Another attack on the iOS security has been published today and there are two recurring themes to the attacks I described in previous posts, namely: weaknesses with the Keychain and iOS encryption implementation.
But this time they have been used differently and seem to provide an attacker access to any passwords stored on an iOS device, even if it is passcode protected.
One main difference in this attack, is that the attacker would only requires the iOS devices and nothing else (as opposed to the relevant synced PC with previous attacks).
It also seems to prove Zdiarski’s concerns over the iOS encryption controls to be true.
The attack used some jailbreaking techniques to access the iOS device boot/ram, bypassing the passcode and using the OS to run a script to access the local keychain and all the passwords it may contain (email, VPN, web apps, etc)
It seems that the encrypted data is not linked to the user passcode, which means that if someone can bypass the passcode, even if the data is in theory still encrypted, the attacker uses the iOS device itself to decrypt the data for him!
When I said it was “bad, but not that bad”. Now, it may be THAT bad! ;)
All the details, video and whitepaper, are available here: