Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

iPhone data protection flaw
From: Bernd Marienfeldt <bernd () linx net>
Date: Mon, 17 May 2010 11:28:38 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been
surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior:

Fully switch off the iPhone 3GS and then connect it to the Lucid Lynx PC
via USB, the phone turns on and will be automatically mounted without
any authentication challenge (PIN), allowing read/write access to your
various local data, e.g. purchases, DCIM, Downloads, Photos, Recordings etc.

Obviously there are other flaws discovered, see [1] which might be even
worse depending on your security policy and requirements.

Can people confirm same behavior with other iPhone models and OS's ?

Cheers Bernd

[1]
http://marienfeldt.wordpress.com/2010/03/22/iphone-business-security-framework/
or http://tinyurl.com/yyjpfbn

- -- 
Bernd Marienfeldt (Information Security Officer LINX)
London Internet Exchange Ltd. Trinity Court, Peterborough, PE1 1DA
Registered England and Wales number 3137929

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvxGlYACgkQuhj/IfS3mc5XegCg6Sh5Twpd/hmsigKBDOPyxU5e
+i4AoNBuLuJKrBkYyK6G/MD+s5PMD5XC
=9PPI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]