My faith in humanity continues to dwindle.
May 15, 2011 5:38 AM Subscribe
A number of technology experts have criticized the iPhone's implementation of in-built hardware encryption. Apparently, circumventing it is a trivial matter of docking it to an Ubuntu system and making a drive image. For someone who knows what he is doing, it would take only a few minutes. How secure, however, is the "Erase all Content and Settings" option? If I understand correctly, this works by simply wiping the encryption key thus rendering all data useless to an intruder. More inside.
I had the stomach-churning experience yesterday of losing my iPhone 3GS. After numerous frantic attempts to contact whoever had found it, all subsequent calls have just gone straight to the voicemail and I'm now resigned to the fact that it's lost for good. Thankfully, I had a password in place and the phone was programmed to wipe itself after ten consecutive failed attempts to gain access.
How secure is this however? If the encryption key is simply 'deleted' can't it also be retrieved by a determined criminal using disk recovery software? Or is the key stored on the actual hardware and not the disk? How exactly is it purged?
Please excuse my ignorance. I've changed all my passwords, just in case, but the thought of somebody trawling through my e-mails, messages and personal photographs makes me feel sick. I'm going to assume, for my own sanity, that the person who picked up my phone wasn't a hardened identity thief and will have just fallen into the trap of typing in an incorrect password too many times.
I had the stomach-churning experience yesterday of losing my iPhone 3GS. After numerous frantic attempts to contact whoever had found it, all subsequent calls have just gone straight to the voicemail and I'm now resigned to the fact that it's lost for good. Thankfully, I had a password in place and the phone was programmed to wipe itself after ten consecutive failed attempts to gain access.
How secure is this however? If the encryption key is simply 'deleted' can't it also be retrieved by a determined criminal using disk recovery software? Or is the key stored on the actual hardware and not the disk? How exactly is it purged?
Please excuse my ignorance. I've changed all my passwords, just in case, but the thought of somebody trawling through my e-mails, messages and personal photographs makes me feel sick. I'm going to assume, for my own sanity, that the person who picked up my phone wasn't a hardened identity thief and will have just fallen into the trap of typing in an incorrect password too many times.
Best answer: *ack* Flash storage can NOT be accessed by microscope...
posted by Lame_username at 6:39 AM on May 15, 2011
posted by Lame_username at 6:39 AM on May 15, 2011
Best answer: As long as I'm bumming you out, I might as well point out that the passcode isn't very secure either. Video of breaking passcode
posted by Lame_username at 6:42 AM on May 15, 2011
posted by Lame_username at 6:42 AM on May 15, 2011
I would guess the following two cases are, by far, the most likely things to have happened:
1) Your phone was not stolen but lost, it's currently stuck between some seat cushions on a bus, or pushed into a corner under a table at a bar, and it's just sitting there with the battery slowly dying.
2) It was found by someone who thought, "Oh, cool, free phone!" who immediately deleted all your data so that they could either put their own data on there and use it, or sell it on ebay for $100.
I would think that the motivation for phone theft is to get free phones, rather than to get largely useless personal details from random people.
posted by tylerkaraszewski at 9:29 AM on May 15, 2011
1) Your phone was not stolen but lost, it's currently stuck between some seat cushions on a bus, or pushed into a corner under a table at a bar, and it's just sitting there with the battery slowly dying.
2) It was found by someone who thought, "Oh, cool, free phone!" who immediately deleted all your data so that they could either put their own data on there and use it, or sell it on ebay for $100.
I would think that the motivation for phone theft is to get free phones, rather than to get largely useless personal details from random people.
posted by tylerkaraszewski at 9:29 AM on May 15, 2011
I found an iPhone 4 on BART last week—somebody ran off the train at 12th St. Oakland, then when I was getting off 3 stops later I noticed it—and when I turned it in to the agent at my station, they told me they were required to power down lost phones. Which is truly a bummer for the "call-it-and-see" scenario, but hints that there are definitely many possible situations where somebody is not reading all your emails.
(In the future maybe I won't turn things in to BART lost-and-found, if I really want to be conscientious about getting it back to the person fast!)
posted by xueexueg at 3:44 PM on May 15, 2011
(In the future maybe I won't turn things in to BART lost-and-found, if I really want to be conscientious about getting it back to the person fast!)
posted by xueexueg at 3:44 PM on May 15, 2011
As long as I'm bumming you out, I might as well point out that the passcode isn't very secure either. Video of breaking passcode
It's worth pointing out that this attack requires access to a backup of the phone on your desktop - the tools extract your passcode from the backup and use that to unlock the hardware.
eg. the Cellebrite UFED (universal forensic extraction device) requires a copy of a .plist from the backup on a desktop computer to remove the passcode on an iPhone.
It's worth pointing out that this attack requires access to a backup of the phone on your desktop - the tools extract your passcode from the backup and use that to unlock the hardware.
eg. the Cellebrite UFED (universal forensic extraction device) requires a copy of a .plist from the backup on a desktop computer to remove the passcode on an iPhone.
Overview: Access can be gained to user locked iPhone devices by copying certain .plist files from the user’s PC or Mac iTunes directory to a USB Flash Drive. This USB drive can then be used in conjunction with your UFED System as a key, to bypass the user locked iPhone. Please note the .plist files MUST come from the computer which the specific iPhone is synced with, after the user code was enabled.posted by russm at 9:19 PM on May 15, 2011
This thread is closed to new comments.
However, if someone wanted your data, all they would have to do is remove the sim card as soon as they got the phone. Once the sim is out, the remote wipe would not longer work. If they don't attempt to force the pin, they can access your data up until the phone is wiped, with script kiddie level tools. Wired on point
Sorry to be the bearer of bad news. If it makes you feel any better, most people who get a stolen phone are morons and aren't looking to dig through your stuff.
posted by Lame_username at 6:38 AM on May 15, 2011