Ubuntu Lucid Lynx 10.04 can read your iPhone's secrets

ZDNet ^ | May 27, 2010 | Adrian Kingsley-Hughes

[itsahoot]

I have nothing personally against you; it’s guys like zeugma and Swordmaker who apparently have some sort of holy crusade for Mac that bother me.

They don't have a Holy Crusade, but maybe you do, the question is, why? You convert no one, you convince no one to give away their Apple products, so what is your purpose for invading these threads, that are of interest to Apple users only?

I originally posted on this forum when a MS-Apple flame war was going full blast, my screen name represents what I thought of the argument.

Nothing has change, and I still buy Apple Products. I read as much as I can about Apple products on websites that offer helpful advice. 99.9% of the problems that show up on those forums never affect me at all, I don't know why, maybe because I have quit putzing with the system, putting in all those useful system tweeks.

In any case, Apple users by and large just want to hear useful information and be left alone. We have always been more than willing to freely share our expertise and problem solving tips through Users Groups, that never charged a dime for anything, maybe that is the real beef that PC IT guys have with Apple.

[RightOnTheLeftCoast]

Fixed in iOS 4 anyway. Old news.

[PugetSoundSoldier]

Actually, it’s not. I corrected you in another thread where you brought this up.

The iOS4 update fixed a race condition if you try to set the PIN as you power down; this is a security hole where you can read your iPhone with Ubuntu even if the PIN is set and the phone is in normal operation, not powering down.

VERY different error/bug. The iOS4 update cured the situation where you thought you locked it but the race condition means you actually didn’t.

This hole is where the phone IS locked, but mounts as a file device under Ubuntu even when locked.

[dayglored]

> I know with my HTC WinMo phone I can transfer 200 MB of data in just over a second to my Ubuntu install; extrapolating, that's about 40 seconds for a full 8 GB.

If so, it's not using USB2.0, which would surprise me.

USB2.0 absolute max burst data rate is 480Mbps -- that's "bits per second", not bytes. Realistically you can expect to see around 20-30MB/sec (that's megabytes per second) with a USB2.0-capable device like a hard drive; a phone might be able to do the same. My iPod touch can do roughly that, as can my other USB2.0 MP3 portable players.

Your quoted speed of 200MB per second has to be using some other protocol, such as direct eSATA, USB3.0, etc. Please describe, because I don't know that any phone has support for anything faster than USB2.0 at present.

Or possibly, you've mixed up "bits" and "bytes", which I suspect is more likely, since it's an easy mistake to make.

[PugetSoundSoldier]

No, actually I got the 200 MB wrong... It should have been 20 MB. My apologies.

[dayglored]

> Your comments really didn’t bother me, one way or another.

Glad to hear it.

I don't do flamewars. Religious tech threads bore me, threads that degenerate into name-calling disgust me, and threads that degenerate further into extensive analysis of exactly who-said-what-to-whom make me want to run screaming from the room. I risked a bit of the last to explain myself, and thanks for considering it.

I'm perfectly happy to discuss the technical pros and cons of software and hardware. Beyond that, it is mostly a matter of personal taste, and it astounds me how much time the different camps spend trying to denigrate the other, or convince the other that they should abandon their choice.

Anyway, back to our regularly scheduled program...

[RightOnTheLeftCoast]

"Actually, it’s not. I corrected you in another thread where you brought this up."

Actually, it is, or at least that's my current read on it. Because, if my research is correct (and sorry, I don't have a 3GS to test it on) sensitive data in the phone is not being exposed and never has.

Bear with me: The lack of /usr, /var, and similar subdirectories is the key. I believe what Ubuntu is seeing is the publicly shared directory, /var/mobile/Media, which contains the photos and such (including the familiar DCIM folder which has always mounted over USB with the phone off). This build of Ubuntu is mounting the full subdirectory tree from that public folder, but the files that would be of privacy concern are not exposed, nor is any of this available wirelessly.

So, I was wrong about the issue being fixed in iOS 4, because it does seem to be a non-issue, inflated by inaccurate reporting. The iOS 4 fix I identified in the other thread does seem to be for something else.

[dayglored]

> No, actually I got the 200 MB wrong... It should have been 20 MB. My apologies.

Accepted, no problem. I assume the same applies to this comment you made back in #130:

With a transfer rate of 480 Mbps, you could copy 8 GB in about 20 seconds, and 16 GB in about 40 seconds. I know I've seen close to that sustained rate with Ubuntu and Win 7; is the iPhone too slow to allow those kinds of transfer rates?

Your calculation is wrong by about a factor of 20, as it applies to USB2.0 data rates.

Just checking -- are you now saying you did NOT see close to that sustained rate with Ubuntu and Win7, or are you saying you thought you saw it but didn't calculate the rate correctly?

Reason I ask is that unintentional misinformation generally should be corrected for the sake of other thread readers, to avoid propagating the mistake...

[dayglored]

> I believe what Ubuntu is seeing is the publicly shared directory, /var/mobile/Media, which contains the photos and such (including the familiar DCIM folder which has always mounted over USB with the phone off).

Out of curiosity, I just now mounted my 8GB iPod Touch (3.1.3 software) on my Linux Fedora Core 10 system via USB. Hadn't ever tried that before.

Fedora immediately recognizes it as an Apple iPod, and does exactly what RightOnTheLeftCoast says -- it mounts the public media tree. I can see my pictures, etc. Nothing else. I cannot see any private media (e.g. MP3s), private apps, nor any of my private information in the iPod configuration.

So maybe this is nothing new?

The above just for comparison with an older product. I know that the iPod Touch is not an iPhone, and I'm running 3.x not 4.x software...

[RightOnTheLeftCoast]

Thanks for performing that experiment, Dayglored!

Seems to be trending that we can put this particular piece of FUD to bed.

Swordmaker, Day’s referring to my post 147 in this thread.

Have a nice day, y’all.

[for-q-clinton]

I never suggested it should be the SOLE means of security. But if I have a jumperless motherboard you’ll have a bit harder time jumping it. And if I put a log on the case good luck getting to it in 5 minutes. It would be easier to just steal the machine, but then I’d know you had been there. Same as if you reset my bios password. And of course in an office environment when you go cracking open the PC case it will draw some attention.

The iPhone on the other hand...I could just replace your iPhone connector with mine that is plugged into my PC. As soon as you plug in I start grabbing the data.

[jacquej]

Good advice, Swordmaker.

I will behave, and not feed the trolls.

[dayglored]

> Seems to be trending that we can put this particular piece of FUD to bed.

Maybe, maybe not. The photo they printed shows a lot more than mine did, in the public media tree:

Mine showed only the "DCIM" (digital photos) folder. But that might be because mine is an iPod.

I want to see someone replicate the experiment that started the article this thread is based on. It's entirely possible that the original article's authors are mistaken -- such things happen all the time, especially when someone with an axe to grind against Apple tries to demonstrate that Apple's security is not good.

The sensationalist nature of their headline tells me that they have an axe to grind, so I'm suspicious that this isn't all it's cracked up to be.

However, until someone replicates their results, we just don't know. We're just speculating on whether the authors know what they really saw.

[PugetSoundSoldier]

Yes, I calculated wrong.

As far as Fedora, isn’t 10 a few years old? This may be newer auto-mount functionality or improved functionality in the current version, version 13.

I know reading through the comments of that ZDNet article there are several interesting insights; some versions of Linux do not mount the device, some do. But the fact you can access the device when locked should be of concern...

[for-q-clinton]

any case, Apple users by and large just want to hear useful information and be left alone.

Then they should love the these threads because they are full of usefull information.

For example, I learned that OSX has a built in anti-virus feature. Never knew that before.

Also the iPhone has a huge security hole where the pin doesn't really work. I'm sure anyone with any sensitive data on their phone will appreciate the heads-up on that.

Also those with 1st gen iPhones and iTouch devices now know there are a ton of security holes in their device that apple won't fix so they better get a new phone.

What's not to appreciate about all that inforamation?

[for-q-clinton]

I was shocke dat his throughput speed as well and was wondering what I was doing wrong...I wanted those speeds :-)

[dayglored]

> As far as Fedora, isn’t 10 a few years old? This may be newer auto-mount functionality or improved functionality in the current version, version 13.

Possibly, but I doubt it -- the automount in 10 did exactly what one expects an automount to do. It's a pretty simple function.

> the fact you can access the device when locked should be of concern...

Depends. If a device has a public portion and a private portion, the fact you can access the public part while the private part is locked is a total "don't care". In fact, that's the desired feature! What matters is whether you can access the private part without the PIN.

And they have NOT yet demonstrated that, nor has anybody on this thread replicated their experiment to see if it is possible. So far all we have is a sensationalist claim in a tech blog. Until somebody replicates their result and displays private locked data without using the PIN, I remain skeptical.

I'm not saying they're lying, mind you. Just saying, they haven't proved anything yet.

[for-q-clinton]

Seems to be trending that we can put this particular piece of FUD to bed.

So based on one test on a version of linux that isn't even the one cited in the article you're ready to call this FUD? Looks like you have made up your mind before getting all the facts...hence your agenda is clear. Defend apple at all costs.

Not sure why you'd want to do that. If my phone had this huge security hole I'd be very concerned and not ready to let it rest until the full situation was known.

[RightOnTheLeftCoast]

Yes, that photo shows an absence of /usr, /var, and so on.

The new behavior in this build of Ubuntu is showing those other folders, but what’s missing is stuff like emails, system settings, and the like. Sensitive stuff.

[dayglored]

> the iPhone has a huge security hole where the pin doesn't really work.

So far, unproven. All it appears to do is access the public folders, which is what one wants. So the article is just a sensationalist claim on a tech blog. I await someone replicating their results. I only have an iPod Touch, but I tried (results listed above).

There are a lot of FReepers with iPhones and Linux. C'mon guys!! Prove this right or wrong.