Developer Says iPhone 3GS Encryption Useless

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,220
Points 1,187,355
Joined: Sep 2007
News Posted: Fri, Jul 24 2009 10:10 AM
One of the iPhone 3GS's new features is hardware encryption. This should make it more suitable for business, but as its purportedly in hardware, it's unavailable to other iPhone models. It can also be cracked in two minutes, using nothing more than freeware, according to Jonathan Zdziarski, an iPhone developer and hacker.

Zdziarski said:
"It is kind of like storing all your secret messages right next to the secret decoder ring. I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”
To grab data, one simply has to jailbreak the iPhone 3GS, then install an SSH client to port the iPhone 3GS's disk image across to a computer. As the data begins transferring, according to Zdziarski, the 3GS decrypts it automatically.

Of course, perhaps its just that corporations don't care as much as we might think.

During the fiscal Q3 earnings call, COO Tim Cook said, when asked about enterprise adoption of the iPhone:
[...] we are seeing growing interest with the release of the 3GS and iPhone OS 3.0, due in part to the new hardware encryption and the improved security policies.

The phone is particularly doing well with small business and with large organizations that allow people to purchase the phones for individual use, and this is both in corporate and government settings.

Specifically, to give you some numbers, almost 20% of the Fortune 100 have purchased at least 10,000 units or more and there’s now multiple corporations and government agencies who have purchased in excess of 25,000 each.
It should be clear by now, though, that the iPhone is such an attractive device to users, that even without encryption of any type until the 3GS model, it's still made serious inroads into the Enterprise.

Let's face it, when your CEO comes in with an iPhone, you're not going to turn him down; you're going to enable ActiveSync for him. And as more corporations move to a personal liability model, where employees bring in their own mobile device to be enabled on the company network, it's harder and harder to turn it down.

As Zdziarski said, it's up to developers to "not trust Apple" in terms of security.
“If they’re relying on Apple’s security, then their application is going to be terribly insecure. Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it’s entirely useless toward security.”
  • | Post Points: 35
Top 25 Contributor
Posts 3,654
Points 29,000
Joined: Jul 2004
Location: United States, Texas
Drago replied on Fri, Jul 24 2009 2:55 PM

Apple is and always will be living by security by obscurity till they become enough of a target for hackers to really mess with. That time is inching closer and it is way past time for apple to address its horrid shortcomings.

A+ Certified PC Repair Technician
Associates Degree in Computer Science
Bachelors Degree in Computer Information Systems

DFI Lanparty UT NF3 250GB Dead.......Replacement  Abit KV-85
Learn more about Comp TIA A+ Certification.

  • | Post Points: 5
Top 75 Contributor
Posts 2,048
Points 29,300
Joined: Aug 2004
Location: United States, Michigan
kid007 replied on Fri, Jul 24 2009 9:34 PM

Drago remember this Apple is the new cool thing, this guy "Jonathan Zdziarski, an iPhone developer and hacker." why in the world he said something about it before? oh wait maybe because he really does not care about developing a better security oh wait no one else care...

My question is always have been these, why when there is a software release they really don't care about closing the loopholes they are in?

and if they are such a great developers why do they let those loopholes open?

MacBook Pro 13.3" LED-Backlit Glossy, Intel "Penryn" Core 2 Duo T8700 - 2.53G, 8GB DDR3 1066, NVIDIA GForce 9400M 1280X800

HTPC 4G DDR3 XMS Corsair, Intel i5-750 Quad Core, 6ft HDMI Cable by Rosewill, AverMedia Tv Card, Gigabyte P55M-UD2,  Sapphire ATI Radeon HD 5770 with Vapor X Cooling, 500 HD Maxtor 7200 2.5 HDD, Asus Blu-Ray Optical Drive, 46" LED Toshiba TV


  • | Post Points: 5
Page 1 of 1 (3 items) | RSS