Educause Security Discussion mailing list archives
Re: ipads/iphones and full disk encryption
From: Tim Doty <tdoty () MST EDU>
Date: Wed, 12 Oct 2011 11:02:18 -0500
On Wed, 2011-10-12 at 14:44 +0000, Youngquist, Jason R. wrote:
As many of you know, ipads/iphones and other devices are being introduced into the corporate and educational institution environment. Currently we require all institutional owned laptops to be encrypted using full disk encryption. The Apple ipad/iphone supposedly has “full disk encryption” but I’ve done a bit of googling and it appears that the encryption is really all that it is cracked up to be (see reference URLs below). So, I’m wondering how other organizations are addressing this threat – specifically since a number of high-level folks seem to be carrying ipads with them these days with potentially sensitive information on them. I would appreciate any thoughts on this issue.
It is popular to take pokes at Apple's encryption, but with iOS4 (at least on iPhones and I believe iPad2) the encryption is approximately as strong as the password that is set. If there is no password/passcode -- then it provides the same protection as having a PKI private key that is not password protected; in other words, none. If there is a password/passcode set then it is approximately as good as the password. The typical 4 digit PIN is trivially defeated in a brute force. Another issue is you mention "full disk encryption". No iOS device has full disk encryption, and I doubt comparable devices (e.g., running android) do either. If you've read Zdiarski's work then you should know that there are two partitions, one encrypted and one not. (Ah, you only linked to blurb blog posts, not the actual information as to implementation weakness so you may not be aware of the distinction.) Another point to consider is where the device is synced and how it is synced. Apple gets blasted for the default backups not being encrypted -- but they also are stripped of the keys. So if someone has changed to encrypted backups then that can be attacked to retrieve recovery keys. A real issue with iOS security (and with any mobile device) is that users *want* to have ready and unimpeded access. How many people secure their iOS device with a reasonable strength password? (Mine is >10 characters, upper/lower/number/symbol). A common user defense against strong password practice is that "it is always in my possession and I'd no immediately if it was gone." Another factor is that people *want* some things to not be stored securely. For example, if you want your mobile device to join "secure" networks silently as you come and go and download email, etc. whether or not it is unlocked -- that information must be available when the device is locked. Once you understand this the making the encryption of keychain items optional per entry starts to make sense -- but it is something that, from a security perspective, you need to be aware of. Apple is good at making devices that people want to use. If they had created a more secure device (e.g., encryption of keychain items mandatory with a secure implementation of the encryption) then it would be less usable and people wouldn't want to use it as much. Finally, I think it is a mistake to focus on Apple here. Android makes effectively the same compromises with respect to security for all of the same reasons. I also think it is a mistake to focus on smart phones and tablets when people are using laptops that have similar security issues. Instead, the issue should be more of mobile devices used to store or process sensitive information and how to best accommodate that. Full disk encryption is a hindrance to someone performing "dead" forensic analysis on the device, but generally meaningless in common theft (left logged on in a hotel lobby) or credential theft (public wireless) scenarios. Basically, what is being protected and from what attacks. Tim Doty
Current thread:
- ipads/iphones and full disk encryption Youngquist, Jason R. (Oct 12)
- Re: ipads/iphones and full disk encryption David Seidl (Oct 12)
- Re: ipads/iphones and full disk encryption Tim Doty (Oct 12)
- Re: ipads/iphones and full disk encryption Gary Flynn (Oct 12)
- Re: ipads/iphones and full disk encryption Tim Doty (Oct 12)
- Re: ipads/iphones and full disk encryption Gary Flynn (Oct 12)