Hackers scoffing at iPhone 3GS' hardware encryption
By Chris Ziegler 
posted Jul 24th 2009 12:19AM
posted Jul 24th 2009 12:19AM
There were other features taking higher billing in the iPhone 3GS' announcement than its hardware-level encryption -- hell, even the magnetic compass was getting more play -- but it's there, and Apple's actively marketing the bit-scrambling capability to enterprise clients. Problem is, hackers are apparently having a field day with it, rendering it useless in all but name. One iPhone dev (who teaches courses on pulling data off iPhones, coincidentally) goes so far to say that he doesn't "think any of us have ever seen encryption implemented so poorly before," noting that it's no more difficult for him to pull data off a 3GS than it is off an encryption-free 3G. He goes on to point out that RIM -- which has far more experience dealing with enterprise-class mobile fleets than Apple does -- offers a far more robust remote wipe solution that doesn't necessarily need to rely on an active wireless connection to clear a phone. The lesson? As overwhelmingly popular as the iPhone may be across every market segment, these guys are still the new kids on the enterprise block -- and RIM (and heck, Microsoft, too) would be wise to stand their ground here.
WHERES MISTER PAUL A CHAPEL NOW ...
relax you troll
You know what's worse than Paul A. Chapel? People who can't stop talking about Paul A. Chapel.
Oh, he's the troll, eh? LOL! With the kind of crap Engadget readers have to put up with from Paul, it's hard to say I don't share mr2dxtream's sentiments.
(OK, now let's get on with pretending Chapel doesn't exist.)
2 men in black walk in and.... *flash* "This never happened"...
Remember rule 1
Isn't it obvious? He's already been tucked into bed by now.
the funny thing is everyone is always talking about how secure and virus free macs are, and that the only reason is because no one wants to code viruses and stuff for them.
this kind of proves that since apple has never had to really deal with malware and security issues on such a grand scale, they have NO clue how to truly stop it.
@ D889
With respect, that statement is gross oversimplification...
You know what this means don't you? More dead Chinese factor workers.
@Chris Ziegler
This may or may not be true, but as a rational, prudent person, I am withholding judgement until I see ACTUAL EVIDENCE from multiple independent sources. The most obvious thing that separates journalists from lay-men bloggers like yourself is that they actually understand the importance of prudent research before blowing the horn on sensationalist claims.
Where are the secondary opinions? Where are opinions from already established, well-known security professionals who have no interest in promoting their name via salacious claims of iPhone doom? Do you actually perform *ANY* prior research at all, or do you just immediately write a blurb and publish any and all unsubstantiated claims?
Honestly, this is the very problem with "new media" replacing news papers and magazines. There is a reason why most journalists are college educated, and have spent years learning the craft of professional journalism. Any Joe Blow out there who can write a 10th grade essay now thinks they are qualified to be a mouth piece for the world.
@d889
Since you appear to have no knowledge or experience whatsoever with OS and application security, malware, exploits, etc, you should just stick to talking about myspace, ringtones, and whatever else in of interest to teenagers these days.
I want to hear more about the magnetic compass.
Apparently it uses kinetic energy for power, because my iPhone always tells me to move it in a figure-eight pattern to make it work.
The figure 8 thing is just a subliminal way of making you want to go ice skating, and, by extension, become utterly gay. Giving me your iPhone will solve your problem.
What sort of prancing weasels would perform an autopsy upon an iPhone anyway??
Ferrets rule! (When they're awake.)
"Prancing weasels"
Love it!!!1
I'm still in awe at the fact that there's actual businesses using an iphone out there
Few are far between, much like Macs.
Sure, a few businesses here and there will deploy them, but time and time again, it's been demonstrated that the iPhone falls way behinds many of its competitors as a legitimate business solution/tool.
I present to you exhibit A:
http://www.engadget.com/2009/07/10/editorial-taking-the-iphone-3gs-off-the-job-market/#comments
the fact is, Apple will never deeply penetrate (heh) the business/enterprise market unless they develop an OS product that competes directly with Active Directory in a Windows Server environment (don't tell me about Xserve...what a load of garbage)
...they'd also need to change their desktop level OS to integrate cleanly with the directory services as well.
Why exactly are you in awe? ActiveSync on the iPhone is actually quite nice in OS 3.0 and behaves a lot nicer than BlackBerry's BES server. I see little reason not to use them in the enterprise.
Because they just aren't enterprise devices, as evidenced by this article. Just because you think that they implemented one feature better than another company, that doesn't mean that it meets enterprise needs, or that they implemented ALL features better than other phones. Also, Apple keeps a relatively tight hold on their devices, making it harder to load software that an individual company may use. Finally, if they already have software on another platform, then there is usually little reason to transfer to another platform just to have to re-write that software.
@Dan
The one and only feature I do like about the iPhone is the instant access to your company directory when creating an email compared to WinMo where you need to start typing letters of the person's name and hit "check name" "company directory"
After that it's down hill. To do almost anything with the iPhone requires ITunes so you are relying on supporting a piece of software to do anything with the phone. If there is a problem and you need to look at the phone and plug it into another computer with iTunes you have to fight through that. Also I don't like anyone having iTunes/Quicktime/Safari on our company machines. They are all bloated, horrible software that like to install programs and services in Windows Startup. You can't manage the phone in Exchange like you can a WinMo phone. Also it leaves employees tempted to use their corporate cards to buy apps and music for their company phone. There is no mobile office and I know a lot of the users at my company rely on receiving PDF, DOC and XLS via email to view, approve or make changes.
In a corporate environment you have no control over the iPhone, It's just a leisure device.
Has anybody else noticed that Engadget seems to be a bit less fanatic about supporting Apple? I don't know if its just me, but it seems like they purposely insert stories now that bash Apple. (Perhaps in an attempt to gain their lost objective image.)
Its almost funny... in a way
1) This story doesn't "bash" Apple.
2) We're not "purposely inserting stories" unless you're referring to the fact that we're reporting the news, and it's not breaking in the order or the manner that you'd like.
3) Our "objective image" was never lost, because it was never there to begin with. To the contrary, actually -- much of what we report is very subjective. Our opinions are an important part of who we are and how we present stories. I think what you're trying to imply, rather -- correct me if I'm wrong -- is that we're Apple shills.
Ignore them, Chris. You can't win. If you say anything positive about Apple, you're in Apple's pocket. If you criticize Apple, you're being objective.
It's the warped perspective of the Apple-hating Engadget commenter. They have a hard time thinking through their rage.
I will agree that this certainly does qualify as news. And again, in my original post, I could be completely making this up. But for some reason, I just notice an increase in stories that speak "negatively" about Apple and its products. I have been a reader of Engadget for a long time, and it always seemed previously that the Apple stories that were run were never negative.
But, this is just my impression, and I could always be wrong. I wasn't trying to "bash" Engadget either, by the way. Sorry if I made it seem like that.
On a side note, it is nice to see an Engadget employee post. Most sites don't care enough to do that. Thanks!
@Quix
I don't think anyone has an rage built up. This is a gadget forum after all, not a battlefield.
I'm going to agree with Esteban. I haven't made a graph of positive and negative Apple news lately, but it does *seem* to be a little bit more negative than previous months.
Although that could be the positive hype leading up to the 3GS, and the negative nit-picks now that it's here.
Admittedly I also thought that you were running more negative Apple stories to shake the pro-Apple sentiment that many authors seem to share.
@John
Well I guess I'm happy that I'm not the only one with this impression! Thanks for posting.
@Quix
What's wrong with being objective?
But... but the iphone is absolutely perfect in every way, and surely built in His Steveiness own image. It simply cannot be just a fashion accesory, designed for you average git who doesn't even know the meaning of the word encryption and probably requires a compass to locate his or her own ass.
I'm sorry engadget, you have truly failed me with this fankly appalling tirade of lies agains His One true Phone.
This is just pitiful. . .nothing like a Thursday night with the geeks that can't afford to head to Comic-Con.
Now look.
They scoffed up their new shoes.
scoffed: showed contempt by derisive acts or language
i think the word you were looking for was scuffed....scuffed
Wow you folks are just a loads of fun there, aren't ya?
They scoffed up their new iPhone 3GS. Lots and lots of scoffing at that. :3
The iPhone is some consumer grade $h1t, that is for sho.
It's interesting how the author generalized an argument based on a single iPhone developer's opinion. Things people do to make the news......
Look who the author is, and then ask yourself: who are you to think you can comment on the topics covered in the article better than the person who wrote it.
If your reply says "Sent from my iPhone" I'll know you don't know Jack.
I don't really care who the author is. I have stated my opinion and I stand by it. And your unsupported bias against iPhone users is clearly visible.
You appear to have missed the point entirely NITE. I suggest you re-read the article then prove it to yourself by following the the same route, jailbreak -> install ssh -> create disk image the iphone on your pc... then examine the disk image.
It's not rocket science.
FuzzyCat..
I am not among those who have to re-read something and then change their mind. May be Chris Ziegler is right or may be he is wrong. It is not of much importance to me. My point is: When you write an article in well-known forums like Engadget, it should be well-supported by facts (and not just quotations from some random iPhone developer).
As for jailbreaking iPhones, again, I have much better things to do than sit around jailbreaking phones! I respect the mental abilities of ethical hackers, but it is not my 'thing'. I am too busy manipulating stocks ;)
Please keep in mind that I do not intend to start a wasteful argument with you or anyone else for that matter. I just stated my opinion. I respect your opinion and expect the same from you.
you sir, are an ass
also, sweet job plug gordon gekko, we are all real impressed, maybe someday we'll run into each other on the floor, then we can high five, chest bump and laugh about this over a gin and tonic
Hold on, I gotta get my e-goggles to read your comment.......
AHHH THE GOGGLES! THEY DO NOTHING!!!
If you get the 1password app you're info is kept behind 256bit encryption and there is no keyloggers.
Also if you use the passcode lock, you also have the option to automatically wipe after 10 tries. If you use this option the hacker won't even have the chance to use the jailbreak solution.
I'm pretty sure forensics specialists are talking about putting the device into host/debug mode, thus being able to get access to the root filesystem while bypassing the passcode and various security mechanisms. And even software encryption programs are only a half-way solution since they're often incompatible with all kinds of other enterprise-level apps. Besides, an enterprise IT department is -not- going to bother supporting 3rd party apps if some employee forgets their 1password password and expects IT to be able to reset it.