“Excuse me, but your data’s showing…” (Major iPhone security hole alert!)

By May 27, 2010 7:14 pm EST Comments

Whoa, this is NOT okay…

Security pros have just revealed a massive security flaw in the iPhone. Turns out anyone using a variant of Linux PC can access the data inside an iPhone just by plugging it in. (Yes, even pristine, never-jailbroken iPhones with PIN code locks on them.)

How concerned should you be? Very. Ubuntu Lucid Lynx may not be as common as Windows or the Mac OS, but don’t be fooled. Plenty of people know how to work Linux. It’s not like your phone’s just at risk of being scavenged by some esoteric eggheaded technofiles here; anyone who knows how to operate a Linux PC would be able to copy data off your iPhone. And when it’s done, you could even get it back and have no clue it had ever happened.

After experts Bernd Marienfeldt and Jim Herbeck plugged in an iPhone 3GS, it auto-mounted. Then they discovered the following window:

*Jaw drops*

Frankly, this is just shocking. In all, they could see tunes, pics, vids, podcasts, voice recordings, Google safe-browsing database, game data, and more. According to Bernd, there’s no data encryption for content, and that’s the real issue here. (It also can’t digitally sign e-mails — a big reason why the Apple smartphone still hasn’t been widely adopted by companies.) When the pair alerted Apple about this security hole, they said, “Apple could reproduce the described serious issue and believes to understand why this can happen but cannot provide timing or further details on the release of a fix.”

Will the data-protection feature in iPhone OS 4 close the hole? I’ve got fingers crossed on that one. And the big learning lesson here is, until this gets resolved, do NOT lose your phone. (Suddenly, MobileMe and its remote wipe feature is sounding like a really good idea.)

This doesn’t mean you should stop using a PIN. It may not prevent hackers from getting into your device, but at least it will deter nosy pals (and even non tech-savvy thieves) from gaining access.

Via: ZDNet, Engadget, Bernd Marienfeldt

Tags:

Related Posts

Post comment as
twitter logo facebook logo
Sort: Newest | Oldest
MICHEAL_101

Short little rant- Wow I can't believe no one noticed this at Apple. This needs to be fixed asap. I don't like that my phone is not succure. Knowing someone can just plug it into a compter running Linux and go through everything in my phone (even if I passcode locked it) without me even knowing.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Andrew Steffy

Holy mackerel, That's ridiculous. I'm not too surprised that its able to read it. I am however perplexed as to why Apple doesn't have it locked up and inaccessible to anything other than the iPhone OS or Apple related software. Very shocking

share
  • spam
  • offensive
  • disagree
  • off topic
 Like