mercredi 26 mai 2010

iPhone fail

According to Apple, all data on the iPhone 3GS is hardware-encrypted using 256-bit AES, which cannot be disabled by the user. Access to data on the iPhone is normally restricted to computers with which the iPhone has previously been connected and to which the requisite credentials have previously been transferred. This exchange of credentials is blocked when the iPhone is locked, so that connecting a locked iPhone to an unfamiliar computer will not allow the latter access to data on the iPhone.
Sauf que c'est vraiment "according to apple", dans la réalité c'est un poil différent:
Bernd Marienfeldt, security officer at UK internet node LINX, found that he was able to gain unfettered access to his iPhone 3GS from Ubuntu 10.04. If he connected the device whilst it was turned off and then turned it on, Ubuntu auto-mounted the file system and was able to access several folders despite never having previously been connected to the iPhone.
Lien vers l'article d'origine ici.
Je n'ai pas d'iphone sous la main pour tester, mais si quelqu'un veut bien me confirmer la chose... :-)

Aucun commentaire: