Vulnerability in iPhone data encryption
A lost iPhone is a bigger problem than previously thought. Despite encryption the finder can gain easy access to data including photos and audio recordings, even if the owner has set up their iPhone to require a pass code. And, of all things, this is made possible with Linux – the very operating system which Apple regularly cold-shoulders.
According to Apple, all data on the iPhone 3GS is hardware-encrypted using 256-bit AES, which cannot be disabled by the user. Access to data on the iPhone is normally restricted to computers with which the iPhone has previously been connected and to which the requisite credentials have previously been transferred. This exchange of credentials is blocked when the iPhone is locked, so that connecting a locked iPhone to an unfamiliar computer will not allow the latter access to data on the iPhone.
However, Bernd Marienfeldt, security officer at UK internet node LINX, found that he was able to gain unfettered access to his iPhone 3GS from Ubuntu 10.04. If he connected the device whilst it was turned off and then turned it on, Ubuntu auto-mounted the file system and was able to access several folders despite never having previously been connected to the iPhone. The H's associates at heise Security have successfully reproduced the problem. An Ubuntu system which had never before communicated with the iPhone immediately displayed a range of folders. Their contents included the unencrypted images, MP3s and audio recordings stored on the device.
Marienfeldt has informed Apple of the problem, which the company is now investigating. It thinks the problem is caused by a race condition, as the problem only occurs when the iPhone is turned on whilst connected to the USB bus. It is not yet clear whether an update to fix the vulnerability will be released – in response to an enquiry from heise Security, Apple stated that it does not provide information on ongoing investigations.