Iphone Keychain Faq
iOS Keychain Weakness FAQ Further Information on iOS Password Protection
Jens Heider, Rachid El Khayari Fraunhofer Institute for Secure Information Technology (SIT) December 5, 2012
Updated versions can be found at: http://sit4.me/ios-keychain-faq
Contact person: Dr. Jens Heider Fraunhofer Institute for Secure Information Technology (SIT) Rheinstraße 75, 64295 Darmstadt, Germany Email: jens.heider@sit.fraunhofer.de Phone: +49 (0) 61 51/869-233
Revision history
1.9 2012-12-05 added: Appendix A Protection Class Overview, p. 15 added iOS 6.0.1 keychain entry classification table updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 6.0.1 is affected updated: 2.19 Which devices are in danger?, p. 11 added iPad4, iPad mini and iPhone 5 to the list of currently unaffected devices 1.8 2012-07-16 added: 2.20 Is the SIM PIN affected?, p. 11 SIM PIN can be extracted updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.1.1 is affected updated: 2.19 Which devices are in danger?, p. 11 added iPad3 to the list of currently unaffected devices updated: Appendix A Protection Class Overview, p. 14 SIM PIN and Bluetooth Link Keys classification added to table updated: Appendix A Protection Class Overview, p. 14 keychain entry classifications updated for iOS 5.1.1 release 1.7 2012-05-10 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.1 is affected updated: Appendix A Protection Class Overview, p. 14 keychain entry classifications updated for iOS 5.1 release updated: Matthias Boll left the team and Rachid El Khayari entered as co-author 1.6 2012-02-27 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.0.1 is affected updated: 2.3 Are X.509 certificates also affected?, p. 6 certificates in lower class than passwords updated: 2.19 Which devices are in danger?, p. 11 added iPad2 and iPhone 4S, potentially affected via Absinthe jailbreak updated: Appendix A
Jens Heider, Rachid El Khayari Fraunhofer Institute for Secure Information Technology (SIT) December 5, 2012
Updated versions can be found at: http://sit4.me/ios-keychain-faq
Contact person: Dr. Jens Heider Fraunhofer Institute for Secure Information Technology (SIT) Rheinstraße 75, 64295 Darmstadt, Germany Email: jens.heider@sit.fraunhofer.de Phone: +49 (0) 61 51/869-233
Revision history
1.9 2012-12-05 added: Appendix A Protection Class Overview, p. 15 added iOS 6.0.1 keychain entry classification table updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 6.0.1 is affected updated: 2.19 Which devices are in danger?, p. 11 added iPad4, iPad mini and iPhone 5 to the list of currently unaffected devices 1.8 2012-07-16 added: 2.20 Is the SIM PIN affected?, p. 11 SIM PIN can be extracted updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.1.1 is affected updated: 2.19 Which devices are in danger?, p. 11 added iPad3 to the list of currently unaffected devices updated: Appendix A Protection Class Overview, p. 14 SIM PIN and Bluetooth Link Keys classification added to table updated: Appendix A Protection Class Overview, p. 14 keychain entry classifications updated for iOS 5.1.1 release 1.7 2012-05-10 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.1 is affected updated: Appendix A Protection Class Overview, p. 14 keychain entry classifications updated for iOS 5.1 release updated: Matthias Boll left the team and Rachid El Khayari entered as co-author 1.6 2012-02-27 updated: 2.1 Which versions of iOS are affected by the attack method?, p. 5 iOS 5.0.1 is affected updated: 2.3 Are X.509 certificates also affected?, p. 6 certificates in lower class than passwords updated: 2.19 Which devices are in danger?, p. 11 added iPad2 and iPhone 4S, potentially affected via Absinthe jailbreak updated: Appendix A