Two security experts Bernd Marienfeldt and Jim Herbeck had identified a major data protection flaw in Apple iPhone 3GS which provides read write access by using Ubuntu Lucid Lynx and bypasses the iPhone security.

Bernd wrote in his blog post:

“I uncovered a data protection vulnerability, which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all passcode (4 digits) protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.”

Further he said:

“This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it.”

Bernd Marienfeldt informed Apple about this iPhone 3GS security flaw and the process to reproduce the problem, so hopefully Apple will issue a fix for iPhone 3GS owners and also pour this security hole for the next iPhone 4G which is expected at WWDC 2010 on June 7 2010.

Leave a Reply

You will be able to edit your comment after submitting.

Follow Me on Twitter