iProtect, iEncrypt… iLeak
Rik Ferguson, 11/06/2010, posted in "Analysis"
As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organizations. Recognized as an industry ...more info
As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organizations. Recognized as an industry thought leader and analyst, Rik is regularly quoted by the press on issues surrounding Information Security, Cybercrime and technology futures. With over fifteen years experience in the IT Industry with companies such as EDS, McAfee and Xerox Rik’s broad experience enables him to have a clear insight into the challenges and issues facings businesses today. ...less info
I was very interested by a blog post by Bernd Marienfeldt that I read today, which appears to illustrate a serious security weakness in Apple’s iPhone data encryption implementation.
The iPhone 3GS offers Full Disk Encryption using 256 bit AES encoding which should (theoretically) keep your sensitive data safe from prying eyes. It has been public for almost a year that this encryption does not stand up to even the most basic hacking or forensics tools. This latest flaw however will seemingly expose your data to anyone capable of simply booting the device; even if you have set a security PIN.
Bernd Marienfeldt has discovered that by booting a PIN protected iPhone, while it is connected to the USB port of an Ubuntu system, he could access “music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker.”
This access was through the Ubuntu interface and did not require any PIN at all, furthermore the access was not simply read-only, but read/write.
Further testing by heise Security has shown that it is also possible to trick an iPhone into pairing with a PC running iTunes in the same way. This is a phenomenon that I have been able to reproduce, again using a PIN protected, hardware encrypted iPhone.
This related vulnerability is even more worrying than the first. If an attacker manages to pair an iPhone with an unauthorised PC they can make a full back up the phone which would include notes, messages and even plain text passwords.
Testing indicates that this unauthorised pairing and folder access only occurs when the phone has been shut down in an unlocked state, which does serve to mitigate the risk somewhat.
However when a supposed hardware implementation of full disk encryption surrenders any data *at all* in the absence of credentials, something, somewhere is very broken.
Mr. Marienfeldt reports that Apple have acknowledged the flaw but not yet made any indications of a fix schedule.
Subscribe via RSS or via email
