[PugetSoundSoldier]

Actually, it’s not. I corrected you in another thread where you brought this up.

The iOS4 update fixed a race condition if you try to set the PIN as you power down; this is a security hole where you can read your iPhone with Ubuntu even if the PIN is set and the phone is in normal operation, not powering down.

VERY different error/bug. The iOS4 update cured the situation where you thought you locked it but the race condition means you actually didn’t.

This hole is where the phone IS locked, but mounts as a file device under Ubuntu even when locked.

[RightOnTheLeftCoast]

"Actually, it’s not. I corrected you in another thread where you brought this up."

Actually, it is, or at least that's my current read on it. Because, if my research is correct (and sorry, I don't have a 3GS to test it on) sensitive data in the phone is not being exposed and never has.

Bear with me: The lack of /usr, /var, and similar subdirectories is the key. I believe what Ubuntu is seeing is the publicly shared directory, /var/mobile/Media, which contains the photos and such (including the familiar DCIM folder which has always mounted over USB with the phone off). This build of Ubuntu is mounting the full subdirectory tree from that public folder, but the files that would be of privacy concern are not exposed, nor is any of this available wirelessly.

So, I was wrong about the issue being fixed in iOS 4, because it does seem to be a non-issue, inflated by inaccurate reporting. The iOS 4 fix I identified in the other thread does seem to be for something else.