toggle

AAPL Stock: 97.67 ( + 0.64 )

Printed from http://www.macnn.com

iPhone encryption too easy to hack?

updated 04:55 pm EDT, Thu July 23, 2009

iPhone encryption weak?

The iPhone's current data encryption system is far too easy to crack, claims an iPhone developer familiar with the technology. "It is kind of like storing all your secret messages right next to the secret decoder ring," says Jonathan Zdziarski, who also teaches courses on recovering data from iPhones. "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security."

Using free software, Zdziarksi charges, it is possible to crack even the iPhone 3GS in as little as two minutes. A complete disk image can be created in roughly 45 minutes, using a jailbreaking tool such as redsn0w, which then enables data to be pulled via an SSH client. iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments.

Corporations are nevertheless said to be adopting the iPhone, with or without regard to security threats. As a result Zdziarski suggests that developers should be adding their own layers of security to apps, as a means of protecting sensitive information including the content of e-mail. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it," he adds, "but it's entirely useless toward security."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. nowwhatareyoulookingat

    Joined: Dec 1969

    +4

    not clear

    Is this before you've issued the remote wipe or after? I don't think this is possible if you've done the remote wipe on the 3GS after a minute or two, as the keys needed to do the decryption are erased. The older iPhones need all the memory to be erased, which takes much longer [and it's also not clear if that process can be readily be aborted to be able to copy the data to your computer].

  1. WiseWeasel

    Joined: Dec 1969

    -4

    weak

    Well, at least it's useful for a fast remote wipe, but that's it. Pretty embarrassing that Apple wasn't able or willing to implement better privacy protection than this, as they clearly had the capabilities with the encryption chipset they're using.

  1. resuna

    Joined: Dec 1969

    +5

    WTF does this mean?

    "iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments."

    WTF does this mean? It sounds like it should mean something but there's no semantic information in it at all. It's like he's playing buzzword bingo with an O'Reilly pocket reference.

  1. Marook

    Joined: Dec 1969

    +1

    Question is:

    Is this better than other phones? Is it better than RIM?

    It's easy to complain and point fingers, but compare the features to what it's supposed to do, and then say if it's faulty!
    And do people really think that a phone is a security vault? Grow up.. and put policies on it and remote wipe fast if it's lost!

  1. schwie

    Joined: Dec 1969

    +1

    Move along...

    Jonathan Zdziarski is just another faith-head. Anyone who's thought process leads them to be "undeniably certain" about a mythical entity should be laughed at in the public square. His other thoughts, including those of software security, should be viewed with a skeptical eye.

  1. Constable Odo

    Joined: Dec 1969

    -6

    Easier than stealing

    candy from a baby, so he says. He also claims that the BlackBerry is virtually impenetrable. Ten supercomputers in ten years time couldn't get a drop of info out of a BlackBerry and that's why the iPhone will never make it into the enterprise.

    That came as quite a shock. Not really. The iPhone will never be accepted the way the BlackBerry is if IT has any say in it. I think this encryption revelation was why RIM's stock went up today. Investors realized that BlackBerry will rule the enterprise for a long, long time after hearing about the iPhone's security weakness.

  1. mr100percent

    Joined: Dec 1969

    -3

    SSH

    I think the reason it's so easy to SSH into the device is because Apple was in the past OK with jailbreaking; it's the unlocking and now piracy that they're against.

  1. thumprchgo

    Joined: Dec 1969

    -1

    expertise: "speaking"q

    check out the guy's website. he has three areas of expertise:
    -algorithmic theory
    -forensics
    -speaking

    so this guy knows how to speak. I'm impressed. Maybe his fee is "acronym-based".

  1. testudo

    Joined: Dec 1969

    -1

    Re: Question is


    Is this better than other phones? Is it better than RIM?


    That's only the question when you're looking for some way to make it seem like it isn't a serious issue, or trying to find an excuse or reason to get them off the hook.

    If all phones are worse than apple's in this regard does not make the iPhone magically 'good'. It would still suck, just not as much.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

toggle

Most Commented