Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier
Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesnt prevent access to your data as long as the person doing the snooping around is using Ubuntu Lucid Lynx 10.04.
Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx
I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
(Excerpt) Read more at zdnet.com ...
Sad. I guess you forgot to mention the windows 7 update thread doesn’t have immature windows users saying I have blocked all mac trolls for trying to make security a common issue.
Enjoy.
Or a macbot who blocks people who point out issues with his reality. And then posts to everyone that he’s ignoring reality as if that makes everything better. I really don’t get it...why would anyone put their head in the sand like this?
Hey...what made you think I was referring to you? Don’t be so sensitive.
By the way, what browser you running on that ATM of yours?
Yeah because nobody uses Linux, more specifically the latest version of Ubuntu. It's not like it's free to download or anything. You couldn't possibly load it into a virtual machine in 10 minutes either.
Is that an example of apple security? Obviously you aren’t blocking his posts if you are responding to them.
So why don’t you post a link to the thread where the well known mac user called all windows developers criminals? And then the other very well known mac ping list owner who agreed?
Sorry, your strawman is going up in flames.
“So someone would have to steal my phone and then physically connect it to a computer running a specific version of Ubuntu Linux.”
Or they could pick it up while you step away from your desk, plug it in and take any data you have on it.
Theft of corporate data happens EVERY SINGLE day.
Imagine the health care information for people who receive their email on their iphones. Or people in HR. Payroll departments. I’d guess a lot of business executives have information on their iphone that needs to be kept secure. This is a big hole.
Maybe... but to be fair that would be a pretty extreme violation of attorne/client privilege, like a Nifong level ethics violation. Not to say it wouldn't happen ever, but all the prosecutors I've known are habitually averse to ethical violations like that leading me to believe that most in the profession are as well.
Hey, don't forget your porn! :)
This isn't hacking at all; this is copying the entire file system. Making a duplicate of all the data, so you can sort through it as you want.
Plug phone into computer, drag and drop files, and unplug. No hacking or cracking needed.
And it happens on a phone that's supposedly protected by a PIN to keep it "locked" from anyone using it. Don't even try to enter a PIN, just plug it in!
Let me enter a password on my computer, and my BIOS. And I'll step away. Then you can have at it. See if you can copy the entire contents of the hard disk - without opening the computer - in a matter of 30 seconds. See if you can even boot off a CD (which is turned off in the BIOS).
Seem there's no "booting" or "hacking"; it's just plugging the phone in and it appears just like a USB memory stick. All security is bypassed BY THE IPHONE. No need to try to do anything more difficult than insert a cable.
Actually, it's like walking up to an ATM and making an exact duplicate of the ATM in a few seconds, and walking away, leaving the ATM undisturbed and whole.
Bah, you run Linux - you're just as immature and stupid as us Windows users! See, we're stupid and love getting viruses, you're immature and refuse to pay for anything.
Maybe one day we'll see the light and become Macolytes. Maybe. One day.
Nah...
I think it's a mental illness, like liberalism. The nearest pathology that seems to fit is similar to women who continue to stay with abusive husbands/boyfriends. "I promise I won't hit you again." Sounds kinda similar to the microsoft theme of "this time, we'll get it right."
Can you read it that time, troll? get it through your thick skull, that I have no intention whatsoever of engaging you in conversation. I don't see what you say, and don't give a tinker's damn. Buzz off and bother someone else.
Wow. So you're saying having a password on a phone is equivalent to a BIOS-level password? Wouldn't it be a lot more similar to having a password on your windows user name? Come on, get real here. Personally, I'd like to see an addional bios-type password on devices like this, but it just isn't the way things are done. Go ahead. put a bios password on your computer. If I have physical access, I'll just pop the drive out, copy it to another device, and peruse it at me leisure. After putting it back in your PC, you'll never know the difference, as nothing has been changed.
You seem like you're grasping at straws here, trying to equate the fact that someone with phisical access to hardware compares with remotely executable viruses, worms, and trojans that are endemic in the ms-windows world. Give it up. You're not dealing with someone with only passing familiarity with computers and how they operate.
Seem there's no "booting" or "hacking"; it's just plugging the phone in and it appears just like a USB memory stick. All security is bypassed BY THE IPHONE. No need to try to do anything more difficult than insert a cable.
Which is pretty mcuh comparable in 99% of the cases out there with your average PC. Pop a CD in, fire it up, and copy off what you want. As I mentioned before, the miniscule fraction of people who even bother with a bios password are completely subverted by someone with a screwdriver and a little time. The only real defense to someone with physical access to a computer is to completely encrypt your data partition. These days, given the power in your average computer, that is completely feasable, but only the paranoid do that because it is a hassle. Some companies require that kind of thing on laptops these days, but it is, again, the exception, not the rule, and most crypto, as implemented is pretty piss-poor anyway.
Sorry, but the real world refutes the notion that you are trying to make.
All posts by known troll driftdiver have been Blocked, to view posts by this person you must edit the FRTrollBlocker.user.js file.
I'd say not to bother replying, but I understand that trolls are reding-comprehension impared.
Zeugma,
When I PIN lock my phone (an HTC Touch Pro 2) you cannot access the device. And plugging it in to a computer does nothing, until I unlock the device.
So, yeah - for a non-iPhone, a PIN is equivalent to locking down the phone. You cannot easily access it until you enter the PIN.
Kind of how you’d expect a PIN to work; provide basic “can’t peek” security.
I didn’t think this would be so hard to understand; apparently it is, or you just cannot accept that an iPhone has a pretty wide security hole.
Oh, and that “filter” you have? Pretty childish, I’d say. For someone who ranted so hard about the meanspirited Windows people, you’re showing your own evil side quite well... Of course, I am just a GD EVIL LIAR according to a few of the Mac faithful here, for daring point out some security flaws.
I guess toppling idols makes one a target for the jilted worshipers...
Awww I’m touched. That arbitrary code execution statement from Apple really stung didn’t it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.