What's so secret about that?
Nothing now - you've outed that info yourself, so you're no longer a target of porn-blackmailing hackers!
And remind me to NEVER handle your iPhone!
Unless, of course, I'm wearing the new iPhone 4 accessory:
Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier
Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.
Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …
I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
(Excerpt) Read more at zdnet.com ...
Pretty major security hole, especially for any business users who require confidentiality/security.
Ping!
Any Android vulnerabilities?
Man this has to stop. If this keeps up Apple may be seen as not secure.
We can’t have that now can we. Maybe if they were a little less successful in sales then this exploit wouldn’t have been made widely known. You know like the Mac security.
bump
What's so secret about that?
What's so secret about that?
Nothing now - you've outed that info yourself, so you're no longer a target of porn-blackmailing hackers!
And remind me to NEVER handle your iPhone!
Unless, of course, I'm wearing the new iPhone 4 accessory:
So someone would have to steal my phone and then physically connect it to a computer running a specific version of Ubuntu Linux.....OK, is that a security hole? Yes. Will it affect anyone? 99.999% chance that it will affect absolutely no one. Moving on.
I know there are many, but in this case, when you lock your Android (or WinMo, or BB, or Symbian) phone it doesn't automount as a device when you plug it into a computer.
For some reason I find mixing discussion of porn and that picture troubling.
Can't be. I've been told by many on FR that iOS and OSX are invulnerable because they're designed and written differently. They cannot be hacked or infected.
And I guess, in this case, they're right. No software or hacking needed, unless you count the act of physically plugging a USB cable into a computer a hack...;)
About a year ago, a buddy asked me if the iphone could get viruses like a home computer can.
Well, if you can, I'm sure I will, the sites I go to...
Physical access required. For an iPhone user this could be useful. For someone that loses their phone, bad.
So that is why I have to manually mount the drive when I plug in the phone. I always considered it a PIA, apparently there was a reason after all.
Leave your iPhone at your desk when you run to the bathroom. I walk over, plug it into my laptop (dual-boot with Ubuntu), take 30 seconds to copy the entire contents, then leave.
I now have ever bit of data you have on your phone. Didn’t have to do anything except plug a cable in. Instant access to everything, and I just drag-and-drop to my hard disk.
So, unless you trust everyone around with every bit of information you may keep on your phone, you should never leave your iPhone laying around. Ever. Not at the office, not at a friend’s party, not even in your hotel room when you go down to take a swim.
A cable and a few seconds. That’s all it takes to copy all your data. So much for a PIN protecting you!
Or even leaves the phone unattended for 2-3 minutes at a business meeting...
Fair enough. It doesn’t bother me because I don’t keep anything important on my phone and I rarely leave it laying anywhere. I don’t work in a traditional office setting so I don’t have to worry about my co-workers. 98% of the time my iphone is in my pocket if I’m not using it. Plus, if I found out a co-worker was fingering my things my fist would have a discussion with their face.
I have been to a few meetings where personal phones had to be surrendered before entry into the room was allowed. That would be a good time to “gather” the competitors data. Just a little in-house espionage.
Physical access required. For an iPhone user this could be useful. For someone that loses their phone, bad.
what does jail-broken mean exactly..?
Oh, same with me! But with more and more people doing lots of e-mail and SMS messaging on their iPhones - and many of those people using them for business - suddenly you can have a LOT of confidential information floating around on a phone that everyone thought was secure.
I wouldn’t want to work at a place where I would have to be paranoid of all my co-workers or everyone I came into contact with at my work (that knows I have an iphone). Unless everyone at this office uses an iphone and there’s just loads of proprietary industry secrets in them I don’t think many people should have a whole lot to worry about.
Jail-breaking is the act of changing the OS of the phone so you can actually use it outside of the app store and the limits Apple places on the phone.
Apple considers it a big no-no and a violation of your “rights” as an iPhone user. Many people jail-break their iPhones, though, so they can actually use it as they desire, load alternate apps, music players, etc.
Never even thought of that! And what about Mr. Prosecutor working with Mr. Guard at the court house, where a judge bans phones? Easy way to get all the data from the defense attorney's phone...
Latex gloves, KY jelly, is this the San Franciso chapter of FreeRepublic?
If you give physical access to nearly ANY computer, it can be hacked.
You know security is relative. Meaning if I keep my server in a secure facility the likelyhood of the drives being stolen and info ripped off them or a virus being installed are low.
However, if I carried my server with personal info on it to bars, theme parks, customer sites, the pool, an airplane, etc...I’d put a lot more secuirty on it like encryption of the data and make it so that just plugging in something like a USB cable wouldn’t allow you to have access to the system.
You’d think with apple being uber secure the iPhone wouldn’t allow someone to easily plug in a USB cable on their phone. Heck I’ve left my cell phone in locked mode before in a relatively unsecure area. If you ever do business with the military you’ll know they have you drop your cell phone outside the door on a table where everyone’s cell phone is. Now the phones don’t get stolen as that would be too obvious and you could issue a kill command for ceratain phones. But now the spy can just grab the phone plug it in and get what he wants from all the iPhones on the table.
This is definitely not good nor secure by any means. I really can’t see any security minded person saying this is not a huge issue.
Right for you security of the phone isn’t important but for many business users it’s huge. I wonder how CIO will feel about this now that they are enabling iPhones to have access to the company email.
Here’s another one. If you don’t trust your signficant other or you think your kids are doing bad things...just buy them an iPhone. You can have near instant access to all their info as soon as they go to sleep.
Got a link? Or is this just a guess? This is a serious issue. iPhone isn't just a toy anymore as CTO and other heavies in IT started to put them on their corporate network by allowing them to access corporate email. This hack is just too simple to implement. It's not like it takes a day or two of trying to crack someone's pin via brute force attack. It just gives up the info. Think of it like this the iPhone is like France. They have a military and it appears formidable, but as soon as another military knocks on their door and says leave...they turn tail and run. The security provided on the iPhone is a joke. Why even have a pin at all if it doesn't work?
is an ATM a computer? I have physical access to them and so do hackers but other then tricks by having stupid users enter their pins and have their cards scanned by another computer I don't think ATMs are getting hacked even though we all have physical access to them.
I'm glad Apple doesn't make ATM security...the banks would go broke.
No this is an apple thread. How far is Apply HQ from SF anyway?
tech ping please
It just occurred to me, if you can just plug it in and read, you could just as easily write. Is the iPhone acting as a dumb drive? Could someone replace critical files with modified versions giving them live access any time they wanted?
Physical access means complete access to the machine. An ATM in a locked case isn’t easily hackable, but give a competent person the key and they can hack the machine.
Many ATMs run Windows and I’ve even seen a couple with the blue screen.
Ok so I don’t need complete access to an iPhone and I can grab all the data I need off it. Just expose connector to me and I’ll get everything I need.
Seems apple would catch it because they care about their own security too. Could this have a simple fix?
not yet they can’t write to it. The research appears to be ongoing and they just need a buffer overflow to exploit. And based on teh latest round of patches on the iOS it appears they have several to choose from.
ping
I *think* they stopped supporting 1st gen iPhones so if this works on those I don’t think there will be a fix other than buy a new iPhone. But then you have to deal with the broken attenna issues and yellow screens.
I said NEARLY any computer. But I’m sure you understood that. After all, we wouldn’t want to make ‘stupid’ statements about ‘unhackable’ computers, would we?
But why even bring it up because we aren’t talking about hacking a computer with true physical access rather we are talking about hacking a phone that is left unattended for 2 minutes.
HUGE difference in scale. Your original point appeared to water this HUGE issue down by just saying all computers are susceptible when left unattended. But in reality that’s not the case as proven by my ATM example. It’s all just a matter of scale.
So on a scale of security when someone has physical access it goes...
iphone -> PC -> other cell phones -> atm
needless to say the pc and cell phone examples listed are assuming no encryption.
Everyone involved in computer security knows that once someone has physical access, unless all data on the device is fully encrypted, that it is vulnerable. I'm sorry, but this particular "vulnerability" is fairly lame.
Actually, Ubuntu is one of the most ubiquitous forms of Linux out there. It’s highly extensible, flexible, and seen as one of the primary portal OSes in the battle for Windows users who want greater security with the flexibility of Windows.
To say that this won’t affect anyone is folly. I’ve upgraded my Ubuntu rev to 10.04, and it’s always fun to poke around in the install for new toys. I know several co-workers who bought new laptops for their college-bound teens and instead of accepting the Windows 7 EULA, they’re declining and installing Ubuntu instead (it is free, after all). Those kids might have an iPhone, and this security “hole” (I agree it’s not really a hole) is concerning. I’m sure the Linux community will “fix” it or Apple will push a new iPhone security fix (do they do this?) to ensure this can’t happen.
With Linux gaining acceptance in the user community (highly-technical users anyway), this might become more prevalent.
No, not really. An ATM has a computer in it, but so do modern cars.
No you do not. The people who have actual access to the computers in an ATM usually carry guns and keys.
Having cards and PINs stolen or cloned is hacking the card not the ATM.
The closest thing to what can be done with and Iphone I have heard of. is someone backing a truck up to an ATM and pulling it from the wall and loading it into the truck. Once that happens an ATM is not secure either.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.