iPhone 3Gs Encryption Cracked In Two Minutes

An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"

figures...

[omegakidd]

who would trust phones nowadays anyways?

On The Bright Side...

[NeverVotedBush]

No government will have to strong-arm Apple to give it a back door into the iPhone operating system. ;-)

I know security can be a minefield but for Apple to leave a hole this big is pretty inexcusable.

Re:

[MooseMuffin]

Lets not leave out the crappy job that the military and these enterprises did with their security audits.

Re:On The Bright Side...

[wealthychef]

Laugh, but this actually is the new feature as designed. This encryption was added to make it possible to remotely wipe an iPhone in seconds. (Delete the encryption key that is on the phone, no more reading the data off of it.) Apparently the intent was not to protect the data on the phone from a real attacker, I don't think anyone at Apple that worked on this would expect that to be the case with the encryption key on the device. (stolen from an AC because it's interesting)

Re:

[Achromatic1978]

Apparently the intent was not to protect the data on the phone from a real attacker, I don't think anyone at Apple that worked on this would expect that to be the case with the encryption key on the device.

Ahhh, but that certainly hasn't stopped Apple touting it as a feature of the phone and a selling point into the enterprise, and fanboy gloating...

Re:

[ColdWetDog]

Not that I disagree with you, but you must go to different rest rooms than I do.

I'm luck to get a paper towel dispenser these days.

Re:

[NeverVotedBush]

There might be a reason guys need a towel in the bathrooms he frequents... ;-)

Re:

[wealthychef]

I know it's probably inconceivable to you, but some people actually wash their hands after going to the bathroom. WINK

Re:On the editor side

[Architect_sasyr]

They seem to have the same no-added value functionality of the men's room attendants who are there to hand you a towel as thought you could not get one yourself.

I disagree - the mens room attendant acts like moderators around here do, they keep people from pissing all over the walls.

The editors, on the other hand, seem to encourage that sort of behaviour!

But...

[thePsychologist]

This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.

Re:But...

[mdwh2]

Indeed, it doesn't matter that other phones have been cracked - Apple were the first ones to make it work Out Of The Box.

It's all about the implementation. With the iPhone 3gS, your credit card details are integrated perfectly with crackers, thieves, and Steve Jobs.

I cracked my iPhone way faster...

[tbischel]

This is a feature. Cracking is yet another thing about the iPhone that Just Works. I believe Steve Jobs would be proud.

I Cracked my iPhone the first time I dropped it, 30 seconds flat. But if you read the fine print, it turns out Apples warranty doesn't cover the screen.

Re:

[Steffan]

I Cracked my iPhone the first time I dropped it, 30 seconds flat. But if you read the fine print, it turns out Apples warranty doesn't cover the screen.

On the off chance that you're not trolling, why would you think the warranty would cover accidental damage? If I run my car into a tree during the first 5/50, they're not going to give me a new car because the car was defective.

I think Apple would happily replace the screen if something happened that was a manufacturing defect. If you can convince someon

Re:

[Tony Hoyle]

A phone that breaks from merely being dropped from a normal height *is* defective. Everyone drops things from time to time - it should be part of the design goals to cope with some moderate impact damage.

I've seen Nokia phones thrown across rooms and suffer only minor scratches.. those things are pretty durable. I believe blackberries are the same.

Re:

[drinkypoo]

I dropped my RAZR V3i numerous times. I'm 6'7" so the distance to the ground can be significant. The hinge got a little floppy by its end-of-life (a couple years of heavy use mind you) but what usually happened in a fall is that the battery door would fly off like Citroen parts in a collision, and the phone would often not even show a scratch (from concrete and tarmac drops, no less... numerous ones)

If the iPhone can't handle drops, I'm really glad that ATT doesn't allow their "authorized resellers" to sell

Re:

[quenda]

Ha, that's one kind of crack that can be fixed. Just replace the screen with plastic
like Apple should have done in the first place, if Jobs wasn't so obsessed with form over practicality.

http://arstechnica.com/apple/news/2007/09/fix-a-cracked-iphone-screen-on-the-cheap.ars [arstechnica.com]

(then again, replacing cracked screens at $250 a pop is nicely practical from Apple's viewpoint.)

Re:

[FooAtWFU]

So you're saying that he's not attacking the encryption, he's attacking how it's used? Sounds like... pretty bog-standard procedure, really. :)

The same F500 and military that use Windows?

[gig]

Until the Fortune 500 and the military stop using Microsoft products, I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.

My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.

In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?

Re:The same F500 and military that use Windows?

[nxtw]

In this case, the hacker not only had the iPhone in his physical possession, but it was not Remote Wiped, so he also had the keys in his possession. How is it at all surprising that he was able to get in?

Because if that same hacker had a Blackberry in his possession with encryption enabled, he would not be able to get in.

Re:Why can't the hacker get in?

[nxtw]

If that Blackberry is just sitting there, even asking for a passcode, is it still receiving and storing data?

Yes. But the BlackBerry doesn't store the encryption key in-the-clear like the iPhone 3G S does, and you can't run arbitrary code on a BlackBerry just by plugging it in to a PC.

Maybe a Blackberry has a hardened mode, where it goes inert when you lock it, where it won't receive data because it has forgotten the key to its own storage.

In fact, it does. BlackBerries even have an option to not encrypt the address book so you can have names appear on caller ID while the device is locked.

Either way, if you only have to enter a 4-digit number to get in, then even if the device slows down accepting PINs after a while

No; the BlackBerry (or even the iPhone!) would be configured to wipe the device after a few invalid password attempts. My (corporate managed) BlackBerry wipes the device after 10 invalid password attempts, and my password is longer than 4 characters (and includes non-digits.)

Re:

[dgatwood]

In fact, it does. BlackBerries even have an option to not encrypt the address book so you can have names appear on caller ID while the device is locked.

They shouldn't leave the address book unencrypted. You could get a fairly significant increase in security with just some simple hashing.

For the copy on the "public" side (used while the device is locked), you use a database with two keys: hash and cryptname. Use a one-way hashing function on the telephone number and store that in the hash field, then comp

Re:

[Achromatic1978]

They shouldn't leave the address book unencrypted. You could get a fairly significant increase in security with just some simple hashing.

This is why it's an option.

That when you choose to encrypt the device, you are asked whether to specifically leave the address book decrypted.

Of course, if network policy is specified, you may not even have that option.

Re:

[YesIAmAScript]

But the BlackBerry doesn't store the encryption key in-the-clear like the iPhone 3G S does, and you can't run arbitrary code on a BlackBerry just by plugging it in to a PC.

Again, my point was that YOU can't. That doesn't mean it's not possible to do so, you have no proof this cannot be done. Sure, the BlackBerry is supposed to be secured. The iPhone was also supposed to be.

Either way, if you only have to enter a 4-digit number to get in, then even if the device slows down accepting PINs after a while

No; the BlackBerry (or even the iPhone!) would be configured to wipe the device after a few invalid password attempts. My (corporate managed) BlackBerry wipes the device after 10 invalid password attempts, and my password is longer than 4 characters (and includes non-digits.)

Do me a favor, how about you don't prune off the important part of my message.

Here is my paragraph:

Either way, if you only have to enter a 4-digit number to get in, then even if the device slows down accepting PINs after a while, if you could pry it open and get the data off, all you need to do is try 10,000 combinations and you'll find one that decrypts the internal key needed to view the data on it.

That's why I said you would pry the device open and get the data off. What I am saying is that any device that can be unlocked with a 4-digit code has enough information on it to completely decrypt itself base

Re:

[Achromatic1978]

Sure, the BlackBerry is supposed to be secured. The iPhone was also supposed to be.

The BlackBerry has passed FIPS certifications. For all the touting of "security" and "encryption", I have never heard anyone other than Apple claim that it is secure, certainly not certified.

(That certain agencies would then choose to implement usage of the iPhone without verification thereof is another issue altogether. There is way too much belief and sentiment that it is the JesusPhone, and a lot of fingers that get put

Re:

[afidel]

The Blackberry allows real passwords not 4 digit pins and it has policies to wipe the device after so many bad password attempts. Since the data is all in the corporate email system and can easily be re-uploaded to a new device there's no downside to this, this is very different from the consumer oriented iphone.

Re:

[YesIAmAScript]

The iPhone also has a setting to wipe after a number of attempts. That was not my point. I didn't say you were going to try to enter 10,000 codes. I said the information necessary to decode the data was in the unit.

An iPhone is also backed up every time you sync it, you can restore a new phone to be exactly like yours in no time. Apple mentioned this when they announce the remote wipe function of "find my iPhone".

Re:The same F500 and military that use Windows?

[Anonymous Coward]

My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant instead of taking 1 hour per gigabyte because the Remote Wipe only has to destroy the decryption keys, not every bit of data on the disk. When you Remote Wipe an iPhone 3G it takes 1 hour per gigabyte to destroy the data. With a 3GS, it takes a few seconds.

Isn't the point of remote wipe to prevent unauthorized access to the data on the physical device? So, it doesn't matter how long it takes to do the remote wipe if the keys can be broken in 2 minutes since that leaves only a small window of time to do the wipe. Especially if the attacker can copy the entire contents of the iPhone to a remote storage device and do it offline.

Disk encryption, especially mobile and laptop, should be designed specifically to prevent data retrieval when physical possession is obtained by an attacker.

Mod parent up

[Gnavpot]

For this:

Disk encryption, especially mobile and laptop, should be designed specifically to prevent data retrieval when physical possession is obtained by an attacker.

Re:

[erroneus]

Indeed, let's state this more simply so that people can use it in other places as well:

1. Security through obscurity is not security
2. If security relies on an attacker not to be smart enough, it is not secure

Re:

[thedak]

.. I won't lose a blink of sleep over them using Apple products. This guy had to have physical access to the iPhone to crack it, and even then the iPhone did not start sending its data out over the Internet along with a virus payload that formed a massive botnet that crippled Internet bandwidth.

That is because they are completely different cases with completely different mechanisms to prevent them. You're talking about the ability to load a spambot or something on a mobile device. The encryption is there to ensure your address book is safe, your calendar is safe, any photos and other data are safe. Not to ensure the device does not run arbitrary code. The problem with the data encryption being crackable within an arbitrary length of time is a large issue, as it is meant to be protection regardl

Re:The same F500 and military that use Windows?

[Sir_Lewk]

My understanding is that the encryption in the 3GS is not meant to prevent a user with physical access to the device from accessing the data. It's to make Remote Wipe instant

Perhaps I'm missing something here, but what's the point of doing a remote wipe of your iphone, if not to prevent someone that has physical access from accessing your data?

Re:

[Chatterton]

Pffff nitpicking ;-)

Re:

[SoupIsGoodFood_42]

To prevent most thieves from getting access to your data? I'm not sure Apple has ever advertised this as high-grade protection. The only reference I can find on their site is to remote wiping. Maybe I'm not looking in the right place?

Re:

[Henk Poley]

It's more like 1 hour per 8GB, btw.

Re:

[gilesjuk]

He also had to jailbreak the phone to get into it.

That's pretty much the same as using an exploit to gain super user access to a computer. We all know there's root kits and scripts which make this easy.

Smarthones aren't all that secure, they typically all have some sort of boot loader which you can often use to read the contents of the flash.

interesting

[Sir_Lewk]

Ok, I just watched the linked demonstration and what I noticed was he only placed his "private data" on the phone after he removed the pincode. I'd be interested to see a demonstration of him pulling data off the phone that was present before he reset the pin, to demonstrate that resetting the pin didn't just revert it back to factory defaults and remove all previous data.

That said, I'll take his word for it now, it's quite interesting in the least. I have to wonder if this is an intentional "feature".

Re:interesting

[Sir_Lewk]

I'd like to add that anyone that thinks a 4 digit pin was ever going to provide any sort of strong protection, particularly for "sensitive data", is an idiot.

At the worst it'd take less than an hour to brute force it manually.

Re:

[commodore64_love]

0000.

That's a good PIN right. Or maybe 0212, my birthday? Nobody would ever guess that.

Re:

[Darkness404]

Something tells me 0212 is going to do a lot better against an unknown attacker than the 19xx pins that are ever so common....

Re:

[dgatwood]

Mine is sooooooo much better. The combination is...

1...

2...

3...

4.

Re:

[m_ilya]

Doesn't SIM card lock after 3 tries with a wrong PIN code? How do you brute force this?

Re:

[Sir_Lewk]

So that takes care of low tech brute force attempts but the fact remains that in cryptography a 4 digit secret is pretty damned worthless.

Also, with that sort of security system I sure as hell hope you keep backups...

Re:

[dzfoo]

With a mobile phone? I would imagine that that is mandatory. Unless you bolt it to a chain and clamp it to your arm or something as such, the chances of losing or misplacing a mobile device is high. That's why wiping sensitive data on it when compromised is an acceptable protection.

        -dZ.

Re:

[Gnavpot]

...unless you've got it set to delete all data on your phone after 10 incorrect attempts.

You are assuming that the attacker does not use his own software for extracting and decrypting the data?

That assumption is usually one of the first and most obvious traps people fall into when they try to invent a new protection method.

But perhaps the assumption will hold in this particular case. I don't know if it is possible to extract the encrypted data from an iPhone and decrypt them elsewhere.

Re:

[Tony Hoyle]

It probably isn't that hard, but if the software stops you and you really want the data rip the thing apart and read it directly off the chips.

Re:interesting

[PnjDbq]

The iPhone starts injecting time delays into the login/wipe process, I believe after the first 5 incorrect attempts. First one minute, then 5 minutes, and I have never had the patience to watch much beyond that. You can still sabotage the phone, but it's not fast.

Re:

[John Nowak]

Or just pick it up and throw it out the window.

Re:

[Minupla]

That's how my work Blackberry is configured - if I enter my PIN wrong too many times, it self wipes. All my data is gone. Until I either plug it in to my workstation at work, and it restores form the backup, or I call in and get a new activation pin assigned and do a wireless sync. It's a bit of a pain in the butt when it happens, but seems like a reasonable trade off. Of course the BB has a good keyboard, so i don't mistype often :)

That being said, I do lust after an Iphone for personal use, but I wou

More like assholetage

[SuperKendall]

That would make sabotaging someone's phone pretty easy. Just pick it up, make ten wild ass guesses at a PIN, and rest assured their precious data is now gone.

Nope, it's on the computer they sync with.

All you managed to do is prove you are an asshole, not actually destroy anything (except perhaps something they did that day).

Re:

[Tony Hoyle]

Those aren't particularly secure either... you don't *need* the code to break into luggage (anyone who's come across airport security probably has experienced this). ATMs and Chip/Pin systems rely on nobody physically getting hold of your card and/or having the time to enter enough combinations to break into the system. Alarm systems, except the most expensive ones with direct connections to the local police, are mostly snake oil - shutting one up takes under a minute and most people don't react to alarms

Re:

[turbidostato]

"Most people really don't want real security. It would be a support nightmare"

It wouldn't.

"the common person is an idiot and will forget their password or whatever. Then all they want is their data back and they expect Apple to give it to them. If the device was really truly secure then their data would be permanently gone."

And that's exaclty why it wouldn't be a support nightmare:
-Hello, I forgot my password.
-Then you are f*ed. Next call!

See? About five seconds and the incident is properly closed.

It can

Re:

[dgatwood]

Actually, this is a great application for MobileMe. If you forget your pin number, assuming you are connected through MobileMe, it would be just as simple to have a remote unlock/PIN reset command as it is to have a mobile wipe. No support nightmare required. "Log into your MobileMe account. Now click 'My iPhone.' Now click 'Forgot PIN'. Now enter a new PIN. No! Don't tell me what it is! Enter a different PIN. Write it down before you do. Now click the 'Change PIN' button. Wait for it." The pho

security theatre

[drDugan]

security theatre: (1) security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security, usually resulting from political absurdity, poor engineering, the need to present an image of security more than real security, or some combination of these factors. (2) The real mission of the Transportation Security Administration.

Examples: airport screening, "No-Fly" lists, random searches on subway systems, 1950's "duck and cover" drills in U.S. public schools

Wow, this guy is hard core...

[risk one]

He even encrypted his last name.

Re:

[dzfoo]

It's not encrypted, it's Base64-encoded!

Learn the difference. sheeeesh.

          -dZ.

Were the backups encrypted?

[diamondsw]

It should be noted that iTunes does not encrypt backups by default, but you can enable that with a checkbox in the iPhone preferences. So the real question is - with a PIN set and encryption on, can it still be hacked?

The Real Question is...

[Nom du Keyboard]

The real question is whether or not you should be storing sensitive material on your iPhone in the first place?

If the answer is: What kind of idiot are you? Of course my iPhone is the center of my universe and the repository of everything that will ever matter to me right at my finger tips, then there's a huge opportunity just waiting for some programmer at the Apps Store who can code faster than I can to supply a cheap App that actually provides true security...

...provided that Apple and the government

Re:

[bertoelcon]

Government might, Apple will not unless it randomly falls into a list of auto-approved apps that doesn't exist.

Re:

[AmberBlackCat]

I think if you have some data you just have to keep, and there are people willing to break into your home to take it from you, you might be better off with the data in your iPhone than something bigger.

Re:

[PuckSR]

Ummm...no

Who would store "sensitive" data on a cell phone?
Well, consider that most companies, agencies, etc consider their email "sensitive". Why do you think most businesses purchase 'smartphones'? TO ACCESS COMPANY EMAIL
It isn't just a matter of company email carrying sensitive data, it carries normal data that would be highly beneficial to a bit of social engineering.

Still don't understand the whole 'smartphone'/sensitive data issue?
Ask yourself this question. Why won't the secret service let Obama ca

Re:

[Tony Hoyle]

You access company email remotely. You don't store it locally (it goes without saying you don't use POP for company email). A compromised phone might have the latest email hanging around somewhere, but everything else is safe.

Re:

[dzfoo]

You're thinking sensitive material as in the plans to the Death Star, or the combination to the bank's vault. However, sensitive material may just be a seemingly inocuous e-mail to your boss telling him how the business proposal was received, or a voice memo you prepared highlighting some new product ideas, while on the road to meet a client.

          -dZ.

curious...

[sbeckstead]

Did anybody else read the docs on this feature? It seems that encryption was only done as a means to remotely wipe the phone. Was he able to destroy the keys remotely and then have someone read the data off the phone? I don't understand.

Ding ding ding

[earnest murderer]

We have a winner...

The real issue at hand is how much time nerds spend thinking of ways they are right, instead of trying to understand how they might be wrong. iPhone 3gs was never marketed as having strong encryption (http://www.apple.com/iphone/specs.html), the /. crowd simply saw "something" was implemented and decided that the intent was to hide data.

Re:Ding ding ding

[Alrescha]

"Sounds to me like they are implying your data is secure until you have a chance to wipe it remotely. Maybe that was the "something" the "/. crowd" saw and jumped to the wild conclusion that their data was actually protected???"

You know, I read the paragraph you quoted and even after repeated readings never came to the conclusion that you did. In other words, nowhere does it say your data is protected by encryption. The feature it is touting is 'Remote Wipe' and that feature happens to use some encryption to do its business.

A.

Re:

[turbidostato]

"You know, I read the paragraph you quoted and even after repeated readings never came to the conclusion that you did. In other words, nowhere does it say your data is protected by encryption."

You know, I read the paragraph you quoted and even after repeated readings never came to the conclusion you did. In other words, nowhere does it say he implied the data was protected by *encryption* but just that the data was protected from undesired eyes due to a feature called "Remote Wipe".

Well, it happens that "R

Re:

[stuboogie]

"In other words, nowhere does it say your data is protected by encryption."

Well, I never said it DID. I said: "Sounds to me like they are implying your data is secure until you have a chance to wipe it remotely." Which is exactly what they are doing in the following statements:

"Protect your privacy with Remote Wipe."

"Your iPhone contains important and personal information -- information you probably don't want in the hands of a stranger. So if you lose your iPhone...you can initiate a remote wipe t

Oh Great

[maiotaku]

Oh great, now all those secret emails about the money laundering are going to be found by the government because I'm the only major corporate executive who uses an iPhone to talk about all our illegal activities. I thought my data would be so safe, with no other weak links in the chain... like my email server or anything of that sort that could possibly also be hacked...

Encryption is both Complex and Tricky

[omb]

OK, the real problem is expectation and marketing, from the story, the encryption is (egregiously) useless.

If the device is in your hands, you can physically remove the memory, and then examine it breaking the weak encryption on the fly.

The marketing (surprise ... ) misrepresents that.

The trick, instead, is concentrating and protecting important information

They forgot the #1 rule to fight off hackers...

[dan_sdot]

They used the password "GOD".

Reader Fail

[marshzd]

This is a pisspoor attempt at trying to discredit Apple for a CONSUMER product. Spore was hacked two weeks before the game was released. The Sony PSP has been hacked since the beginning of it's formation. The X-Box was not only hacked to put in bigger drives, but also was hacked to put Linux on it (which took a little longer but still) Windows XP is easily hacked by booting up in Safe Mode, you have immediate free admin access to add users and change passwords. Windows Vista/2000(2003) Server are all hackable with a quick linux boot CD, takes about three minutes (I've done this multiple times on many machines). You can either change the password, or just load all the persons files onto an external drive (I usually do this for when someone windows dies but you could easily take all their information unencrypted right off). Every consumer device and software product is usually hacked before it's even released, if not shortly after it's released. The fact that this article was just barely posted actually makes me wonder how stupid they are for failing this long at trying to break a consumer product. I've never seen a single ad for the iPhone, PSP, or X-Box advertising their "security". They generally intentionally have loopholes because they realize that users (like the person who wrote this article) are freaking idiots and are going to lock themselves out. The biggest loophole is having an admin user (:O) reset their password. And getting that password from them is as simple as starting their pubes on fire if not using the previously mentioned boot disk to simply wipe the password and log in. This isn't any sort of fail on Apple's part. They can't handle everything in the universe on their phone. Nor was it PSP's fail when it got hacked. Or windows when it gets hacked. There's BLATANT fails that generally get fixed, but not really any here. Sorry folks, move along.

It was as if..

[timmarhy]

.. a thousand apple fanboi's cried out and then were suddenly silent....

What, me worry?

[jc42]

With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?

Well, as someone who isn't part of any Fortune-100 corporation or military force, I guess my response would be "Not at all."

It's generally understood and widely acknowledged that the secrecy in such organizations functions primarily to keep their inner workings private from their own populations, i.e., us "little people" who pay to keep them running but aren't allowed to look into their inner workings. If they are riddled with holes in their communications because they're using iPhones or MS Windows or whatever, that means that there's a good chance that investigators can find out what they're up to and inform the rest of us.

Consider the last few years of disasters in the American financial industry. It's pretty clear now that the perpetrators knew quite well what they were doing, and were profiting quite well from it all. It's the "little people" who are paying for the collapse, while the officers of the corporations are still taking home huge paychecks and bonuses. The reason it went on for so long was that the companies involved were able to keep their shady dealings secret from the great majority of their investors. If we'd had better security holes to see inside them, maybe some of the disaster could have been avoided.

It's hardly a secret that military security primarily functions to hide their internal corruption (and bungling) from their own citizenry. Making their internal communications available to the citizenry via poor comms security seems like a win for the country as a whole.

(Yeah; I know; "Such a dreamer." ;-)

Re:

[BitZtream]

You are rather disconnected from reality. No one who matters in the military, the ones with real secrets, are putting that data on an iPhone. The little people who don't actually know anything truely important are using iPhones.

We didn't find out about the banking issues because some piece of software was hacked, we found out because the ran out of money to keep the scam going or because someone (not a peon) who was higher up in the organization blew the whistle.

Most 'leaks' are entirely intentional, some

much-touted?

[csimicah]

I wasn't even aware of this feature until I started reading echo-chamber blog articles about how weak the encryption was. This doesn't make the issue any more or less legitimate but it sure does make the post seem a little fantastic.

If I have access to the physical phone

[MeNeXT]

regardless of who manufactures it, I have access to the data. If I have access to the physical machine I have access to the data. If you are carrying sensitive information and the only thing blocking my access is a four digit code then you are an IDIOT regardless of what OS you are using.

Common people where is the news here? You actually think a Blackberry, Nokia or any other phone on the market today has any kind of encryption that can't be broken into with a bit of research.

 

Re:

[fadir]

Pretty fitting post!

As my former employer (mmo developer) used to say: Why the heck should we invest time and money into encrypting our protocol to protect the client from being run via proxies to cheat, when there is literally no way to enforce it because as soon as you own the end point (in that case the game client, in the case here the mobile phone) you have (fairly easy) access to everything anyway.

Re:

[kwerle]

Cute username.

...

Common people where is the news here? You actually think a Blackberry, Nokia or any other phone on the market today has any kind of encryption that can't be broken into with a bit of research.

Yes.

http://www.resourcecenter.blackberry.com/resource/xHCO-BlackBerry_Enterprise_Solution_Security_version_4.pdf [blackberry.com]

I'd rather use an iPhone, but company policy is BB. Then again, the BB is encrypted. 10 bad attempts at a password and it nukes itself.

The US does not make it easy to sell encryption products, but this (slip from Apple) is pathetic. I'm generally unhappy with Apple's security standards. AFS mounts in the clear by default, and inconvenient to do securely? Come on.

Re:

[Dan541]

Most security measures are designed to thwart low level attacks.

A 4 digit pin number will indeed keep most attackers at bay, same goes for screen-saver passwords. Or even the lock on your front door.

Although I can not deny the problem that exists when highly confidential data is protected ONLY by one of these low level options, similar to using a $2 padlock to secure a missile silo.

Re:

[miro f]

If I have access to the physical machine I have access to the data.

Ever seen a Thales card payment system HSM? These are the devices that protect your PIN, credit card verification number, bank interchanges, all sorts of different keys. Try getting an encryption key out of one of those:
http://en.wikipedia.org/wiki/Hardware_Security_Module [wikipedia.org]

Not to mention any modern EFTPOS devices, while more compact. are good enough that pretty much anyone can be given one and we can remain confident that the key is safe in there.

When you control the hardware, it is possible to hide the key.

The answer: web based and cloud

[fadir]

I'll probably get moderated troll for that but it's pretty obvious to me:
Put your data into a (trusted) cloud and not onto the phone itself, use encryption on the way and you are as safe as you can get. The phone is only useful when connected anyway, so why should I have to carry the data on the phone?

Re:

[kkelly]

I'll probably get moderated troll for that but it's pretty obvious to me:
Put your data into a (trusted) cloud and not onto the phone itself, use encryption on the way and you are as safe as you can get. The phone is only useful when connected anyway, so why should I have to carry the data on the phone?

The phones are useful when not connected because you have stored your important data on the device. Because cell phone coverage and WIFI are not ubiquitous, a phone connected to the cloud is essentially useless in the absence of a signal. I have visited places all over this country where a flare gun would have been more a effective means of communication than my smartphone, but I could still call up that important office document, pdf or diagram because it was stored locally on the device. Less secure, p

Impossible to have more secure iPhone too

[Ilgaz]

On other smart phone platforms, if your data is really precious and if you need more than average security, you install security solutions.

As my data is not that precious, I have just trialed commercial, easy to install security solutions like Kaspersky Mobile, F-Secure. Both has firewalls on socket and application level, heuristics, anti spam, remote locking and in Kaspersky'es case, even a "white hat rootkit" to track your phone after it has been stolen. I can easily say that they will be never possible o

"Cracked"

[Legion303]

I realize the submitter might not know the meaning of the word, but the editor could have at least glanced at the article and realized there's no cracking involved.

I know, "welcome to Slashdot."

Privacy glass

[YourExperiment]

it's 'like putting privacy glass on half your shower door.'

So, he's saying that the encryption is perfectly adequate for male users, whereas female users are less well protected, but at least it stops people seeing the really good bits?

Re:Apple blows.

[SomeJoel]

I am confused. Does it suck, or does it blow? These are opposites, are they not?

Re:

[Anonymous Coward]

Well, when one has diarrhea, one 'blows' chunks out of their ass. This 'sucks' when it happens. So I guess we can say Apple is 'shit'.

Re:

[bertoelcon]

My vacuum can suck and blow, but it doesn't have the capacity for hot air that apple does.

Re:

[commodore64_love]

The best technique involves both sucking and blowing, in an alternating fashion.

Microsoft could probably patent it since they've been doing both since Windows 1986 (quite literally the worst OS of that year).

Re:Apple blows.

[NightRain]

The best technique involves both sucking and blowing, in an alternating fashion.

Isn't that also known as breathing?

Re:

[ioshhdflwuegfh]

I am confused. Does it suck, or does it blow? These are opposites, are they not?

The verb that solves this logical conundrum is: fellate.

It's Mega Maid, sir --

[thisnamestoolong]

She's gone from suck to blow!

Re:

[Randall311]

No, it's a jet engine. It sucks and blows at the same time.

Re:I put privacy glass . . .

[frosty_tsm]

I put privacy glass on the top half of the shower door so I don't have to look at the people watching me, which seems to be the same kind of privacy I can expect on my iPhone 3G.

Fixed it for you.

Re:

[solanum]

What are you taking about, don't you shower standing on your head like the rest of us?

Re:

[HTH NE1]

"Which half of her swimsuit did she wear?"
"The left half."

I think that was from Bewitched, regarding Samantha's twin sister's visit to a public beach.

Re:

[mdwh2]

For a moment, I thought you were the author of the Windows File Copy Dialog [xkcd.com]...

Re:

[HTH NE1]

For a moment, I thought you were the author of the Windows File Copy Dialog...

I actually miss the animation from the XP file copy dialog. It rotates all the files 90 degrees, turning them imaginary.

Re:

[thePowerOfGrayskull]

That's great, but... if only someone could crack the ipod classic hard drive secrets as easily. rockbox [rockbox.org] needs your help.

Hm, let's fix the URL above - and this time uncheck "post anon" which automatically got checked for no apparent reason.

Re:

[Doctor_Jest]

And yet Apple STILL doesn't have remote exploits that infect your machine WHILE CONNECTING TO THE PATCH SERVER. *cough* Not all vulnerabilities are created equal. But sarcasm aside... I wonder, tinfoil hat on and all, if this is "desired" behavior? I wouldn't put it past the government to _want_ this sort of ability....