iPhone Security Flaw: Using a PIN Won't Help You
Using a four-digit PIN to lock your iPhone doesn't really protect your data, security and IT blogger Bernd Marienfeldt has discovered. In an article describing the iPhone's business security framework, Marienfeldt has found a "data protection vulnerability" in Apple's iPhone 3GS.
Marienfeldt, working with security expert Jim Herbeck, has been able to reproduce the vulnerability on at least three non jail-broken iPhone 3GS handsets with different iPhone OS versions installed (including the latest). All tested iPhones were protected with a four-digit PIN.
In Marienfeldt's own words:
"The unprotected iPhone 3GS mounting is “limited” to the DCIM folder under Ubuntu < 10.04 LTS, Apple Macintosh, Windows 2000 SP2 and Windows 7. The way Ubuntu Lucid Lynx handles the iPhone 3GS [6,7,8] allows to get more content (please do make sure that the native Ubuntu system is fully up to date, e.g. “apt-get update, “apt-get upgrade” - any virtualization based solution will not work as described). I used the Alternate CD with x86 and AMD64 on different hardware."
Basically, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user's data--including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The "hacker" has read/write access to the iPhone, and the hack leaves no trace.
According to Marienfeldt, "The allowed write access could also lead into triggering a buffer overflow." A buffer overflow could allow full write access, and full write access could potentially lead to the attacker being able to make phone calls (as far as we know, the attacker can access all of your data but they can't make any phone calls…how reassuring).
Marienfeldt points out that this is especially an issue for corporate/business users, who "rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it."
Apple has been notified of the flaw, but has yet to correct it (or give a timeline for the correction).
Obviously, this is not the first iPhone security flaw to have ever been found--but it's an interesting discovery, especially as AT&T currently states that it generates almost half of its revenue from business customers (and that the reason for this is because of the iPhone's awesome security).
According to a report from ZDNet, Ron Spears, CEO of the AT&T Business Solutions unit, said on Thursday that "four out of ten sales of the iPhone are made to enterprise users."
Spears also noted that, "By the time the 3G came out in ‘08 they had solved about 80% of the security issues. By the time the 3GS came out last summer, most CIOs will tell you today they have very few issues around the security that they need provided as they have come to know that RIM can do it because of the way RIM provides their solution."
Like This Story? You Might Also Like: