pdf) have suggested are rampant problems). 

Leave a Reply

Your email address will not be published. Required fields are marked *