iPhone's PIN-Based Security Transparent To Ubuntu 264
ndogg writes "Security experts found that the iPhone 3GS has very little security, even with a PIN set up. They plugged one into Ubuntu 10.04, and it was automounted with almost all of the iPhone's data exposed. This has been reported to Apple, but the company seems to be having difficulty reproducing the problem."
Re:Who says... (Score:4, Informative)
Apparently it's so hard to use that they can't even reproduce it at Apple.
Re:Hard drive (Score:2, Informative)
Updated story (Score:5, Informative)
Apple can now reproduce (Score:5, Informative)
Re:Who says... (Score:3, Informative)
Re:Sounds like a feature (Score:5, Informative)
They're not a block device, so you can't mount their filesystem as such. Instead, they're effectively network drives: the proprietary AFC file transfer protocol tunneled over a hugely mutilated version of TCP stuffed into USB packets. Which you can mount under Linux, using FUSE and the appropriate apps (usbmuxd, libimobiledevice, and ifuse). I maintain usbmuxd.
Apparently Apple relies on security through obscurity here (only their apps are usually able to talk to an iDevice), and the actual protocols aren't secured.
Incidentally, this is where the term "jailbreaking" comes from: breaking out of the AFC filesystem jail (which is usually limited to the user's data partition). Jailbreaking's original feature was to introduce a secondary AFC share with root privileges on the root directory, and jailbreaks to this day still do. You can use ifuse --root under Linux to mount this secondary share.
Re:Physical Access = Root Access (Score:4, Informative)
Attempted to duplicate - not quite what they say (Score:5, Informative)
I plugged my iPhone 3GS into my Ubuntu box. While it's true that Ubuntu did automount the iPhone, the only thing I can find that was exposed was my music, photos and podcasts.
I wasn't able to access email, contact info, or anything else on the phone. I did see the Application Archives, PublicStaging, Purchases, and Safari folders but they're empty. I have lots of email and contact info on the device - but it appears to be inaccessible via this method.
RTFA.. (Score:5, Informative)
From Apple:
Apple iPhone Security Overview [1]:
Data Protection:
Protecting data stored on iPhone is important for any environment with a high level of sensitive corporate or customer information. In addition to encrypting data in trans-mission, iPhone 3GS provides hardware encryption for data stored on the device.
Encryption:
iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users.
Re:Sounds like a feature (Score:5, Informative)
Correct. I wrote most of the usbmuxd implementation that we use on Linux as a clone of Apple's version. In fact, you should (as of yesterday) be able to compile libusbmuxd and libimobiledevice and maybe even ifuse (with macFUSE?) and use them together with Apple's usbmuxd on OSX to pull off this hack there. Heck, I think at least libusbmuxd and libimobiledevice should even build on Windows these days (Apple provides a Windows version of usbmuxd with iTunes).
Re:Sounds like a feature (Score:5, Informative)
The iPhone 3GS supposedly uses whole-disk encryption. This does squat when your USB comms protocol doesn't request authentication though, since you can pull the data off through the iPhone kernel's transparent decryption layer.
In other words, this hack has nothing to do with encryption and everything to do with an insecure protocol that makes no attempt to actually request PIN authentication before handing over all your data. Nobody expected your PIN to actually act as key for encryption anyway; that's impossible, as the iPhone has to be able to access your data even while locked.
Re:Hard drive (Score:4, Informative)
Re:Attempted to duplicate - not quite what they sa (Score:4, Informative)
Read the advisory more carefully. You need to turn off your phone, connect it, then boot the phone while it's connected to the Lucid box.
The security check is bypassed at boot, probably assuming the phone needed to be recovered.
Re:Sounds like a feature (Score:5, Informative)
The filesystem IS encrypted, but the OS happily decrypts everything for you without any form of authentication. That's the story here.
Re:Hard drive (Score:5, Informative)
Here you have gone from saying there is no way to remove the storage (+5 Informative, haha), to saying there is a viable way to remove the storage. Kudos to you, sir. Now, where's my +5 Informative?
Re:Sounds like a feature (Score:2, Informative)
No, the keylock with a well known generic opening mechanism is what protects against pocket dialing. In the iphone case I believe that's implemented as a finger slide. The additional PIN code is obviously there to prevent people from using your phone or seeing your data -- and it failed.
Re:Better not fix it. (Score:3, Informative)
There have been Linux tools for getting music on and off the iPod since about a week after the first iPod came out.
Yeah, Apple doesn't support it, but so what?
Re:Sounds like a feature (Score:4, Informative)
I read through both linked articles and it comes down to only this data is exposed:
This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents
Certainly not all of the data on the phone. Your e-mails, notes, application-specific data, address book, password keychain, and so on are still safely encrypted. Yes, this isn't a perfect situation but it's not as dire as it sounds. Most data that people expect to be secure is still secure.
Re:Apple can now reproduce (Score:4, Informative)
Re:Sounds like a feature (Score:3, Informative)
Can't speak to Blackberries and such, but on my Symbian-based phone (Samsung i8510) if I connect it to USB while it's PIN-locked all it does is recharge. I did this on my work PC while watching /var/log/dmesg and all it registered was a USB HUB being connected. No access to the phone memory at all. After I entered the PIN, the phone's internal storage and the SD card I have in were suddenly available.
Of course, if you have physical access to my phone you can pull out the SD card, which doesn't have any protection at all. But it's mostly just music on that, I think all my "private" information is on the internal memory and/or the SIM (which I also have a PIN on).
Re:Sounds like a feature (Score:2, Informative)
lol...yep 4^10
Actually it's 10^4 (10,000 permutations), not 4^10 (1048576 permutations).
Re:Sounds like a feature (Score:5, Informative)
OK, upon further testing (I don't use a passcode myself so I never even looked into this) and getting some information from others, it looks like this isn't a total oversight on Apple's part, but it is a real bug that requires a specific sequence to trigger.
Here's how it's supposed to work:
The actual bug is that there's a race condition during boot. There's a window during which the lock code setting hasn't been read, during which the phone will accept pairing requests even though it shouldn't.
If you want to try it on Linux, do this:
Notice how the "slide to unlock" SpringBoard screen will not have yet appeared when this works. Once it does, the passcode has been configured and pairing will no longer work. On the latest version of ubuntu it tries to automount as soon as it sees the device, which makes this bug a lot more obvious.
Re:Sounds like a feature (Score:3, Informative)
Sorry but no. The encryption is enabled on all 3GS phones (and only 3GS, not 3G or prior) full time and can not be disabled.
The 3GS *has* functional security except for the number of holes that have been poked in it.
I don't know what rep you're talking to but he's misinformed and would otherwise be totally in violation of Apple's disclosure policy which reads something like 'if you tell anyone before Jobs does you're fired on the spot'.
We too are doing testing @ work but all the holes that hackers keep poking into the iPhone keep putting the launch off 'until the next (secure) release'