iPhone Vulnerability Makes It Easy to Access Your Pin Protected Data

Uncategorized | Thursday May 27 2010 3:28 pm | Comments (0)

A data protection vulnerability has been discovered with non-jailbroken pin protected 3GS iPhones that bypasses authentication and accesses data

The vulnerability was discovered by Bernd Marienfeldt and applies to various firmware versions.

This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing datclothse, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with an PIN code based authentication in place to unlock it.

The contents sample have been collected off a non jail broken iPhone 3GS (with latest iPhone OS installed, all apps fully up to date and immediately PIN lock enabled) by simply connecting it powered off via USB to a Linux Lucid Lynx PC (10.04) and then switched back on – being automatically mounted with given insecurity and never been attached to the PC before.

Merienfeldt believes the allowed write access could also lead into triggering a buffer overflow. Apple thinks they understand why this can happen but cannot provide timing or further details on the release of a fix.

Read More [via Robert]

Related posts:

  1. iPhone Password Breaker: Recover Password-Protected iPhone And iPod Backups
  2. How to Disable Edge/3G Data on Your iPhone
  3. JuicePhone: Extract Data From iPhone Backups
  4. How to Access More Than 180 Apps or WebClips via Spotlight on iPhone 3.0

Related posts brought to you by Yet Another Related Posts Plugin.

No Comments »

No comments yet.

RSS feed.

Leave a comment