Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier
Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.
Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …
I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
(Excerpt) Read more at zdnet.com ...
what does jail-broken mean exactly..?
Oh, same with me! But with more and more people doing lots of e-mail and SMS messaging on their iPhones - and many of those people using them for business - suddenly you can have a LOT of confidential information floating around on a phone that everyone thought was secure.
I wouldn’t want to work at a place where I would have to be paranoid of all my co-workers or everyone I came into contact with at my work (that knows I have an iphone). Unless everyone at this office uses an iphone and there’s just loads of proprietary industry secrets in them I don’t think many people should have a whole lot to worry about.
Jail-breaking is the act of changing the OS of the phone so you can actually use it outside of the app store and the limits Apple places on the phone.
Apple considers it a big no-no and a violation of your “rights” as an iPhone user. Many people jail-break their iPhones, though, so they can actually use it as they desire, load alternate apps, music players, etc.
Never even thought of that! And what about Mr. Prosecutor working with Mr. Guard at the court house, where a judge bans phones? Easy way to get all the data from the defense attorney's phone...
Latex gloves, KY jelly, is this the San Franciso chapter of FreeRepublic?
If you give physical access to nearly ANY computer, it can be hacked.
You know security is relative. Meaning if I keep my server in a secure facility the likelyhood of the drives being stolen and info ripped off them or a virus being installed are low.
However, if I carried my server with personal info on it to bars, theme parks, customer sites, the pool, an airplane, etc...I’d put a lot more secuirty on it like encryption of the data and make it so that just plugging in something like a USB cable wouldn’t allow you to have access to the system.
You’d think with apple being uber secure the iPhone wouldn’t allow someone to easily plug in a USB cable on their phone. Heck I’ve left my cell phone in locked mode before in a relatively unsecure area. If you ever do business with the military you’ll know they have you drop your cell phone outside the door on a table where everyone’s cell phone is. Now the phones don’t get stolen as that would be too obvious and you could issue a kill command for ceratain phones. But now the spy can just grab the phone plug it in and get what he wants from all the iPhones on the table.
This is definitely not good nor secure by any means. I really can’t see any security minded person saying this is not a huge issue.
Right for you security of the phone isn’t important but for many business users it’s huge. I wonder how CIO will feel about this now that they are enabling iPhones to have access to the company email.
Here’s another one. If you don’t trust your signficant other or you think your kids are doing bad things...just buy them an iPhone. You can have near instant access to all their info as soon as they go to sleep.
Got a link? Or is this just a guess? This is a serious issue. iPhone isn't just a toy anymore as CTO and other heavies in IT started to put them on their corporate network by allowing them to access corporate email. This hack is just too simple to implement. It's not like it takes a day or two of trying to crack someone's pin via brute force attack. It just gives up the info. Think of it like this the iPhone is like France. They have a military and it appears formidable, but as soon as another military knocks on their door and says leave...they turn tail and run. The security provided on the iPhone is a joke. Why even have a pin at all if it doesn't work?
is an ATM a computer? I have physical access to them and so do hackers but other then tricks by having stupid users enter their pins and have their cards scanned by another computer I don't think ATMs are getting hacked even though we all have physical access to them.
I'm glad Apple doesn't make ATM security...the banks would go broke.
No this is an apple thread. How far is Apply HQ from SF anyway?
tech ping please
It just occurred to me, if you can just plug it in and read, you could just as easily write. Is the iPhone acting as a dumb drive? Could someone replace critical files with modified versions giving them live access any time they wanted?
Physical access means complete access to the machine. An ATM in a locked case isn’t easily hackable, but give a competent person the key and they can hack the machine.
Many ATMs run Windows and I’ve even seen a couple with the blue screen.
Ok so I don’t need complete access to an iPhone and I can grab all the data I need off it. Just expose connector to me and I’ll get everything I need.
Seems apple would catch it because they care about their own security too. Could this have a simple fix?
not yet they can’t write to it. The research appears to be ongoing and they just need a buffer overflow to exploit. And based on teh latest round of patches on the iOS it appears they have several to choose from.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.