The Apple iWork office productivity suite for the Mac has been around for ages, and was recently joined by an iOS version. iWork documents have, up until now, been seen as being pretty safe courtesy of the particular implementation of the 128-bit AES encryption Apple used to secure them. I say up until now as it appears that iWork passwords have been pretty comprehensively broken thanks to the latest in a long line of 'password recovery' applications from Russian outfit Elcomsoft.

Of course, truth be told, it has been possible to brute force these iWork document passwords before now but the problem has been one of the resources vs. reward ratio: for the most part it would take too long, or require too much effort, to crack the passwords of random documents on the off chance they contained something of value to the bad guys. That could have all changed now that Elcomsoft has released a version of its Distributed Password Recovery tool that supports the 'recovery' of iWorks passwords on both platforms and across the Numbers, Pages and Keynote applications.

Elcomsoft CTO Andy Malyshev says that as Apple iWork is sold at consumer market price points it is less likely that the average user will have a security policy that enforces a long and complex password, making the distributed attack methodology and its 500 attempts per second barrier worthwhile. What's more he states that they are "likely to re-use their passwords, with little or no variation, in various places: their instant messenger accounts, Web and email accounts, social networks and other places from which a password can be easily retrieved".

Which is why it is worrying to learn that Elcomsoft has released this product to 'recover' iWork passwords using advanced dictionary attack methodology which is capable of cracking a significant number of simple passwords in a relatively short period.

Sure, there is genuine use for such forensic recovery tools within the law enforcement industry, but as anyone with the money can invest in the software and then get relatively simple access to Microsoft Office documents, Adobe PDF, PGP disks and archives, personal security certificates and exchange keys, MD5 hashes and Oracle passwords, Windows and UNIX login and domain passwords and now Apple iWorks as well is, well, of some concern at the very least.

Votes + Comments
you always have attention grabbing titles :)
Attachments iworkscracked.jpg 33.81 KB

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

6 Years
Discussion Span
Last Post by fahimk123
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.