iPhone vulnerability leaves your data wide open, even when using a PIN
byTim Stevens||May 27th 2010 at 6:47amMay 27th 2010 6:47 am
If you feel like going through the process of typing in your PIN every time you unlock your iPhone is worth it thanks to the unconquerable security it implies, you might want to read this report from Bernd Marienfeldt about the chosen one's security model. Yes, a PIN will keep casual users from picking up your phone and making a call with it, or firing off an e-mail to your co-workers saying that you're quitting and becoming an exotic dancer, but it won't keep someone from accessing all your data. Bernd and fellow security guru Jim Herbeck have discovered that plugging even a fully up-to-date, non-jailbroken iPhone 3GS into a computer running Ubuntu Lucid Lynx allows nearly full read access to the phone's storage -- even when it's locked. The belief is that they're just a buffer overflow away from full write access as well, which would surely open the door to making calls. Bernd believes the iPhone's lack of data encryption for content is a real problem, and also cites the inability to digitally sign e-mails as reasons why the iPhone is still not ready for prime time in the enterprise.