Data on an iPhone 3GS is supposed to be encrypted, using “highly secure hardware encryption that enables instantaneous remote wipe.” This encryption, which uses very secure 256-bit AES, is supposed to be unbreakable, at least in normal conditions.
Well, it seems this is not the case. Security researcher Bernd Marienfeldt discovered that this does not work as advertised. Marienfeltd discovered the following:
I uncovered a data protection vulnerability, which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
In short, by connecting an iPhone to a computer running Linux, Marienfeldt found that he was able to access some user data, such as “music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents” and more.
Marienfeldt does report, however, that he has been in contact with Apple, and that they are unable to reproduce what he found. There will certainly be more to follow regarding this vulnerability.