Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Claims iPhone 3GS Encryption Easy to Crack

suraj.sun (1348507) writes | more than 5 years ago

Encryption 2

suraj.sun (1348507) writes "What Apple won't tell you is that the supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware.

"It is kind of like storing all your secret messages right next to the secret decoder ring," said Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses ( http://www.zdziarski.com/forensics_seminar/ ) on recovering data from iPhones. "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security."

Zdziarski said it's just as easy to access a user's private information on an iPhone 3GS as it was on the previous generation iPhone 3G or first generation iPhone, both of which didn't feature encryption. If a thief got his hands on an iPhone, a little bit of free software is all that's needed to tap into all of the user's content. Live data can be extracted in as little as two minutes, and an entire raw disk image can be made in about 45 minutes, Zdziarski said.

Wondering where the encryption comes into play? It doesn't. Strangely, once one begins extracting data from an iPhone 3GS, the iPhone begins to decrypt the data on its own, he said.

To steal an iPhone's disk image, hackers can use popular jailbreaking tools such as Red Sn0w and Purple Ra1n to install a custom kernel on the phone. Then, the thief can install an Secure Shell (SSH) client to port the iPhone's raw disk image across SSH onto a computer.

"We're going to have to go with the old imperative of 'Trust no one,'" he said. "And unfortunately part of that is, don't trust Apple."

Wired : http://www.wired.com/gadgetlab/2009/07/iphone-encryption/"

Link to Original Source

cancel ×

2 comments

Sorry! There are no comments related to the filter you selected.

Security through Obscurity? (1)

fortyonejb (1116789) | more than 5 years ago | (#28805439)

It's been that way for quite some time, Apple didn't have enough market share to apparently warrant them taking security seriously. Apple has never been security experts, they excel in different areas. Now that they are clearly in the limelight, it looks like they are going to have to play catch up in that area.

Re:Security through Obscurity? (1)

AHuxley (892839) | more than 5 years ago | (#28816157)

Yes Apple did a MS Xbox, rush the product out, any staff will do. Now its an epic fail :)
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>