{"id":1781,"date":"2010-05-27T13:03:46","date_gmt":"2010-05-27T12:03:46","guid":{"rendered":"http:\/\/blog.intego.com\/?p=1781"},"modified":"2012-12-12T13:48:59","modified_gmt":"2012-12-12T21:48:59","slug":"iphone-data-vulnerability-access-iphone-data-from-linux-computer","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/","title":{"rendered":"iPhone Data Vulnerability: Access iPhone Data from Linux Computer"},"content":{"rendered":"<p>Data on an iPhone 3GS is supposed to be encrypted, using &#8220;highly secure hardware encryption that enables instantaneous remote wipe.&#8221; This encryption, which uses very secure 256-bit AES, is supposed to be unbreakable, at least in normal conditions.<\/p>\n<p>Well, it seems this is not the case. Security researcher Bernd Marienfeldt <a href=\"http:\/\/marienfeldt.wordpress.com\/2010\/03\/22\/iphone-business-security-framework\/\">discovered that this does not work as advertised<\/a>. Marienfeltd discovered the following:<\/p>\n<blockquote><p>\nI uncovered a data protection vulnerability, which  I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.\n<\/p><\/blockquote>\n<p>In short, by connecting an iPhone to a computer running Linux, Marienfeldt found that he was able to access some user data, such as &#8220;music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents&#8221; and more. <\/p>\n<p>Marienfeldt does report, however, that he has been in contact with Apple, and that they are unable to reproduce what he found. There will certainly be more to follow regarding this vulnerability.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data on an iPhone 3GS is supposed to be encrypted, using &#8220;highly secure hardware encryption that enables instantaneous remote wipe.&#8221; This encryption, which uses very secure 256-bit AES, is supposed to be unbreakable, at least in normal conditions. Well, it seems this is not the case. Security researcher Bernd Marienfeldt discovered that this does not [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":1795,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7],"tags":[3151,9,144],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Data on an iPhone 3GS is supposed to be encrypted, using &quot;highly secure hardware encryption that enables instantaneous remote wipe.&quot; This encryption,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"iPhone Data Vulnerability: Access iPhone Data from Linux Computer  - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Data on an iPhone 3GS is supposed to be encrypted, using &quot;highly secure hardware encryption that enables instantaneous remote wipe.&quot; This encryption,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2010-05-27T12:03:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-12-12T21:48:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"128\" \/>\n\t<meta property=\"og:image:height\" content=\"240\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg\",\"width\":\"128\",\"height\":\"240\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/\",\"name\":\"iPhone Data Vulnerability: Access iPhone Data from Linux Computer - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#primaryimage\"},\"datePublished\":\"2010-05-27T12:03:46+00:00\",\"dateModified\":\"2012-12-12T21:48:59+00:00\",\"description\":\"Data on an iPhone 3GS is supposed to be encrypted, using \\\"highly secure hardware encryption that enables instantaneous remote wipe.\\\" This encryption,\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"iPhone Data Vulnerability: Access iPhone Data from Linux Computer\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"iPhone Data Vulnerability: Access iPhone Data from Linux Computer\",\"datePublished\":\"2010-05-27T12:03:46+00:00\",\"dateModified\":\"2012-12-12T21:48:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#webpage\"},\"wordCount\":210,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg\",\"keywords\":[\"Apple\",\"iPhone\",\"Vulnerability\"],\"articleSection\":[\"Apple\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Data on an iPhone 3GS is supposed to be encrypted, using \"highly secure hardware encryption that enables instantaneous remote wipe.\" This encryption,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/","og_locale":"en_US","og_type":"article","og_title":"iPhone Data Vulnerability: Access iPhone Data from Linux Computer  - The Mac Security Blog","og_description":"Data on an iPhone 3GS is supposed to be encrypted, using \"highly secure hardware encryption that enables instantaneous remote wipe.\" This encryption,","og_url":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/","og_site_name":"The Mac Security Blog","article_published_time":"2010-05-27T12:03:46+00:00","article_modified_time":"2012-12-12T21:48:59+00:00","og_image":[{"width":"128","height":"240","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg","width":"128","height":"240"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/","name":"iPhone Data Vulnerability: Access iPhone Data from Linux Computer - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#primaryimage"},"datePublished":"2010-05-27T12:03:46+00:00","dateModified":"2012-12-12T21:48:59+00:00","description":"Data on an iPhone 3GS is supposed to be encrypted, using \"highly secure hardware encryption that enables instantaneous remote wipe.\" This encryption,","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"iPhone Data Vulnerability: Access iPhone Data from Linux Computer"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"iPhone Data Vulnerability: Access iPhone Data from Linux Computer","datePublished":"2010-05-27T12:03:46+00:00","dateModified":"2012-12-12T21:48:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#webpage"},"wordCount":210,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/iphone-data-vulnerability-access-iphone-data-from-linux-computer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg","keywords":["Apple","iPhone","Vulnerability"],"articleSection":["Apple"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2010\/05\/iphone.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-sJ","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/1781"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=1781"}],"version-history":[{"count":0,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/1781\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/1795"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=1781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=1781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=1781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}