14 DAY TRIAL // Apple's iPhone might be one of the hottest handsets available on the market at the moment, yet it seems that it might also turn to be one of the most hackable. According to an iPhone developer familiar with the technology, the current data encryption system that is present on Apple's product is extremely easy to hack.
“It is kind of like storing all your secret messages right next to the secret decoder ring,” Jonathan Zdziarski, who is also teaching courses on recovering data from iPhones, says. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”
According to Zdziarksi, even the iPhone 3GS is very easy to hack, with the use of a free piece of software. The entire process could last less than two minutes, he adds. Moreover, it seems that a complete disk image could be created in about 45 minutes, in case a jailbreaking tool like redsn0w is used. The software solution allows for the data to be then pulled via an SSH client.
As Zdziarski comments, the iPhone seems to decrypt information for an SSH tunnel without informing on the matter. He suggests that developers should be those to work on the security layers that their applications will feature, so that sensitive information is protected. “Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it,” he adds, “but it’s entirely useless toward security.”
Even so, it seems that there are a large number of companies that choose the device for their employees, although the security threats are there, which means that some of them might not consider this a risk. One way or another, it should be interesting to see how much the iPhone will appeal to such customers, when compared to business-oriented handsets that increase the level of security for the data on them.