iPhone encryption cracked

If you lose your iPhone, you’re in a bad position and have to fear for your data. Even if the smartphone is protected by a PIN code. The encryption can be easily bypassed, as a security expert has discovered.

Security expert Bernd Marienfeldt has discovered a security gap in the iPhone 3GS: even if access to the smartphone is PIN-protected, all data stored on the iPhone can still be accessed. The simple trick is to connect the iPhone to a computer running the recently released Ubuntu 10.04 using a USB cable.

The security specialist was able to detect the gap in three iPhone models running different iPhoneOS versions. Normally, all data stored on the iPhone is encrypted using 256-bit AES. If you connect the device to a computer, you can only access the unencrypted “DCIM” folder. If you connect the PIN-protected iPhone under Windows, for example, iTunes prompts the user to unlock the device by entering the PIN number before iTunes can access it.

The only exception is the operating system Ubuntu 10.04 (Lucid Lynx): Here, all directories are displayed, giving you access to all photos, voice memos, podcasts and music files stored on the iPhone, for example. It is not even logged that unauthorized access to the data has taken place.

“We already knew that iPhone encryption is flawed in the way the encryption key is handled. The vulnerability now discovered shows that the authentication model of the Apple iPhone is flawed,” said the discoverers of the gap.

Apple has already been informed of the discovery and is currently investigating the incident.


Get more information about AppTec360°




AppTec GmbH
St. Jakobs-Strasse 30
CH-4052 Basel
Phone: +41 (0) 61 511 32 10
Fax: +41 (0) 61 511 32 19


Recommend us
Go to Top