iPhone IOS 4 FIPS 140-2 Compliance

I know I'm coming in way late on this disuccsion, but I've gotten a much better understand of iOS encryption lately.

For all intents and purposes, data ont he device is not encrypted unless the applciation support Apple Data protection. See http://www.enterpriseios.com/wiki/List_Apps_Support_Apple_Data_Protection for a list of such apps.

Tehnically all data is encrypted, but when you turn the device on, even if locked, the data is available and can be access via various Mac, Windows, and Linux programs.

If an app uses Apple Data Protection then the data in that app are encrytped using the device password (whcih needs to be strong), and as such are encrypted even if the device is on.

I've testd this and so far, what I say above is true. it was easy to test using Good Reader, which support Apple Data Protection.

So, if a bad guy steels the iOS device, takes it apart, then tryies to reuse the memory chips, the data on those chips are encrypted and youa re safe. If they plugs it into a linux box with Fuse and the right extensions, then he's got your data. If the Apps use Apple Data Protection and you have a policy to wipe the device after X failed attempts (to prevent a brute force attack), then only that data would be safe.

From my Apple guy:

If you want to know more about hardware encryption vs data or file encryption, I would recommend reading this white paper about iOS Security: http://www.apple.com/ipad/business/docs/iOS_Security.pdf

I just stumbled on to DiskAid and found that all of my GoodReader documents were not encrypted and could be accessed and opened. I have Data Protection turned on in the app, the app has a password as well as the phone itself. Am I missing something? This was way too easy to get my files!

The app password for good reader is just a hurdle. In order for Apple Data Protection to work, you have to turn on a passcode for your device (in the main Settings, not in Good Reader).

• Quit Diskaid.
• Turn on a passcode for the device
• Open Good Reader. Turn off and on Data Protection
• Turn off the device
• Turn on the device, but do not enter your passcode (leave the device at the lock screen)

Not open diskaid and you will find that you can see the files in GoodReader, but you cannot copy them to the Mac.

This effectively protects your files in GoodReader, Mail, and a few other programs. Unfortunately wehave found that for devices than can be jailbroken (everything except a 4s and an iPad2), the device passcode (and any other password you had Safari remember) is easily hacked.

Still, for now and if you have a 4s or an iPad2, Apple Data Protection will protect your files. As soon as "they" create a jailbreak, however, then we're back to squareone.

If you really care about data protection, I would suggest using a program that doesn't rely on Apple Data Protection. Find a program that does it's own encryption.

Yes, I think when I tested this last night I had attached my iPhone unlocked before opening DiskAid. I have since found what you mentioned, that the files are there but can't be opened or copied. I wish apps like Filemaker would add this capability.

When you mention the device passcode being easy to break, does this include something like a 7 character/digit passcode?

As for Safari passwords I haven't entered anything in that app for a long time now since I rely on 1Password for all my "secret words". I haven't heard of that being hackable (yet).

once the iOS device is jailbroken, a person with physical access can open the internal keychain. That gives them access to all the passwords.

Since the iPad2 and 4s cannot be jailbroken (yet), they are currently secure.

If you are going to use a device passcode and you are worried about protecting your data if the device is stolen, make sure to set the "Wipe after x passcode failures" feature. For the snatch and grab thief, this will wipe the device after 10 passcode failures (or whatever you set). If the thief is just reselling the device, then oh well, at least your data is safe. If it's an advesary, they'll eventually get to your data unless it's stored in an independantly encrypted app sandbox like Good Technology.

OK, I understand getting into the internal keychain for certain passwords such as Safari-saved. But cracking the internal keychain doesn't give them access to the device password right? And are app passwords included in the internal keychain?

From what I understand, yes, they will get the device passcode. At a minimum they will get the hashed password that they can crask on a seperate computer.

As for apps, that all depends on how the app stores their passwords. Some might store them in the keychain and some might store them hashes in their own sandbox.

Doing a little searching I found this: http://goo.gl/nkyt1

Scary what you can get online.