It’s been reported in several blogs that two security experts (Bernd Marienfeldt and Jim Herbeck) have uncovered a way to gain access to the iPhone 3GS file system and potentially make modifications to files leaving no trace of it, even with file system encryption security active. The data protection vulnerability included several different instances of non-jailbroken iPhones.
The security exercise was completed with Ubuntu Lucid Lynx. Here is the abstract from their report:
“I uncovered a data protection vulnerability, which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07), all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place. […] [It is] in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with an PIN code based authentication in place to unlock it.”
The data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents, etc.
Bernd Marienfeldt and Jim Herbeck have notified Apple of this flaw. They have confirmed that Apple was able to easily reproduce the security break-in and seems to understand why this is happening. However, they also confirmed that Apple would not provide timing or further details about a fix or even if this fix would be included with iPhone OS 4.0
Considering how many iPhone users are out there, I’m really concerned about how much corporate and personal information these users are exposing to anyone with enough knowledge on these hacks.