iPhone's PIN-Based Security Transparent To Ubuntu 264
ndogg writes "Security experts found that the iPhone 3GS has very little security, even with a PIN set up. They plugged one into Ubuntu 10.04, and it was automounted with almost all of the iPhone's data exposed. This has been reported to Apple, but the company seems to be having difficulty reproducing the problem."
Re:Sounds like a feature (Score:5, Interesting)
Which you can mount under Linux, using FUSE and the appropriate apps (usbmuxd, libimobiledevice, and ifuse). I maintain usbmuxd.
In fact, when you plug an iPhone into a Mac, you can see in the process list that usbmuxd is what Mac OS is using to talk to the device.
Re:Sounds like a feature (Score:5, Interesting)
Either they simply didn't feel the need to make the PIN actually do much more than lock the screen(arguably fairly misleading), or next to no testing was done, or (even worse), setting the PIN also sets some sort of "politely ignore the data you could easily access" flag, that iTunes obeys and the third-party implementations don't.
Already fixed in iPhone OS 4.0 (Score:5, Interesting)
Ya, one of the new features in iPhone OS 4.0 is "Data Protection". Specified files for applications are on the fly encrypted and decrypted. The phone has to be unlocked (valid pin entered) to access the data.
Seems like they already handled this issue, unless someone wants to test that on an iPhone with 4.0 running on it...
Re:iTunes (Score:1, Interesting)
Re:Sounds like a feature (Score:4, Interesting)
I just want to say thanks for all your work. This was a big thing in getting the last windows pc in my house to linux.
Re:RTFA.. (Score:3, Interesting)
Security by friendliness?
Re:Sounds like a feature (Score:3, Interesting)
And it always will. The purpose of the encryption is to allow remote-wipe (and even local-wipe, I suppose) to be nearly instantaneous. Wipe the key, and the data is unreadable, as opposed to having to spend time wiping the entire contents of the flash memory.
The encryption isn't meant to be used day-to-day. It's meant to be transparent until you need to destroy your data.
Re:Who says... (Score:3, Interesting)
That joke is getting a bit old, with Apple selling 4-button mice with every iMac for 5 years now.
Nah. It's still good for many of us :) And besides, Apple can't quite get away from the one-button meme -- even with their multiple button mice, they try and hide the different buttons under one big button. (Something which I would have thought was the single worst interface design decision ever, incidentally ...)
Anyway, I'm not sure what's the big deal about being able to read a small portion of the iPhone drive in Ubuntu -- you still can't access any application data or any of the databases that store your contacts/notes/whatevers. It does mean someone can copy your music ... but that's surely a good thing! And access to part of the file system isn't exactly unusual -- even without Ubuntu, you should be able to see the iPhone's DCIM photo folder when you plug the device into a computer.
Re:Wow. (Score:2, Interesting)
If you think free software should be outlawed, all you are doing is mandating a law that says people have to charge for something even if they don't want to.
P.S. FOSS people are not known to steal anything, instead we create it from scratch and the iPhone code that Ubuntu 10.04 uses was built from scratch it was not taken from any code apple provided as apple has never provided that code to anyone AFAIK. MS has only ever made idle threats about patents without naming any identifiable aspect of it. What have we stolen from anyone. If I don't want to use Windows or OS X then you think you have the write to say I can't program productive software for it or do you honestly believe that we have somehow hacked into apple and stolen the source code for the iPhone.
P.P.S.: The post is true. I have been able to access my PIN protected iPhone 3G (not 3GS) from Ubuntu 10.04 since I installed it. The security aspect is a bit of a concern but then again, since I knew cops have been able to do this all along then I am not that surprised. The plus side is I can now upload songs to my iPhone from Linux without doing a Jail Break (I'm reluctant to Jail Break) and without having to run an app in Wine (since I hate Windows emulation) so kudos to Ubuntu for exposing a security vulnerability and at the same time making the iPhone more usable on Linux. Job well done.