But this would mean the device couldn't stay connected while in standby, receiving mail etc.
*Lots* of these security shortcomings seem to be compromising between security and convenience. At least the iPhone has a fully encrypted file system, even if this doesn't always help.
No. I think wireless network password should be set to After First Unlock protection level. In this level, the password is available to the OS after the user enter the passcode for the first time, so the OS could still connect to the network while in standby etc.
iOS does have the protection levels like jallen02 mentioned. The attack is demonstrated on an iPhone with 4.2.1, so the protection levels apply. So why isn't those passwords protected? Clearly the passwords are at the 'Never' level (not protected at all).
It is easy to see this even if your device is not jailbroken. After rebooting the device and before entering a passcode for the first time, the device is able to connect to a password-protected wireless network. No matter the password is encrypted or not, if the device can read it on its own, an attacker can certainly read it if they have physical access to the device. This is no different than losing a personal computer.
I guess Apple needs to reconsider the protection level of sensitive data like passwords. It sounds reasonable to me to force user to enter a passcode before, say, logging into a wireless network, so that the passwords are protected by the user passcode.
Slashdot Mirror
But this would mean the device couldn't stay connected while in standby, receiving mail etc.
*Lots* of these security shortcomings seem to be compromising between security and convenience. At least the iPhone has a fully encrypted file system, even if this doesn't always help.
No. I think wireless network password should be set to After First Unlock protection level. In this level, the password is available to the OS after the user enter the passcode for the first time, so the OS could still connect to the network while in standby etc.
iOS does have the protection levels like jallen02 mentioned. The attack is demonstrated on an iPhone with 4.2.1, so the protection levels apply. So why isn't those passwords protected? Clearly the passwords are at the 'Never' level (not protected at all). It is easy to see this even if your device is not jailbroken. After rebooting the device and before entering a passcode for the first time, the device is able to connect to a password-protected wireless network. No matter the password is encrypted or not, if the device can read it on its own, an attacker can certainly read it if they have physical access to the device. This is no different than losing a personal computer. I guess Apple needs to reconsider the protection level of sensitive data like passwords. It sounds reasonable to me to force user to enter a passcode before, say, logging into a wireless network, so that the passwords are protected by the user passcode.
Okay. Suppose they are trying to build some servers to serve Asia... but still... why South Korea?