iPhone security lapse allows for data read access

By on May 27, 2010 at 3:13 PM
Security May 27, 2010

iphone-security-lapse

A major security flaw has been uncovered in the Apple iPhone 3GS this week after two security experts discovered it was possible to bypass the device’s security and gain nearly full read access using Ubuntu Lucid Lynx. Perhaps even more frightening is the fact that the two believe they’re nearing the ability to write data as well. Said Bernd Marienfeldt, one of the two gentleman responsible for uncovering the flaw:

I uncovered a data protection vulnerability, which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07), all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place. [...] This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by [sic] in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with an PIN code based authentication in place to unlock it.

Marienfeldt and his partner Jim Herbeck notified Apple of the flaw, and according to then, “Apple could reproduce the described serious issue and believes to understand why this can happen but cannot provide timing or further details on the release of a fix.” Let’s hope the new data protection feature in iPhone OS 4.0 does the trick.

[Via Engadget]

Read

Tags:
, , , , ,
37 Comments

Related Articles

  • com

    Sound the alarm….this is not good

  • TypicalAppleHatingDBAG

    Thank god, Apple is being exposed for being an awful, worthless company. I hate Apple and Steve Jobs so much, but this just makes my day watching them have issues. God yes. I feel better now.

    • lame

      Do you use any sort of Microsoft product? You have any idea how many security flaws exist in Windows? How about IE? So your comments leads me to conclude that Microsoft is exposed as an awful, worthless company daily. All companys have these problems, get over your love for Apple.

      • skyy_flyer

        Windows is also on how many PC’s? I wonder if roles were reversed, as in Apple dominated the computer market, but Microsoft had the sizeable chunk of the mobile market, if you’d see the exact same pattern. If that were the case, I’d feel confident in saying that you’d see Apple computer be renowned for viruses and such,but WinMo would be a security threat in the mobile market while the iPhone was “immune” to threats such as this… though off topic can BGR put like a mass block on any commenter with “typical” or “manager” in their name?

      • Cyrus G.

        He never said a word about Microsoft.
        For all we know he hates microsoft twice as much.
        So stop making assumptions.

        Michael seems to feel safe in Linux, judging from the picture. :-)
        If so i’m with him in regards to security.
        Actually I think Linux is infinitely better than any other operating system, but that’s another story.

    • Cynder70

      I rather enjoy your sarcasm.

  • JBR

    The fact that they “cannot provide timing or further details on the release of a fix” disturbs me. How about right the frig now? Another potential blow to Apple trying to integrate the iPhone into more widespread enterprise use.

  • Len

    Security and iphone are oxymorons. I don’t see the problem here in terms of security… don’t most people just use their iphones to play games and call/text their 13 year old school mates?

    All jokes aside, that’s kind of sad and I don’t think OS 4.0 will remedy the situation. Who needs security when you can get gimped multi-tasking instead! Come on people, priorities!

    • TypicalAppleHatingDBAG

      Apple, what a joke!

      • rederikus

        and 40% of iPhones are sold to business. Jeez. These people DESERVE to get screwed. CrApple never could write OSs. That was why they went to Unix.

        In truth this is very worrying. Apple have willfully allowed a consumer product loose on the market that literally leaks personal data all over the place. Somebody should start a Class Action against them. I cannot because I won’t have any CrApple products in the house.

  • meanjavabean

    This should make most banks happy that they have deployed secure RIM devices to their employees.

  • Mike

    It’s not made clear in the vulnerability announcement whether you need physical access to the phone or if this can be done remotely; from the screenshot, I assume this has only been done with physical access.

    In the list of exposed data, email is not mentioned. That’s really the only thing I care about someone else being able to access; even so, it would only be the last 50 messages/message headers, in which case I’d send 50 emails to my account(s) upon realizing I’ve lost my phone, wait the 15 minutes for it to sync, and then change my password. I really couldn’t care less about someone having access to my game data or voice memos — it’s access to email messages and attachments that’s cause for concern, especially if the attack were network-based. In *most* cases (yes, barring encryption), if I have physical access to a device, the game is over anyway.

    • Jimmy

      So typical.. so predictable.

    • JC

      There are utilities to do this for Windows, OS X, and Linux. It’s nothing new. I can’t figure out why someone hasn’t figured out how to fix this yet.

  • Chip

    This is nothing new, I do this all the time with my iPhone and my friends ones when it crashes and they need data off it.

  • jaxstate

    U have to connect to a linux machine. I mean really, what are the odds u lose ur phone and the asshole who picks it up is running linux on his computer. Still should be fixed, but not a huge issue.

    • Tdot34

      Anyone who has the knowledge to hack into a phone is probably running Linux, that’s the problem.

      • jaxstate

        Yeah, and there’s a TON of those guys just hanging out.

    • Matt

      Well when it comes to a business solution this is a really BIG issue!

      I’m sure there are plenty of things that could be on a phone that would be worth enough to connect it to a Linux box.

    • Mark Texas

      Let’s hope you never have a job dealing with Security risk management and Corporate data protection

      Security through obsecurity always works ….

    • TheDigitalArchiver

      The odds are excellent actually. Anyone who would attempt to hack is probably familiar with Linux.

      The bigger issue is that AT&T is boasting that 40% of iPhones sold are for the enterprise, meaning corporate work in a probably secured infrastructure. Any company I have worked for (fFortune 500 Aerospace and Defense contractors) would be tempted, if not required, to boot this phone off of their networks including Exchange servers.

  • migy

    Could this be why Steve Jobs is so picky about what is allowed into the Apple world. Could he be totally aware of the holes in the systems they run… hmmm. Just asking.

  • apple_

    in other news, if I get your wallet I can go thru it without hooking it to a linux machine.

    • TheDigitalArchiver

      Not the point, read my post.

  • Norm

    You can run a livve cd of linux, you don’t even need to install it.

  • ljp

    It is a rather important issue considering AT&T just released a statement about 40% of their iPhone sales being made to business users. It’s tough to make a big push to Enterprise when the platform remains vulnerable. Android isn’t any better.

    RIM takes a lot of heat for their slow implementation of media functions such as webkit but security is the reason. And as consumers start to do more purchasing through their smartphones, security will only become more important.

  • Soddy

    It sucks that problems like these exist but there are always going to be those around looking to make a God bleed. I just wish Apple fanboys would learn some humility and accept the fact that their products are not bulletproof or perfect. Microsoft sure isn’t, and neither is any form of Unix.

    • Cynder70

      This is probably one of the most fair analysis of the news. Security is an issue no matter where it is found and now that it has been found, fix it.

  • mangenius

    And this is why RIM is not going anywhere folks

  • John

    “It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected”

    Those execs are not using iPhone’s, period. Fortune 100 companies wouldn’t let corporate information onto an iPhone in terms of security, the InfoSec groups would never allow it. They all have Blackberry’s with password encryption enabled, since Blackberrys are pretty much the only enterprise supported devices with serious content protection.

  • http://gumballtech.com besweeet

    This isn’t new. Read/write access for non-jailbroken devices has been around for every firmware. There are dozens of free tools that can access this partition (/var/mobile/Media), like DiskAid, Total Commander, iPhoneBrowser, etc.

  • Dirk

    I have a corporate iPhone.

    But my corporation doesn’t allow the iPhone on it’s WiFi connection.

    I purchased the iPhone with my corporate A&T discount. This doesn’t mean it’s a business phone.

    Most companies that use AT&T as a cellular vendor offer a 30% monthly discount (this is my discount, it may be different for other companies).

    So by default this story and headline is misleading.

    Something AT&T and Apple are very good at these days.

  • Dirk

    For the record. I can use my corporate discount for personal purchases. When I pay my bill it shows as a corporate account even though I’m paying for the phone and the monthly bill.

    Go Figure how they do their accounting…

  • Hi-Fi

    So like how many people carry a device with ubuntu lucid lynx in the world????

  • Daniel Ricany

    This isn’t even a flaw. If theres something I’m missing here, then please tell me, but I’ll try to explain whats going on as best as I can. The iPhone, iPod Touch, and iPad are all based off of UNIX, Ubuntu and all other Linux distros are as well. Apple has locked users to only be able to access /var/mobile/Media, with a chroot jail command. You do not actually have access to the whole file system, only a portion that Apple has cut off for you. Anything that you do in there, will not affect the phone’s stability, only user data. If they did not block you out of the full file system, then the iPhone would have millions of viruses. And it wouldn’t be good for the battery and stability of the device. If you’re saying that you can access this through a PIN code, I think thats perfectly normal, as all passcodes and passwords are stored in /private/var/Keychains/keychain-2.db. You cannot delete that are you are locked into /var/mobile/Media, as I explained before. And what the pictures shows is that same directory.

  • Harry Coont

    Typical data read from iPhone user: “(JHBWMH) Just had bootysex with my homolover. NTBOMPHBSOT (Now the back of my pants have blood stains on them). (T) Tootles!!!!”"”

  • Paul

    Ubuntu is very secure….

    I believe iPhone WAS secure….

blog comments powered by Disqus