updated 04:55 pm EDT, Thu July 23, 2009
iPhone encryption weak?
The iPhone's current data encryption system is far too easy to crack, claims an iPhone developer familiar with the technology. "It is kind of like storing all your secret messages right next to the secret decoder ring," says Jonathan Zdziarski, who also teaches courses on recovering data from iPhones. "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security."
Using free software, Zdziarksi charges, it is possible to crack even the iPhone 3GS in as little as two minutes. A complete disk image can be created in roughly 45 minutes, using a jailbreaking tool such as redsn0w, which then enables data to be pulled via an SSH client. iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments.
Corporations are nevertheless said to be adopting the iPhone, with or without regard to security threats. As a result Zdziarski suggests that developers should be adding their own layers of security to apps, as a means of protecting sensitive information including the content of e-mail. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it," he adds, "but it's entirely useless toward security."