Russian password cracking software vendor ElcomSoft has recently released a tool which purportedly recovers the passwords stored on the latest iPhone’s without having to modify any data on the phone at all. The “iPhone Password Breaker” software works by recovering the password used to encrypt the keychain which the device uses to store the passwords for email accounts, websites, and software on the phone.
The software, which is aimed at Forensic Investigators, extracts the password from the keychain once it has been backed up to a computer. ElcomSoft has a variety of similar software that works with other file formats and platforms, such as ZIP and RAR file password crackers, Excel and Word, and a number of others. In the words of ElcomSoft:
ElcomSoft is world’s first to unlock access to iPhone keychains. Prior to the release of the updated iPhone Password Breaker, the keychains were considered impossible to obtain. The ability to recover stored passwords without altering the phone’s content offers valuable court evidence to investigators and forensic authorities.
On previous versions of the iPhones, the keychains remained encrypted with a hardware-specific device key which was unique to each iPhone, even when exported to an external backup, however, since the release of iOS 4, this is no longer necessarily the case, as they can now be stored in backups that are encrypted only with the backup’s master password. If this password is known, it is possible to gain access to these encrypted keychains. If an unencrypted backup is made, though, the keychains are still protected with the phones hardware key, and therefore, to gain access to the keychains, a password-protected backup must first be made (seems counter-intuitive doesn’t it?).
The ElcomSoft iPhone Password Breaker also employs GPU Password Cracking technology to significantly increase the speed of recovery. A trial can be obtained at http://iphone.elcomsoft.com