If you feel like going through the process of typing in your PIN every time you unlock your
iPhone is worth it thanks to the unconquerable security it implies, you might want to read this report from Bernd Marienfeldt about the chosen one's security model. Yes, a PIN will keep casual users from picking up your phone and making a call with it, or firing off an e-mail to your co-workers saying that you're quitting and becoming an exotic dancer, but it won't keep someone from accessing all your data. Bernd and fellow security guru Jim Herbeck have discovered that plugging even a fully up-to-date, non-jailbroken iPhone 3GS into a computer running Ubuntu Lucid Lynx allows nearly full read access to the phone's storage -- even when it's locked. The belief is that they're just a buffer overflow away from full write access as well, which would surely open the door to making calls. Bernd believes the iPhone's lack of data encryption for content is a real problem, and also cites the inability to digitally sign e-mails as reasons why the iPhone is still not ready for prime time in the enterprise.
[Thanks, Amit]
posted May 27th 2010 6:47AM
Chop, chop Apple fix this before 4.0's final release.
@sonola777
Why?
It's much simple to send DMCA takedown notice to ubuntu.com and C&D letter to canonical.com
@sonola777 I think 4.1 would be an acceptable time frame, since they maybe haven't prepared for such news. As "big", and I don't find this to be incredibly "big", as this is, I think it's better to make sure you don't break something rather than rushing to react to news that might not really have a large frequency of occurrence from now-(middle/end) of Summer.
@juanvaldez Actually, this is what the original article says; "The unprotected iPhone 3GS mounting is “limited” to the DCIM folder under Ubuntu".
@sonola777
This is the stupidest nonsense I've ever heard. Blow out of proportion and out of context just like you always do.
Of course you can communicate with an iPhone/iPod when it's locked. How the hell are you supposed to sync with iTunes? Keep tapping your phone every 2 minutes to keep it unlocked?
Physical access = root access and that's true for every computer.
@Kurian
Oh and in case I wasn't clear enough. This is the INTENDED behavior. Not a friggin' exploit.
@Kurian
OMG I just realized I found a new exploit. You USB drives reveals its your private data when simply plugged into a Windows PC!!
Its the same thing. Windows doesn't natively support the iPhone filesystem, so it doesn't show up. That version of linux does, so it mounts it automatically as a drive.
@Kurian: The way a smart company would do this is to only give you access to a portion of the file system. The phone should keep its internal file structure hidden from users by not giving them read access. Its unix so all you have to do is block root access and create a user that is only given access to a personal share on the phone, not the entire phone.
Sure, it might be intended, but its not very smart to do, especially if you are targeting the business market. To be honest, this is an easy fix.
@Kurian
You're protesting a bit much.
@Kurian
Not if its encrypted like mine? I'll just set my iphone to encrypted too! oh wait.......
If its gonna be "magical" thats fine, but it should probably keep my s*** safe.
@MarkAnderson
I rekon, look at that face... its Steve with a wig on.
@Kurian Way to show you have no understanding of the article.
@Ruben
That IS a "portion" of the filesystem; the one that is supposed to be accessible to the user and any PC software. Only a jailbroken phone will show the root filesystem by this method. Jailed phones will only show the user's media and stuff. Application's data is NOT visible nor is any personal information from e-mail, sms, etc.
And please, "just a buffer overflow away"? Who ever is responsible for this is a fame seeking noob. The kind of lamer that the real scene developers HATE.
@Kurian
And he mentions the iPhone is not ready for the enterprise- is this something blackberries protect, or do they just not havenpeople trying to hack them all day?
@Kurian
my USB drive is protected
so
yeah...
you know...
bring on you calling me an apple hater for their lack of security :)
@sonola777 They fixed it with remote wipe/ find my iPhone.
@Kurian Unless you have a bushy beard and long unkempt hair wearing a shirt with a penguin on it, your argument is invalid.
@RedChaos
Then it says:
"The way Ubuntu Lucid Lynx handles the iPhone 3GS [6,7,8] allows to get more content"
And to the people that say this is the intended way for it to work. The fact that apple verified this as an issue means you are wrong.
@Kurian How do you mean? Having write access to data, such as game save data, adds potential to exploit a vulnerability in an app, even if a 3rd party app.
This Engadget article is written incorrectly. The buffer overflow is not to get write access: he already has that. The buffer overflow is just a possible attack vendor made easier by having write access.
@sonola777
if you gotta type a PIN, they blew it
@Kurian Android let's you mount the filesystem to the computer after it's been connected by USB. iPhone should think about doing something similar. You don't have to keep unlocking it, just give it access once.
Also, this is kind of irrelevant because an iPhone user will never have important data on there. I don't care that you're a mayor of a starbucks in foursquare :P
@Failbait
Blackberrys (can) encrypt all their data, and this setting can be forced by the BES administrators.
One reason why Blackberrys are popular for enterprise--sure, the OS isn't as slick, and the browser needs a lot of work (WebKit can't come soon enough), but for many companies, protecting IP is their highest concern.
@sonola777 Yep, but it is on these hacks, whitehackers make something good for iPhone as well. (rooting, jailbreaking, etc) Although it was said that 'tighter' security will be met on the iPhone OS 4. http://j.mp/os-4-0-by-iphone
@Mike
But that doesn't matter, the jesusPhone is still destroying the BB in the enterprise market, right? Every company is switching to the jesusPhone, no?
-s-
This is a lie perpetrated by Steve Ballmer. Everyone knows Apple is 100% secure 100% of the time.
@RedChaos
Ubuntu 10.04 is not limited to just the DCIM folder.
@Kurian
Way to show that you're a dumbass.
@Kurian I get such a thrill from down ranking comments...
@Dummy00001 a takedown isn't going to stop the problem though.
I'm glad someone posted about this, but I haven't seen any mention of the fact that Apple software will allow similar; try taking your PIN'd iphone and loading up iPhoto. Instant access to the whole photo album without authorisation, using approved software.
Oversight + 0.5
So does this defeat jailbreaking? err...
Or does that mean it's technically jailbroken since theres root access
@tvick47 I've been wondering the same thing...
@tvick47 .. Yep. This is actually old news. They jailbreak the OS and get root access. I believe (not sure) that they then drop in a custom kernel which then can route all the decrypted data to a separate file.
@tvick47 .. Actually my bad. This is a different bypass where all they gain access to is your media content. Pretty stupid and these guys don't know what they are doing. They aren't root in this case and have no access to sensitive information as that is all stored in /var/ IIRC.
@taligent Yeah, because if someone did have root access, it would just be the same as jailbreaking, and thus no big new security threat as there are several more ways to access private information, especially when unsigned code can run easily by being jailbroken.
@taligent
why the fuck is sensible information stored in /var/ ?
lolApple
Ah...the wonders of lucid lynx,good work.
@Sonicjet Ubuntu FTW!!
@brokensticks
I love my Ubuntu :D
http://imgur.com/YICcR.png
How will Mr. Steve Jobs respond to this? I bet he's gonna kick someones arse of course!
@Mike Vick spin, spin, spin. Oh, you mean behind closed doors, yeah, probably more than one person will leave with a shoe up their ass. Not really good news right before WWDC, but maybe he can have something prepared by then, either that or not have a Q&A to avoid such topics.
@Mike Vick
And a user pretending to be a black man from the US revels himself to be from the UK completely blowing his cover.
@juanvaldez .. I have been to WWDC for the last few years and they have sessions on app security for iPhone and Mac developers. They also have lots of Security Coding documentation on the ADC site.
@Tes Wait, did the Vickster slip up and do this? Did I miss it? I need to see if he did. Post link.
@Tes
I bet engadget is prolly laughing mad hard right now. Im sure they can see where my ip is from (the hood in nyc), just because I type a certain way on occasion does not mean I am from the U.K ha! that made my day. im from the hood homie and yes im black!
@juanvaldez
homie you know the vickster aint slippin he keepin it real exposin u kirfs! =)
@Tes Could you possibly shut up with your issues? Honestly its like you have a list of people that you don't like so you accuse them of being racist and not being black, what is wrong with you man? You're completely going against yourself too with your racist crap, who cares if he's from the UK, a black person can't be from the UK, or say arse?
I'm tired of seeing your posts everywhere about race.
@Stephen1229
Racist?!? What are you on about today you clown? I'm British and we use the term ARSE, whereas Americans type it ASS. What has that got to do with racism?
chances are he's not Michael Vick, chances are he's certainly not American...the black thing was just incidental. Calm yourself.
@Stephen1229
Wait...and where are these posts everywhere about race again?! You know you and anyone else can happily CLICK on my name and see my totally uneditable comment history. I await patiently for your evidence of this.
@Tes I see you're getting all defensive, I am a white person. What angry racist things do you have to say to me, let it all out. Maybe we can get past this.
@Stephen1229
So basically you're not going to answer the question. Is that back peddling I'm seeing?