AAPL Stock: 129.28 ( + 0.33 )

Printed from

iPhone encryption too easy to hack?

updated 04:55 pm EDT, Thu July 23, 2009

iPhone encryption weak?

The iPhone's current data encryption system is far too easy to crack, claims an iPhone developer familiar with the technology. "It is kind of like storing all your secret messages right next to the secret decoder ring," says Jonathan Zdziarski, who also teaches courses on recovering data from iPhones. "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security."

Using free software, Zdziarksi charges, it is possible to crack even the iPhone 3GS in as little as two minutes. A complete disk image can be created in roughly 45 minutes, using a jailbreaking tool such as redsn0w, which then enables data to be pulled via an SSH client. iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments.

Corporations are nevertheless said to be adopting the iPhone, with or without regard to security threats. As a result Zdziarski suggests that developers should be adding their own layers of security to apps, as a means of protecting sensitive information including the content of e-mail. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it," he adds, "but it's entirely useless toward security."

by MacNN Staff





  1. nowwhatareyoulookingat

    Joined: Dec 1969


    not clear

    Is this before you've issued the remote wipe or after? I don't think this is possible if you've done the remote wipe on the 3GS after a minute or two, as the keys needed to do the decryption are erased. The older iPhones need all the memory to be erased, which takes much longer [and it's also not clear if that process can be readily be aborted to be able to copy the data to your computer].

  1. WiseWeasel

    Joined: Dec 1969



    Well, at least it's useful for a fast remote wipe, but that's it. Pretty embarrassing that Apple wasn't able or willing to implement better privacy protection than this, as they clearly had the capabilities with the encryption chipset they're using.

  1. resuna

    Joined: Dec 1969


    WTF does this mean?

    "iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments."

    WTF does this mean? It sounds like it should mean something but there's no semantic information in it at all. It's like he's playing buzzword bingo with an O'Reilly pocket reference.

  1. Marook

    Joined: Dec 1969


    Question is:

    Is this better than other phones? Is it better than RIM?

    It's easy to complain and point fingers, but compare the features to what it's supposed to do, and then say if it's faulty!
    And do people really think that a phone is a security vault? Grow up.. and put policies on it and remote wipe fast if it's lost!

  1. schwie

    Joined: Dec 1969


    Move along...

    Jonathan Zdziarski is just another faith-head. Anyone who's thought process leads them to be "undeniably certain" about a mythical entity should be laughed at in the public square. His other thoughts, including those of software security, should be viewed with a skeptical eye.

  1. Constable Odo

    Joined: Dec 1969


    Easier than stealing

    candy from a baby, so he says. He also claims that the BlackBerry is virtually impenetrable. Ten supercomputers in ten years time couldn't get a drop of info out of a BlackBerry and that's why the iPhone will never make it into the enterprise.

    That came as quite a shock. Not really. The iPhone will never be accepted the way the BlackBerry is if IT has any say in it. I think this encryption revelation was why RIM's stock went up today. Investors realized that BlackBerry will rule the enterprise for a long, long time after hearing about the iPhone's security weakness.

  1. mr100percent

    Joined: Dec 1969



    I think the reason it's so easy to SSH into the device is because Apple was in the past OK with jailbreaking; it's the unlocking and now piracy that they're against.

  1. thumprchgo

    Joined: Dec 1969


    expertise: "speaking"q

    check out the guy's website. he has three areas of expertise:
    -algorithmic theory

    so this guy knows how to speak. I'm impressed. Maybe his fee is "acronym-based".

  1. testudo

    Joined: Dec 1969


    Re: Question is

    Is this better than other phones? Is it better than RIM?

    That's only the question when you're looking for some way to make it seem like it isn't a serious issue, or trying to find an excuse or reason to get them off the hook.

    If all phones are worse than apple's in this regard does not make the iPhone magically 'good'. It would still suck, just not as much.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Jorno Bluetooth keyboard and stand

The Jorno Bluetooth keyboard and stand for tablets certainly looks nice. The gunmetal grey shell of the keyboard looks great while the ...

Apple 12-inch Retina MacBook

It is an exciting time for consumer technology, with gadgets and devices that once used to the stuff of dreams now coming to fruition. ...

JBL Synchros Reflect in-ear headphones

All headphones are not created equally, especially when it comes to use during vigorous activities or workouts. Over-the-ear headphone ...


Most Commented