iPhone encryption too easy to hack?
updated 04:55 pm EDT, Thu July 23, 2009
iPhone encryption weak?
The iPhone's current data encryption system is far too easy to crack, claims an iPhone developer familiar with the technology. "It is kind of like storing all your secret messages right next to the secret decoder ring," says Jonathan Zdziarski, who also teaches courses on recovering data from iPhones. "I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security."
Using free software, Zdziarksi charges, it is possible to crack even the iPhone 3GS in as little as two minutes. A complete disk image can be created in roughly 45 minutes, using a jailbreaking tool such as redsn0w, which then enables data to be pulled via an SSH client. iPhones appear to decrypt information for an SSH tunnel without any special prompting, Zdziarski comments.
Corporations are nevertheless said to be adopting the iPhone, with or without regard to security threats. As a result Zdziarski suggests that developers should be adding their own layers of security to apps, as a means of protecting sensitive information including the content of e-mail. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it," he adds, "but it’s entirely useless toward security."
Fresh-Faced Recruit
Joined: Jul 2009
not clear
Is this before you've issued the remote wipe or after? I don't think this is possible if you've done the remote wipe on the 3GS after a minute or two, as the keys needed to do the decryption are erased. The older iPhones need all the memory to be erased, which takes much longer [and it's also not clear if that process can be readily be aborted to be able to copy the data to your computer].