Ubuntu Lucid Lynx reportedly allows full access to a non-jailbroken, PIN locked iPhone

May 31, 2010 08:36 GMT  ·  By

Connecting a powered-down iPhone 3GS running the latest firmware version to Ubuntu Lucid Lynx will reportedly allow anyone to gain full access to the phone’s contents. This is described as a pretty serious security issue by blogger Bernd Marienfeldt, since the phone doesn’t have to be jailbroken, while the PIN lock screen is easily by-passed.

According to Marienfeldt, it’s the way Ubuntu Lucid Lynx handles the iPhone that allows a ton of data to become accessible. Pretty much the only thing that the hacker can’t do is make calls. Other than that, “This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker,” the blogger with experience in computer security writes.

“It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it,” he goes to stress.

After providing steps and screenshots to explain the hacking process in its entirety, Marienfeldt acknowledges that, “The contents sample have been collected off a non jail broken iPhone 3GS (with latest iPhone OS installed, all apps fully up to date and immediately ‘PIN lock’ (passcode, 4 digits) enabled, by simply connecting it powered off via USB to a Linux Lucid Lynx PC (10.04) and then switched back on – being automatically mounted with given insecurity and never been attached to the PC before.”

Although other exposed contents and OS behavior still need to be investigated to draw a better picture of this vulnerability, “The allowed write access could also lead into triggering a buffer overflow,” the blogger warns. “We already know that iPhone 3GS encryption is broken by the way the encryption key is handled,” he adds. According to Marienfeldt, the vulnerability in question undoubtedly shows that Apple’s iPhone 3GS authentication model is broken.