The iPhone 3GS’s encryption feature is reportedly so easy to crack, that forensics expert and iPhone developer Jonathan Zdziarski has rendered it “broken.”
It is nearly useless when it comes to safeguarding sensitive data such as credit card and social security numbers; making it one of the worst implementations of encryption he’s ever seen.
While Apple boasts of its enterprise-friendly security, according Zdziarski the 3GS’s encryption can be cracked with the enlisted help of a few free utilities. Accessing private information on the 3GS is just as easy as on the 3G. Live data can be extracted in as little as two minutes, and an entire raw disk image can be made in about 45 minutes.
Zdziarski demonstrated how a thief could effectively use popular jailbreaking tools like Red Sn0w and Purple Ra1n to install a custom kernel. At that point, it’s as easy as installing a Secure Shell client to port the iPhone’s raw disk image across SSH onto a computer. Once the extraction starts, the iPhone actually begins decrypting the data on its own.
The iPhone’s security is even further compromised, according to Zdziarski, because pressing the Home button and zooming in on a screen automatically creates a temporarily stored screenshot. Not to mention that keystrokes are logged in a file on the phone. On top of that, John Casasanta, founder of iPhone development company Tap Tap Tap says that it's possible to tweak an app to send user’s personal data behind the scenes without Apple knowing.
In the event that your phone is stolen, you can’t fully rely on the ability to remotely erase the phone via MobileMe, as it can be circumvented by removing the SIM card. Apple has declined to comment on iPhone security issues, and while I hope they are sorted, I firmly believe that where there's a will, there's a way.