During the third quarter 2009 earnings conference call, Apple's Chief Operating Officer Tim Cook had mentioned:
“We’re seeing growing interest with the release of iPhone 3.0 and the
iPhone 3GS due in part to the new hardware encryption and improved
But according iPhone hacking expert, Jonathan Zdziarski the new iPhone 3GS hardware encryption feature is “broken” when it comes to
protecting sensitive information.
Jonathan “NerveGas” Zdziarski had released a hack that made dual-booting possible even on the iPhone (running on older firmware) and has been credited for the iPhone hack which gives you the ability to tether the iPhone to use its EDGE network from your laptop to surf the internet.
He has also published the iPhone Open Application Development book to
develop unofficial native iPhone applications using the iPhone open
source tool chain.
According to him the new iPhone 3GS encryption feature can be cracked in two minutes with some freeware programs.
He had this to say to Wired:
“It is kind of like storing all your secret messages right next to the secret decoder ring. “I don’t think any of us [developers] have ever seen encryption
implemented so poorly before, which is why it’s hard to describe why
it’s such a big threat to security.”
He also claims that accessing sensitive information on the iPhone is as easy as it was with iPhone 3G and the first generation iPhone (iPhone 2G) that don't have the hardware encryption feature. If a thief got hold of an iPhone, he believes it would be very easy for him to extract the user's data using freeware programs.
Zdziarski demonstrated a technique to Wired.com where he was able to get access to iPhone 3GS data quite easily and the encryption did not pose any hindrance.
He also pointed out that the remote wipe feature would not be useful as an intelligent criminal would remove the SIM card to avoid the remote wipe command from coming through, if the sole intention of stealing the iPhone was to gain access to the user's sensitive data.
So his advise to iPhone App developers is to add the extra layer of security in their iPhone app rather than relying on iPhone 3GS's hardware encryption feature.
“If they’re relying on Apple’s security, then their application is
going to be terribly insecure. Apple may be technically
correct that [the iPhone 3GS] has an encryption piece in it, but it’s
entirely useless toward security.”
Apple hasn't commented on the hacker's claim so far. But these are serious allegations, it will be interesting to see what Apple has to say about them.
As always, please let us know your thoughts in the comments section below.