storage facility for personal sensitive data ranging from photos and credentials up
to financial and medical records like credit cards and person’s diseases. Trivially,
it is critical to secure this information and only provide access to the genuine and
authenticated user. Smartphone vendors have already taken exceptional care to
protect user data by the means of various software and hardware security features
like code signing, authenticated boot chain, dedicated co-processor and integrated
cryptographic engines with hardware fused keys. Despite these obstacles, adversaries
have successfully broken through various software protections in the past, leaving
only the hardware as the last standing barrier between the attacker and user data.
In this work, we build upon existing software vulnerabilities and break through
the final barrier by performing the first publicly reported physical Side-Channel
Analysis (SCA) attack on an iPhone in order to extract the hardware-fused device-specific
User Identifier (UID) key. This key – once at hand – allows the adversary to
perform an offline brute-force attack on the user passcode employing an optimized
and scalable implementation of the Key Derivation Function (KDF) on a Graphics
Processing Unit (GPU) cluster. Once the passcode is revealed, the adversary has full
access to all user data stored on the device and possibly in the cloud.
As the software exploit enables acquisition and processing of hundreds of millions of
traces, this work further shows that an attacker being able to query arbitrary many
chosen-data encryption/decryption requests is a realistic model, even for compact
systems with advanced software protections, and emphasizes the need for assessing
resilience against SCA for a very high number of traces.