iOS Security and Data Recovery
Posted on: October 3, 2016 in Cellphones, Security
I am often asked to do data recovery on numerous types of devices; laptops, desktops, cellphones, tablets, etc, but iOS has some serious security when it comes to trying to recover data that has been erased by the system. iOS protects data by integrating encryption into the hardware and firmware of its devices. Any knowledgeable technician will tell you that it is nearly impossible to break the encryption to recover data that has been erased by entering in the wrong passcode too many times or by restoring the phone back to factory settings. This is why it is always important to back up all of your data on your devices.
How Apple Implements Encryption
Apple has a dedicated encryption engine in every iOS device. This encryption engine uses Advanced Encryption Standard (AES) 256-bit crypto engine and sits between the flash storage and primary system memory. There is also a SHA-1 cryptographic hash function that is implemented in the hardware to reduce overhead for cryptographic operations. This allows for encryption and decryption to happen quickly and efficiently.
Each iOS device also has its own unique identifier (UID) built into the application processor. The UID is an AES 256-bit key, is specific to each device, and it is not stored anywhere else in the device. No software or firmware can read the key directly, they can only see the results of the encryption or decryption. Since the key is burnt directly into the silicon, it cannot be bypassed or tampered with. Since only the cryptographic engine can access it, data is cryptographically tied to the device.
While this type of encryption offers little protection while the data is still on the device, its real strength is in its ability to facilitate a fast, secure wipe of the system. Once the system is wiped, there is little anyone can do to recover your data without access to a backup.
What Is AES-256 And Why Is It So Good?
Advanced Encryption Standard Algorithm is a data-scrambling system published in 1998. It was later adopted by the US government as a standard in 2001. There has been more than a decade of exhaustive analysis concluding that AES is unbreakable. The algorithm is so strong that no computer, even a quantum computer, would be able to crack a truly random 256-bit AES key anytime into the foreseeable future. The AES algorithm is approved for storing top secret data for the National Security Agency (NSA).
iOS device’s use of AES encryption, paired with their PIN system that will wipe the phone after 10 incorrect attempts, makes it virtually impossible to crack. Anyone attempting to bypass the encryption to recover data is left with few options besides trying to brute force the AES key (trying every combination until one is found). Even though the key is stored in deep memory, it requires a PIN to access. A standard 4 digit PIN has 10,000 combinations and would take up to 5 days to crack. While 5 days is not a lot of time, if the PIN protection is enabled, after 10 attempts the data on the device is permanently erased.
As you can see, it is very important to always create and maintain backups of your data. There will be technicians out there that will claim to be able to recover your securely erased data on iOS devices, but unless there is a backup in iCloud or on a computer, your data is NOT recoverable. Most places will give you false hope for recovering your precious files just to get you into their shop, but any honest, experienced technician will tell you that your files are lost and help you devise a plan for protecting your data in the future.