Posted by: David Harley | June 7, 2010

iPhone leak: is there a little Dutch boy handy?*

The H has reported further on its research into an iPhone problem flagged by Bernd Marienfeldt. The original problem was this: a locked iPhone is supposed to refuse communication with devices to which it hasn’t been formally introduced, but Marienfeldt found that if the phone is accessed while booting, it may nonetheless pair with an unknown device – in that instance a PC running Ubuntu.

Heise’s research, however, indicates that while an encrypted, locked iPhone only discloses music and images,  it’s possible to connect an iPhone with iTunes under Windows, and the H states that connection with a PC running Vista allowed “full system access”, allowing a full backup including plain text passwords. The problem appears to apply to 3G as well as to 3GS devices. However, an update to the article suggests that the vulnerability only exists if the phone is shut down while it’s still unlocked.

*http://www.poetry-archive.com/c/the_leak_in_the_dike.html

David Harley CITP FBCS CISSP
ESET Research Fellow
Mac Virus Administrator

Advertisements

Responses

  1. […] More here. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: