iPhone's PIN-Based Security Transparent To Ubuntu

ndogg writes "Security experts found that the iPhone 3GS has very little security, even with a PIN set up. They plugged one into Ubuntu 10.04, and it was automounted with almost all of the iPhone's data exposed. This has been reported to Apple, but the company seems to be having difficulty reproducing the problem."

Re:Sounds like a feature

[flooey]

Which you can mount under Linux, using FUSE and the appropriate apps (usbmuxd, libimobiledevice, and ifuse). I maintain usbmuxd.

In fact, when you plug an iPhone into a Mac, you can see in the process list that usbmuxd is what Mac OS is using to talk to the device.

Re:Sounds like a feature

[fuzzyfuzzyfungus]

I have to wonder what sort of testing Apple(didn't) do here. If it is possible for a linux machine to mount the filesystem, then setting a PIN clearly has no effect at all on the device's access control of that filesystem. Even if plugged into a mac or PC running iTunes, the data should be equally accessible.

Either they simply didn't feel the need to make the PIN actually do much more than lock the screen(arguably fairly misleading), or next to no testing was done, or (even worse), setting the PIN also sets some sort of "politely ignore the data you could easily access" flag, that iTunes obeys and the third-party implementations don't.

Already fixed in iPhone OS 4.0

[bic2k]

Ya, one of the new features in iPhone OS 4.0 is "Data Protection". Specified files for applications are on the fly encrypted and decrypted. The phone has to be unlocked (valid pin entered) to access the data.

Seems like they already handled this issue, unless someone wants to test that on an iPhone with 4.0 running on it...