A security expert has claimed that some data on the iPhone is vulnerable to hackers, including deleted voice mail and email, using YouTube videos to spread the word on what he sees as security flaws.

Jonathan Zdziarski, an iPhone developer and forensics instructor, uses one video to demonstrate how easy it is to circumvent a user-created password. In the second, he shows how a hacker that knows his way around the iPhone could easily download a raw disk image that would provide extensive personal information, such as deleted voice mail and email, information stored in the keyboard cache and an plethora of other data.

Zdziarski notes in one of the videos that, “iPhone security is not really enterprise-great, in my opinion, and I sincerely hope Apple fixes these issues. At the same time, the consumer really needs to know that the device is not secure and consider that risk when considering whether or not to use this in a business environment or a government capacity.”

There has been a great deal of controversy about the security of the iPhone, especially in relationship to moving the Apple mobile platform into business operations. Apple has recently said that the hardware encryption available on the new 3GS iPhone model, plus other security measures, make the product suitable for use in a corporate environment. In fact, Tim Cook Apple COO recently said that hundreds of thousands of iPhones are being used today in Fortune 100 and other companies, as well as in government organizations and higher education institutions, according to an InformationWeek story.

On one of his videos, Zdziarski says that the processes used during encryption and decryption on the iPhone 3GS negate the usefulness of encryption altogether. Specifically, he says “The so-called hardware encryption doesn’t actually offer any real encryption, because the iPhone as its sending the disk image automatically decrypts it for you. So it’s as if the device has no encryption whatsoever.”

Apple will need to quickly move to prove Zdziarski wrong, or to fix the problems that he brings to light in these videos. Publicity like this could make it difficult for apple to continue to make inroads into the business marketplace now owned primarily by RIM, and newly being competed for by the Palm Pre. If Apple wants to be taken seriously for business, they have to be serious about security.

Related:

Entry was posted on Monday, July 27th, 2009 at 6:05 pm under Commercial Software, Internet, iPhone, youtube.  Print This Post

Read more entries by Michael W. Jones.
Stumble It!