New iPhone Vulnerability Exposes Data to Linux
New iPhone Vulnerability Exposes Data to Linux
Posted 05/27/2010 at 3:07pm
| by Ryan Whitwam
9
Comments
Print
A new report from security expert Bernard Marienfeldt illustrates a fairly big security hole in the way the iPhone secures user data. When plugged into a Windows or OSX box, and iPhone will only display the DCIM pictures folder. But on the newest Lucid Lynx build of Ubuntu Linux, users can get full read access to the phone. If you think setting a security PIN will help, you're wrong - it doesn't seem to do a thing.
This doesn't require the phone to be specially configured, or compromised in any way. Part of the problem is that in order to make syncing easier, the iPhone does not need any software switches to be flipped in order to exchange data with a computer. Another problem that allows this bug is the iPHone's lack of data encryption.
Marienfeldt says that full write access may be easy to gain as well with further investigation. If this is accomplished, an unauthorized party could access phone functions like calls and text messaging. The real lesson here is that maybe enterprise users should think twice about deploying iPhones. Does this change to calculation for anyone out there?
Image via Bernard Marienfeldt
More like this
9
Comments
Comments are closed on this article
Blair_Flocco
June 19, 2011 at 1:27am
If a bad guy gains physical possession of your device, your data is already compromised Reverse Cell Phone Lookup.That is simply not true. the pin CAN be enforced, but is certainly not a requirement.
stytch
May 28, 2010 at 4:27am
Ubuntu, Isn't that the sweet carmel coating you drizzle all over an apple to make it worth a damn?
fashion_electronics
May 28, 2010 at 12:20am
A lot of electronics that have the simlar design with ipod...high quality...low price...share the excellent with you www.electronicb2c.com
arch20002013
May 27, 2010 at 9:51pm
Now lets plug in an ipad and see what there is to that. And agreed with previous poster, Ubuntu is probably a new word for Apple.
HAF 922
Intel Core 2 Quad Q9550
TWIN2X4096-8500C5DGCorsair hx1000w2x150GB Velociraptors RAID 0 BFG GTX 280 OCX</
CSR
May 27, 2010 at 3:37pm
No. Most users don't even use a PIN to protect their mobile phones, anyway.
If a bad guy gains physical possession of your device, your data is already compromised.
decoy5657
May 28, 2010 at 7:03am
That is simply not true. the pin CAN be enforced, but is certainly not a requirement.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 21 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 21 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 19 hours ago
