Discover Cryptography News
iPhone 3GS Hardware Encryption Easy to Circumvent
A mere three days after I published an article touting the enhanced security of the iPhone 3GS - see "iPhone 3GS Offers Enterprise-Class Security for Everyone", 2009-07-20 - security researcher Jonathan Zdziarski revealed a simple, only moderately technical technique for completely circumventing the iPhone's passcode lock and encryption. As a result, the iPhone 3GS encryption can no longer be considered a security control for consumers or enterprises until Apple releases a fix.
Although encryption is one of the most fundamental tools available in the security arsenal, it can be difficult to implement properly. In this case, it isn't that the encryption itself is flawed (although that happens), but that the implementation of the encryption leaves cracks for attackers.