Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Cellphones Encryption Apple

iPhone 3Gs Encryption Cracked In Two Minutes 179

Posted by Soulskill from the see-it-really-is-fast dept.
An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"
This discussion has been archived. No new comments can be posted.

iPhone 3Gs Encryption Cracked In Two Minutes More

iPhone 3Gs Encryption Cracked In Two Minutes

Comments Filter:

  • interesting (Score:5, Interesting)

    by Sir_Lewk ( 967686 ) <sirlewk@gCOLAmail.com minus caffeine> on Friday July 24, 2009 @07:23PM (#28814411)

    Ok, I just watched the linked demonstration and what I noticed was he only placed his "private data" on the phone after he removed the pincode. I'd be interested to see a demonstration of him pulling data off the phone that was present before he reset the pin, to demonstrate that resetting the pin didn't just revert it back to factory defaults and remove all previous data.

    That said, I'll take his word for it now, it's quite interesting in the least. I have to wonder if this is an intentional "feature".

  • Re:But... (Score:1, Interesting)

    by Anonymous Coward on Friday July 24, 2009 @07:29PM (#28814465)

    Laugh, but this actually is the new feature as designed.

    This encryption was added to make it possible to remotely wipe an iPhone in seconds. (Delete the encryption key that is on the phone, no more reading the data off of it.)

    Clearly the intent was not to protect the data on the phone from a real attacker, I don't think anyone at Apple that worked on this would expect that to be the case with the encryption key on the device.

  • Re:interesting (Score:4, Interesting)

    by Sir_Lewk ( 967686 ) <sirlewk@gCOLAmail.com minus caffeine> on Friday July 24, 2009 @07:30PM (#28814471)

    I'd like to add that anyone that thinks a 4 digit pin was ever going to provide any sort of strong protection, particularly for "sensitive data", is an idiot.

    At the worst it'd take less than an hour to brute force it manually.

  • Were the backups encrypted? (Score:5, Interesting)

    by diamondsw ( 685967 ) on Friday July 24, 2009 @07:40PM (#28814555)

    It should be noted that iTunes does not encrypt backups by default, but you can enable that with a checkbox in the iPhone preferences. So the real question is - with a PIN set and encryption on, can it still be hacked?

  • curious... (Score:3, Interesting)

    by sbeckstead ( 555647 ) on Friday July 24, 2009 @07:46PM (#28814625) Homepage Journal
    Did anybody else read the docs on this feature? It seems that encryption was only done as a means to remotely wipe the phone. Was he able to destroy the keys remotely and then have someone read the data off the phone? I don't understand.

  • My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant

    Perhaps I'm missing something here, but what's the point of doing a remote wipe of your iphone, if not to prevent someone that has physical access from accessing your data?

  • Re:The same F500 and military that use Windows? (Score:1, Interesting)

    by Anonymous Coward on Friday July 24, 2009 @08:46PM (#28815055)

    Is that actually true? I'd like to see some evidence.

  • Re:The same F500 and military that use Windows? (Score:1, Interesting)

    by Anonymous Coward on Friday July 24, 2009 @09:04PM (#28815179)

    There is no time window for remote wipe at all:

    1. Steal iPhone
    2. Turn off
    3. Remove SIM, disabling remote wipe
    4. Turn on and spend as long as you like (or 2 minutes) decrypting contents
    5. Steal data
    6. Profit

    (OT, but why don't my list numbers look like numbers?)

  • Re:Ding ding ding (Score:5, Interesting)

    by Alrescha ( 50745 ) on Friday July 24, 2009 @09:30PM (#28815315)

    "Sounds to me like they are implying your data is secure until you have a chance to wipe it remotely. Maybe that was the "something" the "/. crowd" saw and jumped to the wild conclusion that their data was actually protected???"

    You know, I read the paragraph you quoted and even after repeated readings never came to the conclusion that you did. In other words, nowhere does it say your data is protected by encryption. The feature it is touting is 'Remote Wipe' and that feature happens to use some encryption to do its business.

    A.

Slashdot Top Deals

Kleeneness is next to Godelness.

Close