Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Ubuntu Lucid Lynx 10.04 can read your iPhone's secrets
ZDNet ^ | May 27, 2010 | Adrian Kingsley-Hughes

Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier

Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.

Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …

I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.

(Excerpt) Read more at zdnet.com ...


TOPICS: Business/Economy; Computers/Internet; Music/Entertainment
KEYWORDS: apple; fail; ilovebillgates; iphone; iwanthim; iwanthimbad; microsoftfanboys; secure
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 221-229 next last
To: PugetSoundSoldier

what does jail-broken mean exactly..?


21 posted on 06/25/2010 1:04:34 PM PDT by rahbert (Our enemy has yet to reveal himself...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brent13a

Oh, same with me! But with more and more people doing lots of e-mail and SMS messaging on their iPhones - and many of those people using them for business - suddenly you can have a LOT of confidential information floating around on a phone that everyone thought was secure.


22 posted on 06/25/2010 1:04:41 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 18 | View Replies]

To: PugetSoundSoldier

I wouldn’t want to work at a place where I would have to be paranoid of all my co-workers or everyone I came into contact with at my work (that knows I have an iphone). Unless everyone at this office uses an iphone and there’s just loads of proprietary industry secrets in them I don’t think many people should have a whole lot to worry about.


23 posted on 06/25/2010 1:05:11 PM PDT by brent13a (You're a Great American! NO you're a Great American! NO NO NO YOU'RE a Great American! Nooo.....WTF?)
[ Post Reply | Private Reply | To 17 | View Replies]

To: rahbert

Jail-breaking is the act of changing the OS of the phone so you can actually use it outside of the app store and the limits Apple places on the phone.

Apple considers it a big no-no and a violation of your “rights” as an iPhone user. Many people jail-break their iPhones, though, so they can actually use it as they desire, load alternate apps, music players, etc.


24 posted on 06/25/2010 1:07:08 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 21 | View Replies]

To: B4Ranch
I have been to a few meetings where personal phones had to be surrendered before entry into the room was allowed. That would be a good time to “gather” the competitors data. Just a little in-house espionage.

Never even thought of that! And what about Mr. Prosecutor working with Mr. Guard at the court house, where a judge bans phones? Easy way to get all the data from the defense attorney's phone...

25 posted on 06/25/2010 1:08:19 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 19 | View Replies]

To: PugetSoundSoldier
But with more and more people doing lots of e-mail and SMS messaging on their iPhones - and many of those people using them for business - suddenly you can have a LOT of confidential information floating around on a phone that everyone thought was secure.

I agree, but I'm pretty sure any cell phone on the market will have their share of major security holes, it's not just iphone users that have to worry about being compromised.
26 posted on 06/25/2010 1:09:25 PM PDT by brent13a (You're a Great American! NO you're a Great American! NO NO NO YOU'RE a Great American! Nooo.....WTF?)
[ Post Reply | Private Reply | To 22 | View Replies]

To: PugetSoundSoldier

Latex gloves, KY jelly, is this the San Franciso chapter of FreeRepublic?


27 posted on 06/25/2010 1:18:26 PM PDT by dangerdoc
[ Post Reply | Private Reply | To 16 | View Replies]

To: PugetSoundSoldier

If you give physical access to nearly ANY computer, it can be hacked.


28 posted on 06/25/2010 1:38:38 PM PDT by rlmorel (We are traveling "The Road to Serfdom".)
[ Post Reply | Private Reply | To 1 | View Replies]

To: PugetSoundSoldier

You know security is relative. Meaning if I keep my server in a secure facility the likelyhood of the drives being stolen and info ripped off them or a virus being installed are low.

However, if I carried my server with personal info on it to bars, theme parks, customer sites, the pool, an airplane, etc...I’d put a lot more secuirty on it like encryption of the data and make it so that just plugging in something like a USB cable wouldn’t allow you to have access to the system.

You’d think with apple being uber secure the iPhone wouldn’t allow someone to easily plug in a USB cable on their phone. Heck I’ve left my cell phone in locked mode before in a relatively unsecure area. If you ever do business with the military you’ll know they have you drop your cell phone outside the door on a table where everyone’s cell phone is. Now the phones don’t get stolen as that would be too obvious and you could issue a kill command for ceratain phones. But now the spy can just grab the phone plug it in and get what he wants from all the iPhones on the table.

This is definitely not good nor secure by any means. I really can’t see any security minded person saying this is not a huge issue.


29 posted on 06/25/2010 1:49:24 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 11 | View Replies]

To: brent13a

Right for you security of the phone isn’t important but for many business users it’s huge. I wonder how CIO will feel about this now that they are enabling iPhones to have access to the company email.


30 posted on 06/25/2010 1:52:04 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 18 | View Replies]

To: PugetSoundSoldier

Here’s another one. If you don’t trust your signficant other or you think your kids are doing bad things...just buy them an iPhone. You can have near instant access to all their info as soon as they go to sleep.


31 posted on 06/25/2010 1:53:46 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 22 | View Replies]

To: brent13a
I agree, but I'm pretty sure any cell phone on the market will have their share of major security holes, it's not just iphone users that have to worry about being compromised.

Got a link? Or is this just a guess? This is a serious issue. iPhone isn't just a toy anymore as CTO and other heavies in IT started to put them on their corporate network by allowing them to access corporate email. This hack is just too simple to implement. It's not like it takes a day or two of trying to crack someone's pin via brute force attack. It just gives up the info. Think of it like this the iPhone is like France. They have a military and it appears formidable, but as soon as another military knocks on their door and says leave...they turn tail and run. The security provided on the iPhone is a joke. Why even have a pin at all if it doesn't work?

32 posted on 06/25/2010 1:58:41 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 26 | View Replies]

To: rlmorel
If you give physical access to nearly ANY computer, it can be hacked.

is an ATM a computer? I have physical access to them and so do hackers but other then tricks by having stupid users enter their pins and have their cards scanned by another computer I don't think ATMs are getting hacked even though we all have physical access to them.

I'm glad Apple doesn't make ATM security...the banks would go broke.

33 posted on 06/25/2010 2:00:31 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 28 | View Replies]

To: dangerdoc

No this is an apple thread. How far is Apply HQ from SF anyway?


34 posted on 06/25/2010 2:02:15 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 27 | View Replies]

To: ShadowAce

tech ping please


35 posted on 06/25/2010 2:04:16 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: PugetSoundSoldier

It just occurred to me, if you can just plug it in and read, you could just as easily write. Is the iPhone acting as a dumb drive? Could someone replace critical files with modified versions giving them live access any time they wanted?


36 posted on 06/25/2010 2:04:53 PM PDT by dangerdoc
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Physical access means complete access to the machine. An ATM in a locked case isn’t easily hackable, but give a competent person the key and they can hack the machine.

Many ATMs run Windows and I’ve even seen a couple with the blue screen.


37 posted on 06/25/2010 2:10:52 PM PDT by MediaMole
[ Post Reply | Private Reply | To 33 | View Replies]

To: MediaMole

Ok so I don’t need complete access to an iPhone and I can grab all the data I need off it. Just expose connector to me and I’ll get everything I need.


38 posted on 06/25/2010 2:14:25 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 37 | View Replies]

To: for-q-clinton
You’d think with apple being uber secure the iPhone wouldn’t allow someone to easily plug in a USB cable on their phone.

Seems apple would catch it because they care about their own security too. Could this have a simple fix?

39 posted on 06/25/2010 2:14:55 PM PDT by GOPJ (http://www.portpublishing.com/Computer%20Based/retaildetailgmsea.htm)
[ Post Reply | Private Reply | To 29 | View Replies]

To: dangerdoc

not yet they can’t write to it. The research appears to be ongoing and they just need a buffer overflow to exploit. And based on teh latest round of patches on the iOS it appears they have several to choose from.


40 posted on 06/25/2010 2:15:46 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 36 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 221-229 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson