Menu
I have a quick question:
I downloaded an iOS application that uses the NSFileProtectionComplete class to protect a sqlite file that contains sensitive information.
According to the iOS security documentation (http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf), when a device (iPhone/iPad) is paired with the laptop, the laptop obtains the escrow keybag from the mobile device . The keybag contains all the class keys necessary to decrypt information on the device.
However, I noticed that when I pair the device with the laptop and use iExplorer to browse the file system, the sqlite file is only available when the device is unlocked. When the phone is locked (still paired) the file is not readable. Files which are not using NSFileProtectionComplete can be viewed while the device is locked.
If the escrow keybag contains all the class keys to decrypt information, why do I have to unlock the device to access it through iExplorer?
I'm using iOS 6.0 on an iPad3 and used the ios-dataprotection tool (https://github.com/ciso/ios-dataprotection) to determine the data protection class used by the files.
iOS Application: AccountVault
File: PointMinder.sqlite
Any help will be appreciated.
Thanks.
617
Apple uses your personal data only when we have a valid legal basis to do so. Depending on the circumstance, Apple may rely on your consent or the fact that the processing is necessary to fulfill a contract with you, protect your vital interests or those of other persons, or to comply with law.
With Data Protection, a device can respond to common events such as incoming phone calls while at the same time providing a high level of encryption for user data. Certain system apps (such as Messages, Mail, Calendar, Contacts, Photos) and Health data values use Data Protection by default.
iPhone is designed to protect your data and your privacy. Built-in security features help prevent anyone but you from accessing the data on your iPhone and in iCloud.
Yes. Apple's iPhone, iPod touch, and iPad smart devices all support basic built-in encryption while a passcode is enabled. Macs also support their own form of data encryption. The encryption on Apple's iOS and iPadOS devices, such as the iPhone, iPod touch, and iPad, is called Data Protection.
From documentation file you've linked:
Complete Protection (NSFileProtectionComplete): The class key is protected with a key derived from the user passcode and the device UID. Shortly after the user locks a device (10 seconds, if the Require Password setting is Immediately), the decrypted class key is discarded, rendering all data in this class inaccessible until the user enters the passcode again.
So device should be unlocked if you want to access that files. That is how Apple made it.
Edit: Found in "Hacking and Securing iOS Applications":
Protection class keys are master encryption keys used to unlock files based on their access policy. Protection classes are the encryption mechanism used to enforce the access policies of files.
Some files are so important that the operating system should be able to decrypt them only when the device’s user interface is unlocked. These files’ encryption keys are wrapped with a class key that is available only after the user has entered his passcode. When the device locks again, the key is wiped from memory, making the files unavailable again.
Protection class master keys are stored in an escrow known as a keybag. The keybag contains the encrypted protection class master keys, as well as other keys to system files on the device. The system keybag is encrypted using another encryption key named BAGI, which is also stored in the effaceable storage of the NAND. Whenever the user authenticates to meet a specific security protection policy, the encrypted keys in the keybag can be decrypted.
So keys for that files are transferred, but are encrypted. When you enter your passcode, OS decrypt that key and it can then be used to decrypt files protected with it.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
