mailing list archives
iPhone data protection flaw
From: Bernd Marienfeldt <bernd () linx net>
Date: Mon, 17 May 2010 11:28:38 +0100
-----BEGIN PGP SIGNED MESSAGE-----
I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been
surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior:
Fully switch off the iPhone 3GS and then connect it to the Lucid Lynx PC
via USB, the phone turns on and will be automatically mounted without
any authentication challenge (PIN), allowing read/write access to your
various local data, e.g. purchases, DCIM, Downloads, Photos, Recordings etc.
Obviously there are other flaws discovered, see  which might be even
worse depending on your security policy and requirements.
Can people confirm same behavior with other iPhone models and OS's ?
Bernd Marienfeldt (Information Security Officer LINX)
London Internet Exchange Ltd. Trinity Court, Peterborough, PE1 1DA
Registered England and Wales number 3137929
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: iPhone data protection flaw comex (May 18)