Russian company releases commercial iOS decryption toolset - Ars Technica

The first commercially available set of tools for cracking the encryption and passwords on iOS devices has been made available by Russian security company ElcomSoft. One part of their software is a password breaker, while another part, available only to law enforcement and forensic agencies, is able to extract numbers used to create the encryption keys for iOS data to render decrypted images of the device.

The decryption tool requires access to the device in question, but once it's in hand, a few different kinds of keys need can be scraped from it, including the unique device key (UID) and escrow keys calculated using the UID and escrow pairing records. If the device is only protected by a 4-digit passcode, the program then only needs to brute-force its way through that to get access to all of the decryptable information.

iOS was never much of a security fortress (as we've noted numerous times) and even this new tool uses a variation of a previously discovered method. Charlie Miller, of Pwn2Own fame and a principal research consultant with Accuvant, even pointed out to Ars that the Fraunhofer Institute for Secure Information Technology detailed a very similar method in a research paper they put out in February. However, their tools are not for sale.

If your phone or tablet regularly comes under scrutiny of the law, Miller adds that this commercially available toolset is fairly simple to route by using a long, complex password rather than a 4-digit code to protect your data. The ElcomSoft method comes with a password breaker, but much of its efficiency is derived from defining limits on the possible guesses, such as variations on a certain word.

While "beating it out of you" will remain the superior method of password obtainment for the average law enforcer, the password breaker could still come in handy for when you can't remember which characters in your leetspeak password were numbers, and which were letters.

Russian Security Firm Breaks iOS Encryption - Kelly Hodgkins

You know that iPhone you are holding. The one with the password and encryption. I hate to tell you, but it's been cracked.

Russian security firm Elcomsoft is behind this crack and the team over there is smart. They took a brute-force password cracker and bundled it with a decryption tool that uses established methods to crack iOS devices. The firm is now selling the toolset commercially to individuals, governments and law enforcement.

If a thief gets a hold of your iPad or encrypted iTunes backup, don't worry about it spilling all your secrets. Elcomsoft will only sell the decryption tool to official agencies like law enforcement and the system needs both your backup and the iOS device to get any sensitive information.

Yeah, the password cracker may be available to anyone with a credit card, but a thief would have to be pretty hard-core to wait for a brute-force attack to guess the right combination. That's assuming you didn't take the easy was out by using a simple passcode like 1-2-3-4. [Ars Technica]

CAIR: Realistic homeland security drills are raaaaaacist - From Michelle Malkin

CAIR is beside itself over homeland security drills in Minneapolis that used actors playing jihadists who — Allah forbid! — looked like actual jihadists.

The Star Tribune reports:

A national Muslim civil rights group is asking the head of Homeland Security to investigate the use of stereotypes after a man who appeared to be of Middle East descent was used in a recent security drill at the Minneapolis-St. Paul International Airport.

The Council on American-Islamic Relations (CAIR) on Monday renewed a request that Secretary of Homeland Security Janet Napolitano review “the use of outside trainers who offer hostile, stereotypical and grossly inaccurate information about Muslims and Islam.”

The organization has previously asked the Obama administration, the Department of Defense and Congress to provide oversight for apparent “widespread anti-Muslim bias in the training of law enforcement and security and military personnel nationwide.”

According to information released Monday by MSP airport police, the May 12 security test included a device in a shaving kit made to look like a bomb. It was a cylinder with wires connected to a wrist watch. The device was brought to a passenger security checkpoint, according to airport Police Sgt. Mark Ledbetter, one of the responding officers.

“Upon arriving [at the checkpoint],” Ledbetter wrote in his report, “TSA [Transportation Security Administration] screeners were out with a male who appeared to be Middle Eastern in descent or Indian/Pakistani.”

Yes, in the interest of social justice and pandering to Islamophobia-phobia, there must be a higher proportion of homeland security drill actors who look like Brooklyn Decker and fewer who look like Mohamed O. Muhamud and his ilk.

Flashback:

The “broad strata” of 9/11 jihadists.

Photoshop: David Lunde

Flashback: This is what CAIR wants…

The caption at Flickr (hat tip – reader KH):

From the photograher, Dean Shaddock:

This was captured as I collected my things from airport security (Detroit Metro Concourse A). I think of it as something like a Rorschach test. Is an elderly Catholic nun being frisked by a Muslim security agent the celebration of blind justice? Or is it simply an admission of absurdity?