Apple + Security & Privacy

In a recent article, we discussed the iPhone’s hardware encryption. Linking to an article on TidBITs, written by Rich Mogull, we relayed his belief that this hardware encryption was reliable. In his article, Mogull says, “Assuming you follow my other recommendations, it’s highly unlikely even a knowledgeable attacker could break into a lost phone and retrieve your data.”

But it turns out that Mogull is wrong; or at least according to Jonathan Zdziarski, an iPhone developer and teacher of an iPhone forensics workshop. In a Wired article, Zdziarski is quoted as saying, “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.” He also claims that it is as simple to get data from an iPhone 3G as it was on previous models, and that simple, free software allows malicious users to quickly access data. “Live data can be extracted in as little as two minutes, and an entire raw disk image can be made in about 45 minutes.”

Well, we’re not going to choose sides and get involved in this debate: one security researcher says that the iPhone is secure, and another doesn’t. Like in many areas, people do disagree. Perhaps the best advice we can give is not to store any truly confidential data on your iPhone; for example, don’t keep credit card numbers there, because if you lose the phone, whether it takes minutes or hours, a hacker might be able to find that number. Getting physical access to any device, be it a cellphone or a computer, greatly increases the possibility that a hacker will access your data. So don’t lose your phone, and don’t leave anything sensitive on it.