toggle

AAPL Stock: 102.5 ( + 0.25 )

Printed from http://www.macnn.com

iPhone user histories at risk due to security flaw?

updated 04:05 pm EDT, Tue September 30, 2008

iPhone history security

A feature inherent to the iPhone's graphical interface may pose a threat to users' privacy, reports claim. A data forensics expert, Jonathan Zdziarski, notes that iPhones can automatically capture a screenshot of every recent action performed by a person, such as checking e-mail or visiting a website. The images are said to be necessary only on a cosmetic basis, used to create the illusion of a window shrinking and disappearing when the Home button is tapped.

While it is suggested that an iPhone may keep only the most recent image in memory, Zdziarski observes that this still represents a concern, mainly due to the existence of data recovery tools. By examining the deleted sectors of an iPhone's memory, it should be possible to reconstruct images, which can then be exploited to trace a person's behavior or view potentially sensitive information.

Similar techniques are regularly used by police and security agencies, which attempt to salvage photos, messages and browser caches running months into the past. The iPhone flaw is said to be just one more avenue of investigation for these groups, but may also add to security problems should a phone be stolen.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. macnixer

    Joined: Dec 1969

    +1

    this news is old

    and albeit too late to be posted / re-posted again. While I did watch the youtube video of the presentation where Jon demonstrates some of the investigative processes, i have some doubts and I have also mailed him on this. Unfortunately there are no replies.

    Here is an excerpt on my queries: ( I have assumed that the iPhone user has set the password lock).

    While I appreciate your thoughts on the product being very low on the security perspective, I have questions.

    Is it possible to bypass the password by installing a jailbreak on the device?

    What if the user has disabled the WIFI networking or has it on but does not ask to join the network or it asks but cannot because the password would prevent the forensics person to access the dialog box?

    What if the user has been smart enough to store all info remotely and has used the iPhone to remote to the system for all data. Would the iPhone cache contain all these data?

    Also you used the jailbreak and "alpine" password which is pretty much known in the hacker world or atleast anyone with a decent level of expertise knows that it is darn simple to install OpenSSH using Cydia and then change the root password and the mobile password. Under these circumstances how does one get into the phone and remove the password lock?

  1. Johnny Niles

    Joined: Dec 1969

    +1

    FUD... again

    This Zdziarski guy is the king of iPhone FUD. This is the same guy that got people all worked up about the possibility of Apple being able to remove your apps remotely, and it turns out that had nothing to do with what Zdziarski was looking at. As in, nada, zip, zero.

    Zdziarski likes to conjecture that certain things mean certain other things, and people flip out. He doesn't have proof, it's all conjecture, assumptions and FUD. People should stop posting every time he says something.

  1. dliup

    Joined: Dec 1969

    +2

    LOL LOL LOL

    So any user of any electronic device is at risk. If you use windows or MS office, your files auto-save, OMG privacy risk.

    Jeez, get a life.

  1. Guest

    Joined: Dec 1969

    +1

    Come On!

    If they want your data badly enough to reconstruct it from animation keyframes, then there's nothing you can do to fully protect yourself. Besides, it'd be a whole lot easier to recover the 'sensitive data' via the actual caches and files USED TO GENERATE THE IMAGES TO BEGIN WITH.

    Oooooo. Studying the grease buildup on the keys of your keyboard is also an excellent way to guess passwords -- it looks like keyboards are also a serious security threat that goes to the very core of the computer interface! shudder

  1. ZinkDifferent

    Joined: Dec 1969

    +1

    How many times...


    ...can regurgitate MacNN this inaccurate and overly old story?

    Let's try for an even dozen times, shall we?


Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kanex KTU10 Thunderbolt to USB 3.0 and eSATA

Apple has never been shy about funky ports -- first it was Apple Desktop Bus, and its own DIN-8 serial port. Following that came FireW ...

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in m ...

toggle

Most Commented