Fraunhofer iOS Keychain Security Study:
From what I can tell, there are two levels of encryption that iOS keychain uses. At the first level, the lock screen lock code is used as the encryption key. The second level uses a key generated and stored on the device.
Fraunhofer researchers have figured out how to get around the second level. This is the βsimplerβ level to get around, as the encryption key is stored on the device. So, on iOS4, their method only works with keychain entries that DO NOT use kSecAttrAccessibleWhenUnlocked or kSecAttrAccessibleWhenUnlockedThisDeviceOnly, because these entries are stored in memory with first level decryption - even when the phone is locked.
- Starting with iOS 4, keys with kSecAttrAccessibleWhenUnlocked and kSecAttrAccessibleWhenUnlockedThisDeviceOnly are protected by an additional level of encryption
- In iOS 3.x and earlier, all keys can be decrypted using the Fraunhofer method, regardless of the accessibility attribute used.
- Devices without any passwords will still be vulnerable
- Devices with weak passwords (less than six digits) will still be vulnerable
β50 ms per password try; β β20 attempts per second; β β1.7 years for a 50% change in guessing the correct access code for a 6-digit alphanumeric code with a base of 36. A standard simple code of 4 digital digits to be rude-forced in less than 9 minutes. Based on the assumption that the counter for incorrect attempts in iOS can be bypassed, since this is not hardware
Apple Inc. WWDC 2010, Core OS, Session 209, Application Data Protection, Slide 24
Bottom line: If you need to store sensitive data, it's best to use your own encryption. And do not store the key on the device.
Edit: There are many articles that cite Fraunhofer research and assure that their readers are not worried if their devices are not stolen, because this attack can only be performed with physical access to the device.
I somehow doubt it. The fact that the researchers did their tests with physical access to the phone seems to be just a way to simplify the problem, rather than limit it. This is their description of what they did to decrypt the keychain entries:
After using the jailbreaking tool to access the shell, we run a small script to access and decrypt the passwords found in Keychain. Decryption is performed using the provided functions by the operating system itself.
Like anyone who used jailbreak.me, jailbreaking does not require access to a physical device. Theoretically, it should be trivial to modify the jailbreak.me code and automate its following:
- Jailbreak as usual (all this requires the user to open a malicious PDF file).
- Run Fraunhofer scripts after jailbreak
- Send passwords over the network to a location that an attacker can read from
So, be careful what you put in the keychain.