Home > All, Blogs > BLOGS: iPhones and security – or lack of…

BLOGS: iPhones and security – or lack of…

Bernd Marienfeldt has a running blog on a security flaw in the iPhone. Basically, the security don’t work. He has been able to bypass the encryption, exposing data, on non-jailbroken iPhones.

The newly uncovered vulnerability shows that the Apple’s iPhone 3GS authentication model is somehow or other broken. The iPhone vulnerability was covered in SANS webcast “iPhone Insecurity” by Jim Herbeck: Webcast audio excerpt of iPhone vulnerability.
Bernd Marienfeldt

Apple could not at first reproduce this vulnerability, but now can:

Apple could reproduce the as described serious issue and believes to understand why this can happen but cannot provide timing or further details on the release of a fix.

The issue here is Apple’s claim

Encryption:
iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users.

merely provides a false sense of security. Businesses hand out iPhones to staff believing the encryption keeps data safe and staff within the data protection laws. But iPhones are very easily lost or stolen. And at this moment they are not secure in the hands of a hacker.

Blog entry

Categories: All, Blogs
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s