This discussion is archived
7932 Views 10 Replies Latest reply: Sep 21, 2009 10:43 AM by tokatta
Currently Being ModeratedJul 1, 2009 4:02 PM (in response to MajorTom2GC)+iPhone 3GS offers highly secure hardware encryption that enables instantaneous remote wipe.+
Sounds like it is inherent in the hardware of the device.
http://www.apple.com/iphone/iphone-3gs/more-features.htmlMac OS X (10.5.7), iPhone 3G S
Currently Being ModeratedJul 3, 2009 9:03 AM (in response to MajorTom2GC)Once you select Encrypt backup in iTunes no one can access the iPhone any longer with the encryption password. Any computer that iPhone connects with will have the encrypt backup checked and grayed out so that no one can unselect it without first entering the password. The encryption follows the iPhone.iMac, Mac OS X (10.5.7)
Currently Being ModeratedJul 25, 2009 6:30 PM (in response to iphone3Gguy)As I understand it:
- Hardware encryption of the entire flash memory is enabled by default on all iPhone 3GS
- There is currently no way of accessing the encryption key, it seems to be generated by the phone, and is only stored on the phone itself. The only way to get a new key is to do a complete device erase.
- The encryption is transparent, that means that someone with access to the phone could use it, access the data, and even by jail braking would be able to transfer all the data. To all applications running on the phone, it looks like nothing is encrypted.
- You need to rely on the iPhone OS to prevent unauthorised access to any data. So you need to trust it that it has no vulnerabilities (tough when Apple is not using the current state of the art, as buffer overflows are completely avoidable, and the 3GS can still be jail broken) and you need to make sure that physical access to the device is prevented by setting up a pass code.
- As explained above you will need to set up iTunes to encrypt the backup it generates, otherwise this would be backdoor into the iPhone device data.MacBook Pro, Mac OS X (10.5.7)
Currently Being ModeratedJul 27, 2009 4:50 AM (in response to Kilo Mike Zulu)According to this news article/videos the data can be accessed whether a passcode is present or not:
Anyone have any comments on this?
Do you think this is something Apple can/will resolve in OS v3.1?
Currently Being ModeratedJul 27, 2009 5:18 AM (in response to MajorTom2GC)You may want to download and look at the iPhone Configuration Utility. It provides some more features related to security that by default are not readily apparent.
For example, the use of a strong password vs the simple 4 digit passcode. Not sure if this will answer your question or not, but it may lead you in the right direction.Apple MacBook Pro, Mac OS X (10.5.7), 17" and an iPhone 3GS
Currently Being ModeratedJul 27, 2009 5:38 AM (in response to Richard Wessels)Well it's not really my area of expertise but going by what I saw in the videos and reading the article it apparently makes no difference what you have as the lock, because once you have connected to the handset and patched the kernel (not sure if Apple automatically remove posts that mention the word, but the process begins with the letter J and many many people do it) the passcode is removed and all data requested from the device is given back to you unencrypted.
Despite this serious security issue being known about for a few days now I'm surprised there isn't much talk about it on the official iPhone forums... unless it's being removed by Apple?
After watching the video I do not believe that any business IT manager/security can feel at ease about their workforce wandering around with iPhones. I hope Apple respond and fix this vulnerability swiftly. Yes fine your average person on the street may not be able to get your data off the phone, however that's not the point.
Currently Being ModeratedJul 29, 2009 9:03 AM (in response to Christopher Robin)I am in an IT division, though I am not a cyber security expert. I can tell you that my hopes of using my iPhone to replace a Blackberry in my company have been completely dashed by the recent reports detailing how easy it is to defeat Apple's data encryption. Like many businesses, we have very strict security standards for mobile devices.
Until that report came out, we had an active pilot project for using iPhones as an alternative to Blackberry devices and hundreds of our staff were excited about turning in the BB's for iPhones. That pilot was killed as soon as the report came out. There will be no iPhones allowed in our company unless that is fixed.
I'm hoping Apple is monitoring this thread and others like it and working feverishly to beef up the data encryption. Right now, that is THE major obstacle to widespread enterprise adoption of iPhones as an alternative to much more secure Blackberry.G5 Tower dual 2.3GHz, Mac OS X (10.5.7)
Currently Being ModeratedAug 16, 2009 8:11 AM (in response to MiataMacFan)I am also in Healthcare IT and in the pilot program for our iPhones. Without getting into the security concerns around the iPhone, what specifically is the hardware difference in concerns with encryption between the 3G and the 3Gs (don't need to talk about chipset, memory, apps etc). It sounds like the 3Gs comes out of the box with hardware encryption. Does the 3G model not come like this? Any help on this would be great.iPhone OS 3.0.1
Currently Being ModeratedSep 21, 2009 10:43 AM (in response to Christopher Robin)The 3G is still vulnerable if someone has physical access to it. The 3GS is still vulnerable to a jailbreak, but it is unknown (yet - I haven't seen anything) if the contents of the phone can be dumped.
3.1 has a lot of changes, so it may be more secure.HAL, Other OS, The size of a spaceship