A security researcher is backing up his claims that the Apple iPhone 3GS is not enterprise-ready, with YouTube videos demonstrating how an attacker could get your private data.
A security researcher who
has asserted Apple's iPhone 3GS is not enterprise-ready has posted tutorials on
YouTube to back up his claims.
Jonathan Zdziarski, who
teaches forensic classes about recovering data from the iPhone,
has posted two tutorials to YouTube to demonstrate issues he contends
are serious enough to make IT pros leave the iPhone out of the
enterprise. In one, he shows
how an attacker can
remove a passcode and get to data on the device.
"Now law enforcement has
all of the tools that they need to be able to do this," he noted in the video.
"The problem is the bad guys also do too. So while this is good for forensic
purposes, it's also quite terrible for the rest of us in terms of our own
private security."
In the
second video, he shows
how a hacker can use software tools to download a raw disk image from the phone
that could provide personal information, deleted voice mails and other
data.
Security has emerged as an
important
selling point for Apple with iPhone 3GS. In fact, Apple Chief Operating
Officer Timothy Cook said as much during the company's latest earnings call,
noting that the phone's new hardware encryption and improved security policies
were part of the reason enterprises were expressing interest in 3GS.
The data encryption
feature protects user data by encrypting it in transmission, at rest and when
backed up to iTunes. The smartphone also provides secure methods to prevent
unauthorized use of the device through passcode policies and restrictions. If
the phone is lost or stolen, all data and settings can be cleared remotely.
Still, Zdziarski maintains
that the security holes he demonstrated mean there is
work
left to be done.
"Unfortunately, the iPhone
is completely wide open," Zdziarski said in one of the videos. "As much as I
like this device, Apple really needs to fix some of these security issues for
the consumer before, in my opinion, it's ready for the enterprise."
Apple did not
respond to a request for comment in time for publication.
Email
Print
