Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Ubuntu Lucid Lynx 10.04 can read your iPhone's secrets
ZDNet ^ | May 27, 2010 | Adrian Kingsley-Hughes

Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier

Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.

Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …

I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.

(Excerpt) Read more at zdnet.com ...


TOPICS: Business/Economy; Computers/Internet; Music/Entertainment
KEYWORDS: apple; fail; ilovebillgates; iphone; iwanthim; iwanthimbad; microsoftfanboys; secure
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 221-229 next last
To: zeugma

Sad. I guess you forgot to mention the windows 7 update thread doesn’t have immature windows users saying I have blocked all mac trolls for trying to make security a common issue.

Enjoy.


61 posted on 06/25/2010 7:12:16 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 60 | View Replies]

To: rlmorel

Or a macbot who blocks people who point out issues with his reality. And then posts to everyone that he’s ignoring reality as if that makes everything better. I really don’t get it...why would anyone put their head in the sand like this?


62 posted on 06/25/2010 7:13:50 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 59 | View Replies]

To: for-q-clinton

Hey...what made you think I was referring to you? Don’t be so sensitive.

By the way, what browser you running on that ATM of yours?


63 posted on 06/25/2010 7:43:53 PM PDT by rlmorel (We are traveling "The Road to Serfdom".)
[ Post Reply | Private Reply | To 62 | View Replies]

To: brent13a
So someone would have to steal my phone and then physically connect it to a computer running a specific version of Ubuntu Linux.....OK, is that a security hole? Yes. Will it affect anyone? 99.999% chance that it will affect absolutely no one. Moving on.

Yeah because nobody uses Linux, more specifically the latest version of Ubuntu. It's not like it's free to download or anything. You couldn't possibly load it into a virtual machine in 10 minutes either.

64 posted on 06/25/2010 8:04:47 PM PDT by YoungHickey (Is it time yet, Claire?)
[ Post Reply | Private Reply | To 8 | View Replies]

To: zeugma; for-q-clinton

Is that an example of apple security? Obviously you aren’t blocking his posts if you are responding to them.


65 posted on 06/25/2010 8:07:59 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 58 | View Replies]

To: zeugma

So why don’t you post a link to the thread where the well known mac user called all windows developers criminals? And then the other very well known mac ping list owner who agreed?

Sorry, your strawman is going up in flames.


66 posted on 06/25/2010 8:09:56 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 60 | View Replies]

To: brent13a

“So someone would have to steal my phone and then physically connect it to a computer running a specific version of Ubuntu Linux.”

Or they could pick it up while you step away from your desk, plug it in and take any data you have on it.

Theft of corporate data happens EVERY SINGLE day.


67 posted on 06/25/2010 8:14:46 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: brent13a

Imagine the health care information for people who receive their email on their iphones. Or people in HR. Payroll departments. I’d guess a lot of business executives have information on their iphone that needs to be kept secure. This is a big hole.


68 posted on 06/25/2010 8:19:43 PM PDT by FourPeas (God Save America)
[ Post Reply | Private Reply | To 23 | View Replies]

To: PugetSoundSoldier
Never even thought of that! And what about Mr. Prosecutor working with Mr. Guard at the court house, where a judge bans phones? Easy way to get all the data from the defense attorney's phone...

Maybe... but to be fair that would be a pretty extreme violation of attorne/client privilege, like a Nifong level ethics violation.  Not to say it wouldn't happen ever, but all the prosecutors I've known are habitually averse to ethical violations like that leading me to believe that most in the profession are as well. 

69 posted on 06/25/2010 8:44:25 PM PDT by MichiganMan (Oprah: Commercial Beef Agriculture=Bad, Commercial Chicken Agriculture=Good...Wait, WTF???)
[ Post Reply | Private Reply | To 25 | View Replies]

To: dangerdoc
Latex gloves, KY jelly, is this the San Franciso chapter of FreeRepublic?

Hey, don't forget your porn! :)

70 posted on 06/25/2010 10:14:42 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 27 | View Replies]

To: rlmorel
If you give physical access to nearly ANY computer, it can be hacked.

This isn't hacking at all; this is copying the entire file system. Making a duplicate of all the data, so you can sort through it as you want.

Plug phone into computer, drag and drop files, and unplug. No hacking or cracking needed.

And it happens on a phone that's supposedly protected by a PIN to keep it "locked" from anyone using it. Don't even try to enter a PIN, just plug it in!

71 posted on 06/25/2010 10:17:42 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 28 | View Replies]

To: zeugma
So, are you saying then, that a windows (or Linux, or OSX computer for that matter) has a security hole if you can boot off a CD and access the data from the hard disk?

Let me enter a password on my computer, and my BIOS. And I'll step away. Then you can have at it. See if you can copy the entire contents of the hard disk - without opening the computer - in a matter of 30 seconds. See if you can even boot off a CD (which is turned off in the BIOS).

Seem there's no "booting" or "hacking"; it's just plugging the phone in and it appears just like a USB memory stick. All security is bypassed BY THE IPHONE. No need to try to do anything more difficult than insert a cable.

72 posted on 06/25/2010 10:21:46 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 47 | View Replies]

To: NathanR
The closest thing to what can be done with and Iphone I have heard of. is someone backing a truck up to an ATM and pulling it from the wall and loading it into the truck. Once that happens an ATM is not secure either.

Actually, it's like walking up to an ATM and making an exact duplicate of the ATM in a few seconds, and walking away, leaving the ATM undisturbed and whole.

73 posted on 06/25/2010 10:26:01 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 50 | View Replies]

To: YoungHickey
Yeah because nobody uses Linux, more specifically the latest version of Ubuntu. It's not like it's free to download or anything. You couldn't possibly load it into a virtual machine in 10 minutes either.

Bah, you run Linux - you're just as immature and stupid as us Windows users! See, we're stupid and love getting viruses, you're immature and refuse to pay for anything.

Maybe one day we'll see the light and become Macolytes. Maybe. One day.

Nah...

74 posted on 06/25/2010 10:30:02 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 64 | View Replies]

To: rlmorel
What I find amusing is some people get completely obsessed about evil Macs to the point they go into every single thread and start huffing and puffing. It is almost as if they have some kind of personal stake in it. I’ve never been able to figure it out.

I think it's a mental illness, like liberalism. The nearest pathology that seems to fit is similar to women who continue to stay with abusive husbands/boyfriends. "I promise I won't hit you again." Sounds kinda similar to the microsoft theme of "this time, we'll get it right."



75 posted on 06/25/2010 11:02:50 PM PDT by zeugma (Ad Majorem Dei Gloriam)
[ Post Reply | Private Reply | To 59 | View Replies]

To: for-q-clinton
How about that folks. 3 times in a single thread. Perhaps I mistook your level of myopia. How about this...

 All posts by known troll for-q-clinton have been Blocked, to view posts by this person you must edit the FRTrollBlocker.user.js file.

Can you read it that time, troll? get it through your thick skull, that I have no intention whatsoever of engaging you in conversation. I don't see what you say, and don't give a tinker's damn. Buzz off and bother someone else.

76 posted on 06/25/2010 11:07:01 PM PDT by zeugma (Ad Majorem Dei Gloriam)
[ Post Reply | Private Reply | To 61 | View Replies]

To: PugetSoundSoldier
Let me enter a password on my computer, and my BIOS. And I'll step away. Then you can have at it. See if you can copy the entire contents of the hard disk - without opening the computer - in a matter of 30 seconds. See if you can even boot off a CD (which is turned off in the BIOS).

 Wow. So you're saying having a password on a phone is equivalent to a BIOS-level password? Wouldn't it be a lot more similar to having a password on your windows user name? Come on, get real here. Personally, I'd like to see an addional bios-type password on devices like this, but it just isn't the way things are done. Go ahead. put a bios password on your computer. If I have physical access, I'll just pop the drive out, copy it to another device, and peruse it at me leisure. After putting it back in your PC, you'll never know the difference, as nothing has been changed.

You seem like you're grasping at straws here, trying to equate the fact that someone with phisical access to hardware compares with remotely executable viruses, worms, and trojans that are endemic in the ms-windows world. Give it up. You're not dealing with someone with only passing familiarity with computers and how they operate.

Seem there's no "booting" or "hacking"; it's just plugging the phone in and it appears just like a USB memory stick. All security is bypassed BY THE IPHONE. No need to try to do anything more difficult than insert a cable.

Which is pretty mcuh comparable in 99% of the cases out there with your average PC. Pop a CD in, fire it up, and copy off what you want. As I mentioned before, the miniscule fraction of people who even bother with a bios password are completely subverted by someone with a screwdriver and a little time. The only real defense to someone with physical access to a computer is to completely encrypt your data partition. These days, given the power in your average computer, that is completely feasable, but only the paranoid do that because it is a hassle.  Some companies require that kind of thing on laptops these days, but it is, again, the exception, not the rule, and most crypto, as implemented is pretty piss-poor anyway.

Sorry, but the real world refutes the notion that you are trying to make.

77 posted on 06/25/2010 11:20:55 PM PDT by zeugma (Ad Majorem Dei Gloriam)
[ Post Reply | Private Reply | To 72 | View Replies]

To: driftdiver
Think I may need to edit the frtrollblocker to make it easier to see the post numbers and ID of those being blocked. This one is for you. Troll number 2 in my new troll-free FR experience. I initially put a 3rd one in there, but he has actually shown the potential to read and comprehend posts made to him, so I left him commented for now.

All posts by known troll driftdiver have been Blocked, to view posts by this person you must edit the FRTrollBlocker.user.js file.

I'd say not to bother replying, but I understand that trolls are reding-comprehension impared.

 

78 posted on 06/25/2010 11:29:38 PM PDT by zeugma (Ad Majorem Dei Gloriam)
[ Post Reply | Private Reply | To 65 | View Replies]

To: zeugma

Zeugma,

When I PIN lock my phone (an HTC Touch Pro 2) you cannot access the device. And plugging it in to a computer does nothing, until I unlock the device.

So, yeah - for a non-iPhone, a PIN is equivalent to locking down the phone. You cannot easily access it until you enter the PIN.

Kind of how you’d expect a PIN to work; provide basic “can’t peek” security.

I didn’t think this would be so hard to understand; apparently it is, or you just cannot accept that an iPhone has a pretty wide security hole.

Oh, and that “filter” you have? Pretty childish, I’d say. For someone who ranted so hard about the meanspirited Windows people, you’re showing your own evil side quite well... Of course, I am just a GD EVIL LIAR according to a few of the Mac faithful here, for daring point out some security flaws.

I guess toppling idols makes one a target for the jilted worshipers...


79 posted on 06/26/2010 12:04:43 AM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 77 | View Replies]

To: zeugma

Awww I’m touched. That arbitrary code execution statement from Apple really stung didn’t it.


80 posted on 06/26/2010 3:17:18 AM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 78 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 221-229 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson