iPhone 3GS Encryption Is ‘Useless’ for Business!! is it really ?
Here is an iPhone Story that many wont tell you. According to Jonathan Zdziarski,, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones, claims that the enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware. In a recent report from wired.com He claims that “It is kind of like storing all your secret messages right next to the secret decoder ring,” and also went on to say “I don’t think any of us have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”
Zdziarski said it’s just as easy to access a user’s private information on an iPhone 3GS as it was on the previous generation iPhone 3G or first generation iPhone, both of which didn’t feature encryption. If a thief got his hands on an iPhone, a little bit of free software is all that’s needed to tap into all of the user’s content. Live data can be extracted in as little as two minutes, and an entire raw disk image can be made in about 45 minutes, Zdziarski said.
One other thing that caught my eye was that the iPhone has a keyboard cache: key strokes logged in a file on the phone, which can contain information such as credit card numbers or confidential messages typed in Safari. Cached keyboard text can be recovered from a device dating back a year or more!!
The tools he uses were the Red Sn0w and Purple Ra1n, which he used to install a custom kernel on the device, after which he installed an SSH client and ported the raw disk image across SSH onto his computer. So this does mean that the hacker will need physical access to the device.
I am willing to bet this story wont be gaining much attention from few of the iPhone sites out there, but I know at least one guy from MSMobile who will help us spread the word. And before the fanboi comments start let us remind you of the title once again ” iPhone 3GS Encryption Is ‘Useless’ for Business ” and its not ” iPhone 3GS is Useless “