A major security flaw has been uncovered in the Apple iPhone 3GS this week after two security experts discovered it was possible to bypass the device’s security and gain nearly full read access using Ubuntu Lucid Lynx. Perhaps even more frightening is the fact that the two believe they’re nearing the ability to write data as well. Said Bernd Marienfeldt, one of the two gentleman responsible for uncovering the flaw:
I uncovered a data protection vulnerability, which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07), all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place. […] This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by [sic] in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with an PIN code based authentication in place to unlock it.
Marienfeldt and his partner Jim Herbeck notified Apple of the flaw, and according to then, “Apple could reproduce the described serious issue and believes to understand why this can happen but cannot provide timing or further details on the release of a fix.” Let’s hope the new data protection feature in iPhone OS 4.0 does the trick.