New iPhone Vulnerability Exposes Data to Linux

Ryan Whitwam

A new report from security expert Bernard Marienfeldt illustrates a fairly big security hole in the way the iPhone secures user data. When plugged into a Windows or OSX box, and iPhone will only display the DCIM pictures folder. But on the newest Lucid Lynx build of Ubuntu Linux, users can get full read access to the phone. If you think setting a security PIN will help, you're wrong - it doesn't seem to do a thing.

This doesn't require the phone to be specially configured, or compromised in any way. Part of the problem is that in order to make syncing easier, the iPhone does not need any software switches to be flipped in order to exchange data with a computer. Another problem that allows this bug is the iPHone's lack of data encryption.

Marienfeldt says that full write access may be easy to gain as well with further investigation. If this is accomplished, an unauthorized party could access phone functions like calls and text messaging. The real lesson here is that maybe enterprise users should think twice about deploying iPhones. Does this change to calculation for anyone out there?

Image via  Bernard Marienfeldt

Around the web