Thursday, July 23, 2009

Hacker Says iPhone 3GS Encryption Is 'Useless' for Businesses

Brian X. Chen writes on Gadget Lab:

Apple claims that hundreds of thousands of iPhones are being used by corporations and government agencies. What it won’t tell you is that the supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware.

“It is kind of like storing all your secret messages right next to the secret decoder ring,” said Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”

With its easy-to-use interface and wealth of applications available for download, the iPhone may be the most attractive smartphone yet for business use. Many companies seem to agree: In Apple’s quarterly earnings conference call Tuesday, Apple chief operating officer Tim Cook said almost 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones apiece; multiple corporations and government organizations have purchased 25,000 iPhones each; and the iPhone has been approved in more than 300 higher education institutions.

But contrary to Apple’s claim that the new iPhone 3GS is more enterprise friendly, the new iPhone 3GS’ encryption feature is “broken” when it comes to protecting sensitive information such as credit card numbers and social-security digits, Zdziarski said.

More here.


Post a Comment

<< Home