Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier
Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.
Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …
I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
(Excerpt) Read more at zdnet.com ...
Let’s think of it as Unauthorized access, then.
Same as if you were called into your Commanding Officers office, and while he took a phone call, you saw a folder titled CONFIDENTIAL or SECRET, and you open it and peek while his back is turned.
It isn’t yours. It’s against the law. Basically, it is stealing. It is malicious.
Nah, I use everything. It’s like a big game of rock, paper, scissors for me. As far as I’m concerned, they all have their uses. I’m figuring that Chromium OS is gonna come out and wipe everything off the map and completely change the way we use computers.
cj ping
oh, absolutely! I fully agree! Yet we have laws against treason and stealing of “Secret” information and it still happens. People break laws - I know, surprise...;)
Actually, your analogy is great; this is equivalent to leaving your confidential information in a manila file on your desk, with a “do not touch” sticky on it. Yeah, if I’m honest and ethical I won’t touch it; but if I’m not, it takes just a few seconds to copy EVERYTHING in that file.
At that meeting with a client, and have to get up to go to the bathroom? If you leave your phone, they could copy the entire contents, and find out who your suppliers are and bypass you.
Or find out which of their competitors you also sell to, and use that information in their negotiations against you, or to pump you for information beyond what you’d normally share (because they know how to “direct” their questions).
Or they could just find your home address and sell that to a kidnapper (in many foreign countries the “rich foreigner” keeps his address secret for that very reason).
Or that note in your phone with your PINs and passwords.
Or that SMS from your mistress, and use that to blackmail you.
And on and on. So if you’ve ever left your iPhone alone in another room, it’s possible EVERY THING on that phone’s been downloaded and copied, and you wouldn’t have a clue about it. EVERY THING. Movies, music, personal information, etc.
I hope Apple fixes this security breach, because it’s a pretty serious one. Being able to copy everything on your phone in a few seconds - bypassing all the security methods normally there - is a real problem.
HERETIC! There is nothing you need that Apple cannot provide you; and even if there is, you can run Boot Camp...:)
At least that’s what I’m always told!
Personally, I have a Macbook Pro, and an older Thinkpad loaded with Ubuntu 10, that I use when doing cross-platform audio development (I use PortAudio for the base library). That way I can develop in Windows (I really like Visual Studio), then copy code over and compile and test on the other platforms. Only way to really guarantee cross-platform functionality!
Yes, is. Any business that handles confidential information like credit card numbers, ss numbers, bank account numbers, or medical information should be concerned about this. If the company deals in and uses that kind of information there's a good change some of it is going to be included in or attached to emails. If they've got an iPhone and sych it with their company email system then that information can be had by anyone who can get their hands on that phone for just a few minutes, and there's no audit trail that records the fact the data was accessed.
Biggle podslurping.
Does the PIN stay if you power the phone down? (Remember, in this senerio, someone has physical access to your phone.) Also, does it also keep you from accessing the phone when it is powered on? i.e., when it boots, does the PIN prevent initial access? I ask because my phone doesn't work like that. Granted, I don't have an HTC or similar device, as my phone is merely intended to take phone calls.
Regarding my troll filter, it's in place because it makes FR more enjoyable to read. Nothing more or less than that. From past experience you have to beat someone over the head several times before they realize they've been plonked, but that's just the nature of trolls. It's been a long time since I've needed to use it, but since the moderators on FR don't seem to be interested in doing anything about these trolls, it is, sadly, necessary. Been here a long time, and moderation fluctuates between being good and bad here. Right now, at least on tech topics, it seems to have reached its low ebb again. Seems to be the nature of things, but fortunately we have technology to help lighten the impact of bad moderation.
Yes, the PIN stays when you power down; it’s a “always enter the PIN/never enter the PIN” type operation. Like setting password protection on your computer.
About your troll filter, great; use one if it makes it better for you. My comment was that your HUGE BOLDED replies to things you cannot see was quite childish, like sticking fingers in your ears and saying “nyah nyah I can’t hear you!”
If you’re blocking me why do you keep replying?
then why even have security at all if we are to presume everyone will be honest and do the right thing. Often times locks are made just strong enough to keep the mostly-honest person away. A thief who wants the phone data could just steal the entire phone. So the PIN here should block this type of access like it does on android and windows mobile.
I may start adding you to all my mac replies then :-)
Oh, I fully agree! But then again, we have the example that proves it should be at least a moderate concern: Nifong!
I think he means you pss. You better be nice to him or you'll get blacklisted from his personal list. HOwever, he will continue to respond.
I'll be sure to include him on every reply I make about macs from here on out because I'm really interested in his views. Plus I bet curiosity kills the cat and he is reading these.
I really can't believe he's this immature.
Yeah, probably me. But that’s OK, I’m just a GD EVIL LIAR who has sinned against others.
But the fact I’ve not been shown wrong (but am a liar), and the fact that Apple-fandom isn’t a religion(but I’m evil and sinned against it), seems to indicate there is a real issue here...;)
Like I said before. sometimes it takes extra effort to get certain concepts, like "i have no interest whatsoever in discussing anything with trolls" through their thick head. Eventually they give up when it ceases to be entertaining to them. It's a shame that the moderators have abandoned their responsibilities in this respect.
The good news is most will come out of this experience a better person and will place less faith in a single company/man. Kind of like when the televangilist fell in the 80s/90s. They had so many people ripped off and there wasn’t anything you could to to explain to them that they were being ripped off and sold a bunch of lies.
But once the inner workings and those crooks came out many realized they were duped and are now more skiptical of such scams. I’m sure the same will happen with many of the apple faithful. They will be turned off by these issues because it’s just too hard and illogical to twist this to fit their reality. For years they’ve been told Apple is secure and they’ve been preaching it. How on earth do they correct years of lies and distortions?
I wonder if this will lead to the collapse of the apple faith for most just as the televanglism collapsed in the early late 80s.
I agree the moderators should ban people who post to people saying thy are ignoring them. It’s really childish like putting your fingers in your ears yelling really loud. It just disrupts the place for everyone.
Try just ignoring people. The moderators haven’t abandoned their responsibilities, they just expect FReepers to act a little more mature than 4 year olds screaming “Admin! Johnny made me feel bad!”
I’ve found that just sticking to the facts, and tenaciously refusing to get sidetracked either progresses the discussion, or the hard-headed individual on the other side simply goes away. Either result, the problem is solved!
I do have a final essay to write to day for my class, so I really need to get off this. So I’ll try to take your advice and ignore everyone for a while (at least until I need a break).
Please don’t post anything earth shattering until late tonight when I hopefully will have my essay finished :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.