Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: iPhone data protection flaw
From: comex <comexk () gmail com>
Date: Tue, 18 May 2010 18:22:34 -0400

On Mon, May 17, 2010 at 6:28 AM, Bernd Marienfeldt <bernd () linx net> wrote:
Hash: SHA1


I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been
surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior:

Fully switch off the iPhone 3GS and then connect it to the Lucid Lynx PC
via USB, the phone turns on and will be automatically mounted without
any authentication challenge (PIN), allowing read/write access to your
various local data, e.g. purchases, DCIM, Downloads, Photos, Recordings etc.

I'm not sure how it's done on Linux, but in general the iPhone pairs
with computers and refuses to talk to to an unpaired computer if there
is a passcode lock.  You might only be able to read/write data because
you are already paired.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]