Security of the iPhone in Question

When the first Apple smartphone models came out in 2007 and 2008, most people were still accustomed to the security the Blackberry provided. With the more recent iPhone models, corporate users “rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a PIN code based authentication in place to unlock it,” as according to an article published under Ars Technica.

It is a cycle which just turns. Apple advertises the iPhone as a reliable corporate device which the market eats up. The company then uses the figures to back up their claims that the iPhone 3GS and later models are the devices for the corporate sector.

According to the iPhone’s carrier AT&T, over 40% of their iPhones are owned by members of the enterprise sector. Steve Jobs also stated that 80% of companies included in the Fortune 100 use iPhones in their businesses, leaving RIM and Blackberry in the dust. However, those figures are currently in jeopardy, with a recent security flaw.

Last year, Jonathan Zdziarski, a renowned figure in iPhone data forensics, demonstrated how easy it was to remove the data protection of the iPhone 3GS by using common tools used in hacking and access data on the device. Now, Berndt Marienfeldt, a security researcher revealed a much greater flaw. The data on the iPhone 3GS could easily be accessed by any computer running on the latest Ubuntu, regardless if the phone was password locked or not. Although Apple made it easy to remotely wipe data, the sim could be replaced. Any data saved on the device could be accessed including “music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents,” as stated by Marienfeldt’s blog.

Marienfeldt further states, “Apple could reproduce the described serious issue and believes [it understands] why this can happen but cannot provide timing or further details on the release of a fix.” Hopefully, the iPhone 4.0 OS can provide better security solutions to satisfy the needs of the enterprise community.

Tags: ,