iPhone Encryption Useless
Interesting, although I want some more technical details.
…the new iPhone 3GS’ encryption feature is “broken” when it comes to protecting sensitive information such as credit card numbers and social-security digits, Zdziarski said.
Zdziarski said it’s just as easy to access a user’s private information on an iPhone 3GS as it was on the previous generation iPhone 3G or first generation iPhone, both of which didn’t feature encryption. If a thief got his hands on an iPhone, a little bit of free software is all that’s needed to tap into all of the user’s content. Live data can be extracted in as little as two minutes, and an entire raw disk image can be made in about 45 minutes, Zdziarski said.
Wondering where the encryption comes into play? It doesn’t. Strangely, once one begins extracting data from an iPhone 3GS, the iPhone begins to decrypt the data on its own, he said.
Peter Nordstrand • July 29, 2009 7:06 AM
Isn’t Zdziarski missing the point? The encryption comes into play when you remote wipe your phone (available through MobileMe). What happens then is that the iPhone’s encryption key is wiped disabling all access to the phone’s data. This procedure doesn’t take nearly as long as actually wipeing all data from the phone, although the effect is the same.
Apple’s homepage states: “iPhone 3GS offers highly secure hardware encryption that enables instantaneous remote wipe.” (http://www.apple.com/iphone/iphone-3gs/more-features.html)
And that’s the point. Making the remote wipe feature faster.