|
|
|
Apple iPhone 3GS Security Holes Revealed in YouTube Videos
By: Brian Prince
2009-07-27
Article Rating: / 13
There are 1 user comments on this Network Security & Hardware story.
A security researcher is backing up his claims that the Apple iPhone 3GS is not enterprise-ready, with YouTube videos demonstrating how an attacker could get your private data.A security researcher who
has asserted Apples iPhone 3GS is not enterprise-ready has posted tutorials on
YouTube to back up his claims.
Jonathan Zdziarski, who
teaches forensic classes about recovering data from the iPhone,
has posted two tutorials to YouTube to demonstrate issues he contends
are serious enough to make IT pros leave the iPhone out of the
enterprise. In one, he shows how an attacker can
remove a passcode and get to data on the device.
Now law enforcement has
all of the tools that they need to be able to do this, he noted in the video.
The problem is the bad guys also do too. So while this is good for forensic
purposes, its also quite terrible for the rest of us in terms of our own
private security.
In the second video, he shows
how a hacker can use software tools to download a raw disk image from the phone
that could provide personal information, deleted voice mails and other
data.
Security has emerged as an
important
selling point for Apple with iPhone 3GS. In fact, Apple Chief Operating
Officer Timothy Cook said as much during the companys latest earnings call,
noting that the phones new hardware encryption and improved security policies
were part of the reason enterprises were expressing interest in 3GS.
The data encryption
feature protects user data by encrypting it in transmission, at rest and when
backed up to iTunes. The smartphone also provides secure methods to prevent
unauthorized use of the device through passcode policies and restrictions. If
the phone is lost or stolen, all data and settings can be cleared remotely.
Still, Zdziarski maintains
that the security holes he demonstrated mean there is work
left to be done.
Unfortunately, the iPhone
is completely wide open, Zdziarski said in one of the videos. As much as I
like this device, Apple really needs to fix some of these security issues for
the consumer before, in my opinion, its ready for the enterprise.
Apple did not
respond to a request for comment in time for publication.
|
|
�������x}r㶲s\@♵M푦d[�kŶ,xMT(��S$�I٣'ˮ��O7�t%_&㩱%�l�h|Ggg�D]ݴ1p͙M5��5|zg`HRsgޅ�-34
@oRQP
Ġ�x�nwݶN`P'~ �> \?g3U;Y|��b(ޗCѺ��QQ�y_HږyH6�EG�J��ߣ*C7�ݩx8/DeO�HYɼ�M"h4"j�>wn3�w23���X]~�D4��ڮq�8]�b'*#O^3j�c㥨�H�aP`\ 9t}�^-
Go&lw��"�QcO$ӡ�q�̢JK^tf>D�>8�z
v
v}jJ�73ҧ
}KH;R@}k��y�>5I
i��1E 94cT$iy8DrH
n>�,
шj%5O?�I܃N8C�Ynհ�}=
:ԍ۱�|$�.j.9b�&�ԃ �P2zhN4,2Q�Ȳn�Mw��Ͱ-P6CMT�jR?tދWcm9/�2+�hK\(�U0>
n0u�p;\Jz}u=;yؼ} Fb��}�"UJ@D�Z-�i"
0i!5&�tt<_MB^�$9@FI?n��j/4E;J
KHS�=
(����N,#�uG�Ҿ췯;6鷏ώ;S$oIJ1<�ZMӀ�H�Z�vB�,�E%M{#kr9n�>3鐚&�tXaV|]kU[_oG�!&w�"rVJze_R��~8�?_$>�wIAұ,Oȿ��;Be}Y 4ӗ?��,Y`M��`�IpL2X��c��]N�2ߜ�>o4C+D_x0Nu{f5
@̀k��fk�PX��DA5@�N)��51t9kM`3Ri�K3_^*�-ͿE7h+bԜ�өɛ!"ƈO�9x�|!XsI��((�G��&�μlO�yp!jY[6'jdamIi3_dxe�ޡ:ix>!e.ڽ^C�T�364>H�,H�!eݴ%�稫榣V'cW*P\?,Ëʾ��b�(7ZdL��,��1,{Lt차�ޗp:� 0h��v?S�Oiͦ8�9y��tD�AG61^�zK
ucb���>'ݸä��p�p�w�>-Fv93�{Q �{>�0i��CkJ�QD$��h��-D�@wM0I�e+�f!S@uG Lν߂2à�F{7t(
�,/�#0/ Zm��{����Ae^~�}�̢!1Y@��X�bMtև
&��SsfPBxԁ!~9.Wb�&�A/���""D% �
h��4�A�G�EBEN@@7gw$]Vi+Raz"�ʦ�B�I�ʗJ�D�V�{T�Kh+�K@f:32YIFMf�
X�*ȉ#�o"0�9X����
,'Z
X�k%Ƽ
f�j~��iڛ�,Â%�G�n]ּG36I�`آwBrPC��;*�:��:��=熳��a\9:�<��V�M+}�'�t����F~Gש�
ݜZ�,�'1!���õ�B3}P˄FrT{��g[,�:r�Ǹ%�q�МaM_ȣ~|Z�ÈIuN/'ܑm˹�/
߄T�+9v#�\ē ry͚X� 4ؐ9|ƓB77CnS^ʚ**�#w�T4��t�jz�#J�ݼ~h���;h{q#%Aw
�=�e河�xOu�YKnuo?յpz9TKӺJ�j'/�"oh��m_Eڠ�ueLGe K-C�� IHf�(XK+e�zlxy���D62�Ci�n
Px�\�{8`O��=0�\ReeZ�Ȅm%:<�Mj�l�[�� �ʸC�fJ�g ~c+&�*d-ë��?v=@�ڇkO�Gn&zȔgH~vR9��g3?�R.C4
�$P+}a�Qu5�kaA�a ��ŵAb=�=�TWաkϧ;ʰw^^�v˖?~F|4^ۄ#�V!҇�D�D3�0`�,��F�=_�M�b^ zD^ɰZQJ~��l"�zd\8˰De�
F;rm۽�tI��3IV/��ЪZ�Z:Ύ^�
>㎾YP�2�<Œ&���PyJ��9o U�:@��g|/�XV;IUSԳбdNk|?�գsgZ�,�wJ�B֮��N�[7O5P)B�G�ӐBD]�
�+m�h./]>:Lc�h
z47DZ.������q�iv�W�jⲏa��t~j]|ťTj��W�PUWt�,,#8j�KCߪ�车h�C�ltPj2�a'A)��pd]�2uܮW�隿F�=;o ���ŧ��r��ECR|{�y-{w[Oj��K·�烬�F�!zۭfS �k3d8)@xdqH�=�^p@ښ�
ҽ>i_sbaNZ
�_Ok=W��7(a��F`l~Y�F_aY�,$"0�.
I�ku:=.��
�� kJ=!�Vo8[SY9d:���
�`E/ԩ
#A�D�rIGzZF�ijqʼn�A/`Ea�1:�(:{_QKᷜo5�?ů1K7�xA�h[(kt�Nz<�,\1[i�N:|"=Br�^'18�;=h1���I��ec�]Z�qm}
zs@&iR'D[3pq*�IKhwI�e�&ޜ,Hu9Ym@yjZӽM3%�[/G,-�I+J#/CiA0;ǭH��R�#E��hq�eP�>�Xki)�i[YUH+?���stH1��|<ƃF $"J-r@Ί~\A>?u$ݝ:V8�8F�ʳ�ƍp'a�wʜW#�}`(� ?�Y
.�k ��v��g>&k��>dNƄ��@95ѧ�ǂ� ��ি�
C�A] ��j��M�$7�L,`�ԇ*h
5fXe@�KoNu!I\vuo_�ar�Js dނ�>3�ᛷ
6n�2�}2K$hבּ�~QO�ƯtGov/zfCY�f=foݷvcW};Ǎ>-l-8t�QC�TiRɘNB�ARTUuklko(�r�Y9sJeOV
;x`�,�hEg�Q�d1�0dƛa�K�f}#uoo=ȥ��֛ݥq=*A�#'���w5GGpSxw6{e�QJW=�q-@�kjejR�>dw2�@m^� �S\�c崃F٫AQ\~Jwcj7+
xI��]]�0�61|K}wkB{�(@%- �t{2�6|p,vYDf>8�!�Gj%?;ۊ+-c>Nkb{b [<\Z;ur-,Wx�T*tIt+pU%!�+,�LqJV�Fga&o�CBz_1��{,9"G+Ng;َ2鎲[U,I2�5�x<9��ŘK0�ȺMp`���=g�,UVf[@kJ�q�k)⍥E;X�ƛ�ܳ~1`� �:}�P�^�6I`30'�ǟth�Q|:AHL�����\SB Щ(Pr}�e'>/JρT&ConV58!��9ZK;M ;�<"?$9u�9yu�ED�x2:d~y789Y6_")wD��D�k遽j"x`X�-~y9Dj;cTG2.@ҹuK1�GF{G��ea0[�] �wkإ",aw�P�oo5V$0IaN�͝/�|!DK\�l�^�@ZVo
]��`R�ş
�{;��,.),s=mOA5!p �F;!�@�=u<9-�o3�40Dɛބ��Tw�mYo9$Uk3"{A��[�o� 6௶aulau�.^�'Ck$/�*qdE��;m^)jhk>rb�L�ك��y{�Yj|ubMv4tF87?7vF�+┱fae�O�%3_�I5�P��Df��S{jIv�|wouv1
נ)8weQ�p|ׂҞ_F#%G>W-Ix��Q *`l{;�pOҷf�}��S&Lm �9(�C=.Nu��ę�ޛ
bW^ɍFʼn�ܳExȄS�`n�G�ƵV�xr̊v��mp/� 30@�4t�r'u4dz�|~"7~�?q�T��ݦ!e
uRfStj
f4}���Su&.[ySD#?
KD)`G%�ߓC~뇺��~�ݤ}
J8+O|oh��d�Q�9C�x8�j
�g{7{[m��$ے]f#msv;"(W�#=��t�_#�7hyl?�L�H~_(R�^q]��odEPX��!1'�9tѰ���L68߉",tZ8�Q+춰�m�,:(5w�1i}P2D�O#�%1�Wee(=#$Gs8RG�5Śx1
�KE�Gnj==#��� �R"R�V(>�Z�l?�Q�X2!v���n��4?8?G+6�ǜMEfID�ET9�]CՔ}u5b? @�,ttAj-bYA-c�2Ʒ^X!tOpkBxrP:IU�3H>PSmeUH*40�H8;�h1�=�H3r�3#�lzZC��JOk&t];x�Vi
K�j�+mLt�\8OX_q�=o7ݝ�C57:QS�;'7Ƅ�֢-*);,/�[�+RAz }�8͌/k�T�PI�V
ק6:F�̽OMDF0�K*�j%VC/CyQ�iwqݗǮ5*>5BY�1�Eΐk%w�֘��p��/}ZpY$�=Xm7r2r灑W*ZTfF}{NZ�Ra
*zd
0oM)�(Z<<~Q,mJ)Ag'B<��s@>-�@G'���cՒn4X-�xѽg��3B;wY�G\\sjό\�aeI_�L66�mEUk)7g%;څ]`aYL &'�蜜X�p,< ::�Iϣ��jg~RۈuX0W0~2FԞ�kޓ(�,?z`,lbZ�3ZMqh�eu�!�,.>M_#Ƙ��n�C�fH��P#�SK�C7��<6K$Ae�Ї5T?�0�G
)Uhueaj+�Z�@kj��]%=ҁW+qܖ.tf�m��(�鈎.h'}&
):u]Б���ߔjmO*oIgOd8��}xx�m@�1"6
?��Jil1Ih�b#�#���6X.f�9'yo_*4>wg(-$=:�}GT�w>09a�=d��D�� {|E� !'@vq]Q
L1J���:,�˘׃U?�fC.7,M}C<
l
� \Z�P4�pLF}eOWJ�ƈ\搟�Ð�3�{#TŰDɴ c� 4Q�?��~1&IE<
,iMP�s6@א0H4�alJX0n#BLk4,?�tkXaϘFL'4`/>D:PbCcн|�\16Faŷ^�(l8*wxcF>b|�>+=�1U �(N08D�(b�E���7�@O��,�,(Ϗ�B5D��R*%n67P����0S�N\<7��Y�ef��xp�Ƨ�x�}� 5tHML���2BL$kQ.閣FMQtV#ߛ�~�3�,ȏ�)nN���L ىr����H$`x=9~imJta~X{��dM`�����b�J])IdR�|:PJ\g�ޕa)걪VRi�?�(^
;Ue"E�=Mɕ@*�Z���Ȉq�/w�o#�&a@}lF(Dwn�sLHѺ:LNפENmx;\;Kr>�)lkEߢֳQQqi}uݹ�Z!v>4m+L�xte$AN/[�mf(NTbSg̥,�%�y�:w"<Z�NA��/|veQc̑:�jS#�[}uR�_��GM&7�b�c>o�I]hF&5+:�r<)�)�)-VNy�ʻ9H'vN1�/?��CN?|:Yg}yC:9CL2�ϽB^Ng(��mș��E/�E�|E�~/�?�9_�">/>/r�y2gSN��S~��909{ s?09ׅws�͑?]/�r�qC�WU@?9Ӄr߃r�__P�>'(W�3OO9rߛ�orڿ�ɡ�=��>k]T�(Rh�K
"�S^9,.Os�.nm;yx#ֽ2�b;�w6�K췡\ţu.T+6�:�7q3[� #ňà��8П�}r�F�F>^֪p3��lc}k�?�;}}:�\>Cg6m'[
}�MF`MTV�N)pB;^a�%ɡ1z�Ix�'O!45EL=#>}58]W�nރ97p�Y�n����)xT-kZYoZԪw俓kD2L����G�b�3jJ]N��lժ~\��,)g
�/(�@#غ7M{%}C7":fȳRLq�
�u+k�%��.�<��tlЎ�iU|��y3�"�`TS;I�@9$�L�o��9X�j,.#v2�QW!+<ʝ��+�fy6kc5;tp)
?`-kD2Ydp�c
l$'4ǭa&r�2@8�Xh ���x�qf=�x-&�֙W��=so(�3!�Mť{6�/Tx| "e*sMr�f�Y-Nؒ1&�QSRۨWy�)�"9<�23wH�P�#V}
0"0
;��Vӄ.aퟤ8ǃI`a\m�8(�1�q�6`:}]�ng�F�`Ƹ>t�f\ci/1���601yx*�>��`#ķX࣍A�{=4&F�Ӵo"9ݜ ţ*aс(Y�c{XmDh�9t}`iMx��_
���OYș=y��G+s�o�nս
}cr;VF^U.@Q)x�ރ�ARʙk-���f�Y{6DOj�
giyU�� (p6d+�.�X&"�>m�<'6}Fu;H�"@"xrt�Pŗ-;waS)f��GVFp)hFN�<}=ڢuK�ğ?X \� cwH�V&(bzU�u ѫ�r!9|�d@�ooM9]c� *|�?� O�Ge �M+.�M-I�S`�oA�s� ?h�/�A�Sl+
6�[ +"���
�
JmӴ1u¹"UXJَR
,��~:3_N�ƝOQh|�W�9�1�,"u�x ���] D
�p�ym�x�:"
���#V|JRX}P?(:�OOg�sZ�i_��H�ʶ�
*}�X^c �0,*0�9�5-E6<]܈x~{ݾŀ�
g�k�OUx.X=lۉR#nȅ-`�j�k�DmYt�ẉA�/F"@�Ă'g"e��}q$Yէr09dv�?,�qg;f¦[HXFIk�k��j1��*��
|
Network Security & Hardware 
