Andre Yoskowitz
25 Jul 2009 0:12
One of the toted features of the new Apple iPhone 3GS is the fact that it includes hardware-based encryption allowing users to secure their data.
This week however, iPhone security experts have showed that the encryption is laughable and the data can be had using well known, relatively easy to use hacking tools.
According to an interview with Arstechnica, iPhone data forensics expert Jonathan Zdziarski says both the hardware encryption and the software-based encryption available in iPhone Firmware 3.0 are easily broken, for those with some knowledge of hacking. The nosy average Joe will not be able to break it, he adds, but more experienced users will have no trouble.
Zdziarski says common iPhone/Touch jailbreaking softwares such as redsn0w will break the encryptions.
"The kernel decrypts it for you when you ask for files, so you get the decrypted copy," says Zdziarski. "The only benefit hardware encryption has then is that it makes wipes faster, by just dropping the key."
Even more shocking is the fact that the iPhone stores tons of info users are unaware of, and does not always delete data users have "deleted." Says Ars, "The iPhone stores a large cache of keystrokes to aid the typing auto-correction, but that cache stores keystrokes from almost every field. Every time the home button is pressed, the iPhone takes a screenshot of the whatever was going on to make switching back to the previous app seem faster, even though that screenshot might have sensitive information on it. The device also stores all kinds of other information that we don't even think about, such as recent GPS coordinates, wireless networks used, un-listened-to voicemails, Safari passwords, and more."