14 DAY TRIAL // Russian computer forensics software vendor ElcomSoft is selling a toolkit capable of retrieving data from encrypted iPhones, iPads and iPods running iOS 4.x.
The toolkit contains several tools that can decrypt the image of a device, extract the encrypted file system, retrieve the encryption keys and break the user's passcode.
The product is available under a special license agreement and can only be purchased by select government and law enforcement agencies or forensics firms.
ElcomSoft already has a product for decrypting iDevice backups created with iTunes, but since the toolkit works directly with the raw file system, it is capable of accessing much more information.
This includes login credentials stored on the device, email messages, as well as deleted SMS and mail files.
"Huge amounts of highly sensitive information stored in users’ smartphones can be accessed. Historical geolocation data, viewed Google maps and routes, Web browsing history and call logs, pictures, email and SMS messages, including deleted ones, usernames, passwords, and nearly everything typed on the iPhone is being cached by the device and can be accessed with the new toolkit," the vendor claims.
The toolkit does not rely on brute force password recovery, but instead extracts the encryption keys directly from the device. This allows the information to be accessed in real-time.
Recovering user passcodes via dictionary attacks is also possible, especially for short ones, or if the investigator has access to a computer synced with the device.
Users don't have anything to worry about unless they have information they don't want the authorities to find if their devices are ever seized, in which case it's probably not a good idea to store it on an iPhone or iPad in the first place. Using a long and complex passcode is highly recommended and will make data recovery much more difficult or possibly unfeasible.