Wild Speculation on iPhone 3G S Hardware Encryption
At the WWDC yesterday Apple announced the upcoming availability of their iPhone 3G S. In addition to a host of speed optimizations and new OS features Apple announced some new security features for the 3G S models: “Hardware Encryption” and remote wipe.
Ostensibly, the plan is that if your phone were lost or stolen you could issue a remote wipe and be confident that your data couldn’t be accessed. This is a feature that security conscious companies expect based on their experiences with BlackBerry’s “Erase Data and Disable Handheld” feature.
It’s interesting, however, to take a close look at careful wording Apple has used in their communications about the feature:
“iPhone 3G S offers highly secure hardware encryption that enables instantaneous remote wipe. You can even encrypt your iTunes backups.”
It almost sounds like the “whole device” encryption is primarily used to drive the remote wipe feature, not as an active security measure in its own right. If the encryption were used behind the scenes to secure the data on flash, then the remote wipe operation may not delete data. It could just remove the key and the device would “instantaneously” be rendered inoperable.
If that is the approach used there are some potential security implications:
- If the encryption is fully in hardware, is it really securing the device while running, or is it just enabling remote wipe? Will a strong passphrase (> 4 digits) be required to unlock the key? It’s not likely if background operations and software are running.
- Next up – the remote wipe trigger. It stands to reason that the device would need cell or network connectivity to initiate a remote wipe. Could you effectively disable remote wipe on an unlocked device by putting it into airplane mode and shutting off networking? What happens if you pop out and replace the SIM card?
- Finally, there is the matter of the encrypted backups. The statement that you can even encrypt your iTunes backups implies that the feature is optional and that backups wouldn’t normally be encrypted. This may in turn imply that iPhone application data is unencrypted when read off the device during a backup and re-encrypted for storage by iTunes. This lends credence to the idea that the scope of the encryption is limited.
This is all wild speculation of course, since very few substantive details have been released. While there is no doubt that the encryption features will enhance iPhone device security, it remains to be seen how the practical improvements will compare to the launch hype. I strongly suspect that highly sensitive information storage will still require dedicated security applications.
Tuesday, June 09, 2009
tommy says:
like more info
Thursday, July 23, 2009
Tommy says:
From www.iphoneinsecurity.com
July 14, 2009: Seven Deadly iPhone Sins: What Every Enterprise Should Know With buzzwords like, “hardware encryption” and “remote wipe”, many enterprises have been misled into believing that the iPhone 3G[s] is secure enough to store confidential correspondence or other information. Apple is no doubt pushing the enterprise market, but is the iPhone truly secure enough?
While this subject truly warrants a complete white paper, take the following points into consideration. The following apply not only to the iPhone 3G[s], but also to earlier generation devices. Here are the top seven things every enterprise should know about the iPhone:
1. The 3G[s] passcode and encrypted backup password can easily be bypassed in about 30 seconds. This allows an identity thief who gains physical access to the device (for only a short time) to not only access the 3G[s], but to sync an unencrypted copy of its data through iTunes, creating a copy of the owner’s contacts, correspondence, photos, and other valuable data. If it can be synced with iTunes, it can be stolen in a very short period of time.
2. The 3G[s] promised hardware encryption, but this hardware encryption does not protect the information on the iPhone from an information thief. The operating system needs to automatically decrypt the iPhone’s disk in order to boot, allowing anyone with the right know-how to easily acquire all of the data – including deleted data – on the device, bypassing any encryption. In fact, the only useful benefit for hardware encryption thus far has been the ability to quickly format the device, discussed next.
3. Remote wipe and “LocateMe” features can easily be disabled by simply removing the SIM card. Any semi-intelligent thief looking to steal information from your corporate handsets can easily shut these features down within seconds, armed with only a paper clip.
4. If your device is stolen, not only is the iPhone’s live information exposed, but also all of the deleted information on the device. Because the iPhone has such a large storage capacity, it can take six months or more to cycle through deleted data. The hardware itself is designed to minimize writing to the same place on disk, leaving a wealth of deleted data for an information thief.
5. The iPhone OS has a built-in keyboard “logger” which logs nearly everything you type into the device’s keyboard to auto-learn the owner’s typing habits. As a result, endless logs of data are being created containing information typed in by the user. Even fields with auto-correction turned off have been seen to have some of the data entered in them stored in this cache.
6. Every time your employee pushes the home button, the iPhone snaps a screenshot of the last thing they were doing. This is done for most built-in applications such as Mail and Safari, and has been observed for many third party applications as well. A large collection of screenshots of “the last thing” your employee was looking at are being stored on the device, exposing screenshots of potentially confidential information to anyone with the right know-how.
7. There is a wealth of information stored on the device that most users don’t even realize is there. Information about your last GPS positions, which wireless networks you’ve joined and where, your search unread voicemail, and much more. Anything that goes through the iPhone is indefinitely stored on the iPhone.
Consider the risk to your enterprise should the confidential information on corporate iPhones be stolen. The iPhone is about the size of a small laptop disk drive, and is about as easy to copy information from should a thief steal or “borrow” it without your knowledge.