Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone 3Gs Encryption Cracked In Two Minutes

Posted by Soulskill on from the see-it-really-is-fast dept.

An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"

3 of 179 comments (clear)

  1. No worry here by Anonymous Coward · · Score: 0, Offtopic

    Steve Jobs cast no shadows, and his followers commit no crimes. There is nothing to worry about here.

  2. Why can't the hacker get in? by YesIAmAScript · · Score: 0, Offtopic

    Did you ask yourself that? If that Blackberry is just sitting there, even asking for a passcode, is it still receiving and storing data? It is, it can receive SMSes for example. It knows how to decrypt everything on itself with the information it has. The only difference between it and an iPhone in this case is the hacker doesn't know how to get the data off, not that it is impossible to do so.

    Maybe a Blackberry has a hardened mode, where it goes inert when you lock it, where it won't receive data because it has forgotten the key to its own storage.

    Either way, if you only have to enter a 4-digit number to get in, then even if the device slows down accepting PINs after a while, if you could pry it open and get the data off, all you need to do is try 10,000 combinations and you'll find one that decrypts the internal key needed to view the data on it.

    --
    http://lkml.org/lkml/2005/8/20/95
  3. it has failed 5 time on me by Anonymous Coward · · Score: 0, Offtopic

    It is not just the security issues i guess ...

    I am an Iphone 3G user here in Singapore and the Iphone has failed on me 5 times since i first bought it.

    2 x battery issue
    1 x unable to power on
    1 x unable to get on 3G network on provider Sim card but other works
    1 x unable to charge (the port failed)

    Each of those time, the telcom which i bought the phone from (Singapore Telecom) replace with an unit and i wonder it is refurbished unit ... or there is some serious QC issue ...

    After 5th time, the telcom still wants to replace the same 3G model to me ... i am totally lost confidence ... Sigh i have paid so much to buy it and this is the painful experience since my journey with Iphone ...