Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier
Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.
Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …
I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
(Excerpt) Read more at zdnet.com ...
ping
I *think* they stopped supporting 1st gen iPhones so if this works on those I don’t think there will be a fix other than buy a new iPhone. But then you have to deal with the broken attenna issues and yellow screens.
I said NEARLY any computer. But I’m sure you understood that. After all, we wouldn’t want to make ‘stupid’ statements about ‘unhackable’ computers, would we?
But why even bring it up because we aren’t talking about hacking a computer with true physical access rather we are talking about hacking a phone that is left unattended for 2 minutes.
HUGE difference in scale. Your original point appeared to water this HUGE issue down by just saying all computers are susceptible when left unattended. But in reality that’s not the case as proven by my ATM example. It’s all just a matter of scale.
So on a scale of security when someone has physical access it goes...
iphone -> PC -> other cell phones -> atm
needless to say the pc and cell phone examples listed are assuming no encryption.
Everyone involved in computer security knows that once someone has physical access, unless all data on the device is fully encrypted, that it is vulnerable. I'm sorry, but this particular "vulnerability" is fairly lame.
Actually, Ubuntu is one of the most ubiquitous forms of Linux out there. It’s highly extensible, flexible, and seen as one of the primary portal OSes in the battle for Windows users who want greater security with the flexibility of Windows.
To say that this won’t affect anyone is folly. I’ve upgraded my Ubuntu rev to 10.04, and it’s always fun to poke around in the install for new toys. I know several co-workers who bought new laptops for their college-bound teens and instead of accepting the Windows 7 EULA, they’re declining and installing Ubuntu instead (it is free, after all). Those kids might have an iPhone, and this security “hole” (I agree it’s not really a hole) is concerning. I’m sure the Linux community will “fix” it or Apple will push a new iPhone security fix (do they do this?) to ensure this can’t happen.
With Linux gaining acceptance in the user community (highly-technical users anyway), this might become more prevalent.
No, not really. An ATM has a computer in it, but so do modern cars.
No you do not. The people who have actual access to the computers in an ATM usually carry guns and keys.
Having cards and PINs stolen or cloned is hacking the card not the ATM.
The closest thing to what can be done with and Iphone I have heard of. is someone backing a truck up to an ATM and pulling it from the wall and loading it into the truck. Once that happens an ATM is not secure either.
Yeah right. You keep on believing that I'm sure you may convince yourself of it one day.
No but there is a security hole if you apply a pin and then you can connect a USB cable to it and pull off all the data. What’s the point of a pin.
In your example of botting to a CD...I will agree assuming you set the bios password. The bios password acts like the pin on the phone.
When I reboot I expect the pin/bios PW to stop someone from booting to CD. Just like I expect my pin to not allow someone to have access to my phone by simply connecting to it.
I have a pin on my phone because my company forces a policy on me to use one if I want to access company email on my phone. I presume most companies that allow cell phones to access their email will require some policy to set a pin. Except in iPhone I guess it really doesn’t matter since the pin is worthless.
Standard operating procedure for American businesspeople heading to Asia is to use a brand new laptop/PDA with no corporate data on the machine. Then add a new login/password to connect to any VPNs back in the states, where the new username has lower privileges and is kept in a highly secured sandbox on the home servers.
BUT,... in regards to the IPhone vulnerability, now that this is revealed, the IPhone would be banned from every corporate environment I know of where security is run by competent IT staff.
Apple allows large corporations to host in-house AppStores for corporate Apps and data transfer. Apple spent a good amount of money on this to try to build a foothold in the corporate market. It has all gone to waste until this security hole is resolved.
Can it be resolved?
Apple will have to add a low level encryption solution, which will slow down performance by a few percentage.
Will Apple resolve this? Maybe Steve Jobs will tell us to stop plugging in your new IPhone the wrong way. :\
Every time I get closer to buying a IPhone, Steve keeps pushing me away.
All posts by known troll for-q-clinton have been Blocked, to view posts by this person you must edit the FRTrollBlocker.user.js file.
Feel free to bother someone else.
Funny so you admit that your response was wrong as good be and that my analogy hit the nail on the head.
Just admit it apple iOS is not very secure and you’ll feel better. Come out of your apple closet.
Looks like you are putting your head in the sand to avoid the bad news that your idol Apple has fallen and fallen fast and hard.
Keep your head in the sand long enough and who knows iPhone may be a big joke that we all laugh at in 3 years.
Here I'll bold it for you this time.
All posts by known troll for-q-clinton have been Blocked, to view posts by this person you must edit the FRTrollBlocker.user.js file.
What I find amusing is some people get completely obsessed about evil Macs to the point they go into every single thread and start huffing and puffing. It is almost as if they have some kind of personal stake in it. I’ve never been able to figure it out.
All posts by known troll for-q-clinton have been Blocked, to view posts by this person you must edit the FRTrollBlocker.user.js file.
For the rest of you reading this thread. Here's what a post about windows looks like.
Windows 7 update, hold off for now.
Notice, there are no attacks upon users. No name calling. No constant trollish behaviour. Just discussion and folks attempting to help the poster.
Note the difference.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.