3

Following this topic, I have a question about how the OS and apps access data while the phone is locked. Particularly in the case of iPhone 5S running iOS 7.

  1. When the device is locked, what allows apps to access data from the flash memory? For example when receiving an incoming call, the phone app accesses your contacts and displays the appropriate information (name, picture, etc).

  2. When first booted, iOS loads notification center, lockscreen background, etc. Are these stored in the flash memory? If yes, how does the OS get permissions to access them without your passcode?

John Galt
  • 131
  • 2
  • Also note that siri can really screw up the security architecture as seen here (http://www.scmagazineuk.com/ios-71-flaw-lets-hacker-access-contacts-book/article/345889/) – Matthew Peters May 09 '14 at 13:49

1 Answers1

2

In iOS, every file and keychain item is protected using one of protection classes. Depending on the particular class used, encryption key for files and/or keychain items is computed differently, allowing (or disallowing) access while device is locked.

Available protection classes are (see "File Protection Values" in "NSFileManager Class Reference":
* NSFileProtectionNone: file can be accessed any time, even if device is locked;
* NSFileProtectionComplete: file can accessed only when device is unlocked (note there's ~10 seconds grace period after device is locked during which files are still accessible);
* NSFileProtectionCompleteUnlessOpen: file can be created while device is locked, but once closed, can only be accessed when device is unlocked;
* NSFileProtectionCompleteUntilFirstUserAuthentication: file can be accessed only if device has been unlocked at least once since boot.

Note that all classes except NSFileProtectionNone use user's passcode to derive actual file encryption key, so key is cryptographically tied to the passcode.

To answer your questions: NSFileProtectionNone is what allows iOS to access files while device is locked. This is the "weakest" protection class of all and its use is discouraged, but there are cases when its use is necessary (like the examples you provide). Yes, all the items you mention are stored in the file system like everything else, but because of NSFileProtectionNone they are encrypted with key that is not tied to the passcode and thus can be computed when device is locked.

Andrey
  • 2,236
  • 17
  • 14