toggle

AAPL Stock: 102.25 ( + 0.12 )

Printed from http://www.macnn.com

iPhone encryption too easy to hack?

updated 04:55 pm EDT, Thu July 23, 2009

iPhone encryption weak?

The iPhone's current data encryption system is far too easy to crack, claims an iPhone developer familiar with the technology. "It is kind of like storing all your secret messages right next to the secret decoder ring," says Jonathan Zdziarski, who also teaches courses on recovering data from iPhones. "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security."

Using free software, Zdziarksi charges, it is possible to crack even the iPhone 3GS in as little as two minutes. A complete disk image can be created in roughly 45 minutes, using a jailbreaking tool such as redsn0w, which then enables data to be pulled via an SSH client. iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments.

Corporations are nevertheless said to be adopting the iPhone, with or without regard to security threats. As a result Zdziarski suggests that developers should be adding their own layers of security to apps, as a means of protecting sensitive information including the content of e-mail. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it," he adds, "but it's entirely useless toward security."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. nowwhatareyoulookingat

    Joined: Dec 1969

    +4

    not clear

    Is this before you've issued the remote wipe or after? I don't think this is possible if you've done the remote wipe on the 3GS after a minute or two, as the keys needed to do the decryption are erased. The older iPhones need all the memory to be erased, which takes much longer [and it's also not clear if that process can be readily be aborted to be able to copy the data to your computer].

  1. WiseWeasel

    Joined: Dec 1969

    -4

    weak

    Well, at least it's useful for a fast remote wipe, but that's it. Pretty embarrassing that Apple wasn't able or willing to implement better privacy protection than this, as they clearly had the capabilities with the encryption chipset they're using.

  1. resuna

    Joined: Dec 1969

    +5

    WTF does this mean?

    "iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments."

    WTF does this mean? It sounds like it should mean something but there's no semantic information in it at all. It's like he's playing buzzword bingo with an O'Reilly pocket reference.

  1. Marook

    Joined: Dec 1969

    +1

    Question is:

    Is this better than other phones? Is it better than RIM?

    It's easy to complain and point fingers, but compare the features to what it's supposed to do, and then say if it's faulty!
    And do people really think that a phone is a security vault? Grow up.. and put policies on it and remote wipe fast if it's lost!

  1. schwie

    Joined: Dec 1969

    +1

    Move along...

    Jonathan Zdziarski is just another faith-head. Anyone who's thought process leads them to be "undeniably certain" about a mythical entity should be laughed at in the public square. His other thoughts, including those of software security, should be viewed with a skeptical eye.

  1. Constable Odo

    Joined: Dec 1969

    -6

    Easier than stealing

    candy from a baby, so he says. He also claims that the BlackBerry is virtually impenetrable. Ten supercomputers in ten years time couldn't get a drop of info out of a BlackBerry and that's why the iPhone will never make it into the enterprise.

    That came as quite a shock. Not really. The iPhone will never be accepted the way the BlackBerry is if IT has any say in it. I think this encryption revelation was why RIM's stock went up today. Investors realized that BlackBerry will rule the enterprise for a long, long time after hearing about the iPhone's security weakness.

  1. mr100percent

    Joined: Dec 1969

    -3

    SSH

    I think the reason it's so easy to SSH into the device is because Apple was in the past OK with jailbreaking; it's the unlocking and now piracy that they're against.

  1. thumprchgo

    Joined: Dec 1969

    -1

    expertise: "speaking"q

    check out the guy's website. he has three areas of expertise:
    -algorithmic theory
    -forensics
    -speaking

    so this guy knows how to speak. I'm impressed. Maybe his fee is "acronym-based".

  1. testudo

    Joined: Dec 1969

    -1

    Re: Question is


    Is this better than other phones? Is it better than RIM?


    That's only the question when you're looking for some way to make it seem like it isn't a serious issue, or trying to find an excuse or reason to get them off the hook.

    If all phones are worse than apple's in this regard does not make the iPhone magically 'good'. It would still suck, just not as much.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

toggle

Most Commented