Iphone Keychain Faq

Only available on StudyMode
  • Download(s) : 70
  • Published : April 20, 2013
Open Document
Text Preview
iOS Keychain Weakness FAQ Further Information on iOS Password Protection Jens Heider, Rachid El Khayari Fraunhofer Institute for Secure Information Technology (SIT) December 5, 2012

Updated versions can be found at: http://sit4.me/ios-keychain-faq

Contact person: Dr. Jens Heider Fraunhofer Institute for Secure Information Technology (SIT) Rheinstraße 75, 64295 Darmstadt, Germany Email: jens.heider@sit.fraunhofer.de Phone: +49 (0) 61 51/869-233

Revision history
1.9 2012-12-05 added: Appendix A Protection Class Overview, p. 15 added iOS 6.0.1 keychain entry classification table updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 6.0.1 is affected updated: 2.19 Which devices are in danger?, p. 11 added iPad4, iPad mini and iPhone 5 to the list of currently unaffected devices 1.8 2012-07-16 added: 2.20 Is the SIM PIN affected?, p. 11 SIM PIN can be extracted updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.1.1 is affected updated: 2.19 Which devices are in danger?, p. 11 added iPad3 to the list of currently unaffected devices updated: Appendix A Protection Class Overview, p. 14 SIM PIN and Bluetooth Link Keys classification added to table updated: Appendix A Protection Class Overview, p. 14 keychain entry classifications updated for iOS 5.1.1 release 1.7 2012-05-10 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.1 is affected updated: Appendix A Protection Class Overview, p. 14 keychain entry classifications updated for iOS 5.1 release updated: Matthias Boll left the team and Rachid El Khayari entered as co-author 1.6 2012-02-27 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.0.1 is affected updated: 2.3 Are X.509 certificates also affected?, p. 6 certificates in lower class than passwords updated: 2.19 Which devices are in danger?, p. 11 added iPad2 and iPhone 4S, potentially affected via Absinthe jailbreak updated: Appendix A Protection Class Overview, p. 13 keychain entry classifications updated for iOS 5.0.1 release 1.5 2011-11-22 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5 is affected updated: 2.12 Is there a patch available?, p. 8 iOS 5 provides some fixes updated: 2.13 What are mitigation options from your experience?, p. 9 updated to reflect iOS 5 changes updated: 2.16 Some passwords are not accessible with the shown method. Doesn’t this prove the general security of the used concept?, p. 10 updated to reflect iOS 5 changes updated: 2.17 Does the presented attack still work in iOS 5?, p. 10 updated with final iOS 5 test results updated: 2.19 Which devices are in danger?, p. 11 added iPhone 4S (currently unaffected) updated: Appendix A Protection Class Overview, p. 13

Fraunhofer SIT iOS Keychain Weakness FAQ

3

keychain entry classifications of final iOS 5 release 1.4 2011-09-23 updated: 2.15 Is the iOS keychain in general insecure?, p. 9 Fixed broken reference 1.3 2011-09-13 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 (Tests of iOS firmware 5.0 beta7 indicate an improved keychain implementation; further results will be released for final version) updated: 2.12 Is there a patch available?, p. 8 updated: 2.17 Does the presented attack still work in iOS 5?, p. 10 1.2 2011-09-01 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 (iOS firmwares 4.3.4, 4.3.5, 5.0 beta2 added to affected versions, description of the protection classes) added: Appendix A Protection Class Overview, p. 13 (up-to-date tables of keychain entry classifications) added: 2.17 Does the presented attack still work in iOS 5?, p. 10 added: 2.18 What are the effects when no passcode is set?, p. 11 added: 2.19 Which devices are in danger?, p. 11 1.1 2011-05-06 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 (iOS firmware 4.3.3 added to affected versions) 1.0 2011-04-20 (First version)

4

Fraunhofer SIT...
tracking img