![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneIf you're running Lucid Lynx v10.04, plugging your iPhone mounts it as a USB device and you have total access to the data on the phone.
"This, quite honestly, is a staggering flaw. It basically allows anyone capable of driving a Linux PC to copy data off of an iPhone without the owner of the phone having any idea whatsoever that this has happened.
What’s more worrying is that Marienfeldt and Herbeck think that write access to the iPhone is only a buffer overflow away, which means serious access."
http://www.zdnet.com/blog/hardware/ubuntu-lucid-lynx-1004-can-read-your-iphones-secrets/8424
http://apple.slashdot.org/story/10/05/27/1826207/iPhones-PIN-Based-Security-Transparent-To-Ubuntu?art_pos=24
There was a recent article about smartphones being seized by law enforcement organizations (LEO) and the potential for the phone to be remotely ordered to wipe itself. I know iPhones and Blackberries can do this. So they're talking about LEOs using needing to use Faraday Cage bags and rooms to examine the phones after they make sure to remove the battery when they seize the phone. Of course, the iPhone is a sealed unit and the battery cannot be removed.
Apple claims: "iPhone 3GS protects data through encryption of information in transmission, at rest on the device, and when backed up to iTunes."
In the past I used a Palm Pilot extensively and had a program called CryptoPad that used Blowfish encryption and I knew the backup was also encrypted which required a desktop version of the program to access the backups. I've been looking for an encryption product for the iPad Touch which has become my daily use PDA, so this really bothers me that I can't encrypt things and have confidence that they're secure.
Apparently Apple's encryption and business-level security is badly flawed. And that sucks.
http://marienfeldt.wordpress.com/2010/03/22/iphone-business-security-framework/
http://www.wired.com/gadgetlab/2009/07/iphone-encryption/
"This, quite honestly, is a staggering flaw. It basically allows anyone capable of driving a Linux PC to copy data off of an iPhone without the owner of the phone having any idea whatsoever that this has happened.
What’s more worrying is that Marienfeldt and Herbeck think that write access to the iPhone is only a buffer overflow away, which means serious access."
http://www.zdnet.com/blog/hardware/ubuntu-lucid-lynx-1004-can-read-your-iphones-secrets/8424
http://apple.slashdot.org/story/10/05/27/1826207/iPhones-PIN-Based-Security-Transparent-To-Ubuntu?art_pos=24
There was a recent article about smartphones being seized by law enforcement organizations (LEO) and the potential for the phone to be remotely ordered to wipe itself. I know iPhones and Blackberries can do this. So they're talking about LEOs using needing to use Faraday Cage bags and rooms to examine the phones after they make sure to remove the battery when they seize the phone. Of course, the iPhone is a sealed unit and the battery cannot be removed.
Apple claims: "iPhone 3GS protects data through encryption of information in transmission, at rest on the device, and when backed up to iTunes."
In the past I used a Palm Pilot extensively and had a program called CryptoPad that used Blowfish encryption and I knew the backup was also encrypted which required a desktop version of the program to access the backups. I've been looking for an encryption product for the iPad Touch which has become my daily use PDA, so this really bothers me that I can't encrypt things and have confidence that they're secure.
Apparently Apple's encryption and business-level security is badly flawed. And that sucks.
http://marienfeldt.wordpress.com/2010/03/22/iphone-business-security-framework/
http://www.wired.com/gadgetlab/2009/07/iphone-encryption/
no subject
Date: 2010-06-01 02:47 am (UTC)