Home > iphonehacks > iPhone Exploit Allows Access To Data Even With Passcode Protection

iPhone Exploit Allows Access To Data Even With Passcode Protection

May 29th, 2010 05:44 admin Leave a comment Go to comments

Serious security loophole discovered on iPhone 3GS

Bernd Marienfeldt, a London based IT security expert has recently published a report that reveals a serious security loophole in the iPhone.

According to him, the vulnerability can enable hackers to access data of an iPhone even if it is secured with the latest iPhone OS update and locked with a passcode. This is possible by merely connecting an iPhone to a computer running the latest Ubuntu Lucid Lynx OS. 

Elaborating on the kinds of data that can be accessible via this simple hack, Marienfeldt writes:

"This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it."

Marienfeldt explains that the problem in this case lies with the failure of the iPhone to offer a full disk encryption (FDE) functionality. The absence of FDE would make it possible for the non-encrypted files to be accessed via a platform like Lucid Lynx that is not properly authenticated under the current circumstances. Consequently, while an unprotected mounting of iPhone on computers running Macintosh, Windows 2000 SP2, Windows 7 or Ubuntu 10.04 offers access only to the DCIM folder of the iPhone, users mounting the device on a Ubuntu Lucid Lynx machine are provided access to a lot more content.

Serious security loophole discovered on iPhone 3GS

According to Marienfeldt there are ways to get around both the on-device encryption that is available in iPhone 3GS as well as the encrypted backups that can be saved via iTunes. He says:

"The only benefit hardware encryption [as implemented] is that it makes wipes faster, by just dropping the [encryption] key,"  

He goes on to add that even the remote wipe feature can be easily bypassed by removing the iPhone's SIM card.

Marienfeldt has revealed that Apple is learned to be currently working on the issue though there is no information on when a fix for this issue is likely to be provided. We wonder if the new data protection feature on iPhone OS 4 shall be able to tackle this loophole. What do you think?

[Bernd Marienfeldt via Engadget]

Source: iPhone Exploit Allows Access To Data Even With Passcode Protection

Related Articles:

  1. Security Flaw In iOS 4.1 Gives Access To iPhone Contacts, Make Calls, Send Emails, MMS Even With Passcode Lock
  2. iPhone’s PIN-Based Security Transparent To Ubuntu
  3. Ubuntu 10.04 Lucid Lynx Benchmarked and Reviewed
  4. Ubuntu Linux 10.04 Review (Lucid Lynx)
  5. Ubuntu’s “Lucid Lynx” Enters Beta
blog comments powered by Disqus