Vulnerability Analysis of iPhone 6

摘要

Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.