Sunday, July 26, 2009

Thought your iPhone was secure? Think again!

Jonathon Zdziarski, an iPhone developer who teaches courses on recoverning data from mobile devices, says even the latest iPhone software is surprisingly vulnerable to remote attacks (Newscom)

Video: How long would it take a hacker to extract data from your iPhone?
By Matthew Shaer | July 24, 2009

Depends on who you ask.

Apple, for instance, has touted its best-selling mobile phone as exceptionally secure. The device comes equipped with password protection software, and users can turn on a “Find MyiPhone” tool, in case the handset is ever lost. At the 26th Worldwide Developers Conference, Apple even unveiled an emergency feature that can remotely delete data from the phone.

But one prominent hacker has announced that he could crack open an iPhone in under two minutes, using only a few bits of freeware downloaded from the Web. According to Wired, Jonathan Zdziarski, an iPhone developer who teaches courses on recovering data from mobile devices, says even the latest iPhone software is surprisingly vulnerable to remote attacks.

“It is kind of like storing all your secret messages right next to the secret decoder ring,” Zdziarski told Wired’s Brian X. Chen. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”

Zdziarski’s comments come not long after Apple unveiled a campaign pushing the iPhone as an solid choice for businesses. “With secure access to corporate networks, thousands of third-party business applications, and an enterprise developer program for in-house apps, iPhone 3GS is ready to go to work,” reads an advertisement on Apple’s homepage.

Apple has yet to release a statement on Zdziarski’s allegations. Still, many critics voiced dismay that the iPhone could apparently be cracked open so quickly.

“[I]f I had my powerpoints and investors’ balance sheets on a device proven to have a, shall we say, porous perimeter, I’d reassess — not that I’d ever keep my critical information on any current phone, with the possible exception of the President’s,” Devin Coldewey wrote on CrunchGear.

This is not the first time a hacker has claimed to have hacked into an iPhone. Speaking at the SyScan Conference in Singapore earlier this month, Charlie Miller said a coding loophole made it possible for attackers to remotely install and run unsigned software on the iPhone.

Want to see how it’s done? In the video above, Zdziarski breaks past the iPhone’s security controls.

Got an iPhone? Talk to us here or on Twitter@CSMHorizonsBlog.


Post a Comment

Links to this post:

Create a Link

<< Home