“Using a four-digit PIN to lock your iPhone doesn't really protect your data, security and IT blogger Bernd Marienfeldt has discovered. In an article describing the iPhone's business security framework, Marienfeldt has found a "data protection vulnerability" in Apple's iPhone 3GS.”

Of course the iPhone has security flaws. It’s just like the Mac or any other OS. Nothing is really immune from attack. People think that because Apple devices don’t get a lot of viruses that it’s more secure. Those people need to wake up. Apple is actually less secure than a Linux or Windows based machine. It has been proven time and again to be the least secure OS out there. Think of it like this- the shed in my backyard has a very simple lock on it and probably could be broken with a hammer. The average bank, on the other hand, usually has alarm systems, locks, guards, cameras all in place in order to keep its contents safe. If I said to you that my shed is more secure than any bank because it has never been broken into you would probably laugh at me.

“Basically, he said, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user's data — including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The "hacker" has read/write access to the iPhone, and the hack leaves no trace.”

For those of you that don't know, Ubuntu Lucid Lynx is a freely-download-able OS that does not even require you to install it. It can be run in a "live" mode right from a CD on almost any computer. You don't even need to be a "hacker" to perform this hack.

“This hack is especially scary because it could allow full write access, and full write access could potentially lead to the attacker being able to make phone calls (as far as we know, the attacker can access all of your data but they can't make any phone calls … how reassuring). Marienfeldt points out that this is especially an issue for corporate/business users, who "rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it."

I'm sure that it's only a matter of time before someone figures out how to make phone calls with this hack. It's also no surprise to
me that Apple has been notified of the flaw, but has yet to correct it (or give a timeline for a patch).

Yours Truly,
- Dave G.
Author, The Tech Review
publishing@lieconomy.com