Right on the heels of an industry report that 40% of iPhones are now sold for use in the enterprise, Engadget reported yesterday that a researcher has found a simple way to access encrypted files and folders on the iPhone – just connect it to a computer running Ubuntu 10.04.
To be clear, there is no hacking involved here – according to the research by Bernd Marienfeldt, all that someone has to do with a stolen iPhone is to connect it to Ubuntu 10.04 and the open source OS allows a thief to simply open up any folder or file on an encrypted iPhone. The PIN protection that is offered on the iPhone does nothing to protect the files either in this case. Engadget explains it this way:
Bernd and fellow security guru Jim Herbeck have discovered that plugging even a fully up-to-date, non-jailbroken iPhone 3GS into a computer running Ubuntu Lucid Lynx allows nearly full read access to the phone’s storage — even when it’s locked. The belief is that they’re just a buffer overflow away from full write access as well, which would surely open the door to making calls. Bernd believes the iPhone’s lack of data encryption for content is a real problem, and also cites the inability to digitally sign e-mails as reasons why the iPhone is still not ready for prime time in the enterprise.
The researcher shared his findings with Apple, and Apple tested and confirmed the security hole, but doesn’t have a fix or timeline for a fix at present.
We bet there are a lot of IT managers slapping themselves on the forehead right now thinking they should have stuck with Blackberries.