Elcomsoft employee Dmitry Sklyarov draws conclusions based on the study he and his colleague Andrey Belenko conducted about password keepers for smartphones.
Now I’m going to move on to summary and conclusions. We mentioned iOS passcode many times during this presentation, and it’s probably a really good example of how passcode, or password protection, can work if you know what you’re doing.On iOS, starting with iOS 5, your passcode is involved in protecting your secrets: it’s not just verified, it’s used to generate the so-called passcode key, and without that passcode key it’s impossible to decrypt the secrets stored within the device. Passcode derivation function is implemented using hardware AES encryption which is embedded in every iOS-based device: iPhone, iPad, iPod, and so on. And every device has its own unique key, so to calculate the passcode key from the passcode, you need to run the code on the device. You can’t scale it by using multiple devices simultaneously; you can’t use GPU because you don’t know the exact process, exact key used by the device when you go from passcode to passcode key. And speed for iPhone 4S is about 6 passwords per second, that’s not too much, and even a 6-digit passcode can’t be tested faster than in 24 hours. This is very good in comparison with all the other password keeper applications that we looked through during our presentation. Here is the final summary table (see image). There is a lot of statistical data, but the most significant is the last column. We measured the number of digits that comprise the password which could be brute-forced during 24 hours for some of the password keepers: the smaller the number, the better protection. You can see that for most items the level of protection is about 12-14. It means that you need to have at least a 14-digit password to not be crackable in 24 hours. It’s easy to convert arbitrary character, not only digits. There are 95 characters on standard English keyboard, so it’s about 100 of them. You can just divide the number in the last column by 2 and get the length of any character password that could be cracked in 24 hours. For example, for Keeper® Password & Data Vault you need to divide 14 by 2, so 7-character password could be cracked in one day using one computer, and you can use a lot of them simultaneously if you have enough resources.
iOS passcode is not vulnerable for scaling, for GPU optimization; and even without optimization it’s much better than everything else. So it’s a good idea to use passcode protection on iOS device and not invent anything else.Now, a few words to conclude on the whole research. None of the tested password keepers offers something better than is already offered by the operating system. If you are using your password keeper on a device that could be stolen, or the password database could be extracted from the device, your data is vulnerable. Paid applications are not necessarily better than free ones. In our review, the best one is a free one. And finally, a kind of wishlist for all users. Always use passcode, and for iOS devices use something more complex than a standard 4-digit passcode, because unless you have iPhone 4S that is for now not vulnerable to boot-level jailbreak, 4-digit passcode can be brute-forced in less than 2 hours (for any device prior to iPhone 4S). Don’t connect your phone to untrusted computers even to charge it: there are attacks where acquiring data via USB can be performed. Never jailbreak your iPhone on your own, because by doing so you can make it vulnerable to a wide range of attacks.
And some recommendations for developers. It’s not too easy to implement good crypto without really understanding how security works in deep detail. Most people who develop password keepers, I believe, are very good programmers, but they need to learn how to implement security and start their way from the operating system, instead of inventing something else. And finally, we want to thank our partner from a UK law enforcement agency who initially asked us to check how hard it is to crack access to SplashID databases, because they have such database in some of their cases. That was the initial punch for our research. We evaluated the applications and found many interesting things, and started going further, and now you can see the results.
Thank you for your attention!