iPhone 3GS Security Weakness

If you thought your iPhone 3GS was more secure than the original iPhone or the iPhone 3G, think again. iPhone developer and hacker extraordinaire Jonathan Zdziarski says the encryption Apple has implemented on the iPhone 3GS is next to worthless.

With many businesses, higher education institutions, and government agencies starting to use the iPhone, Zdziarski cites poor encryption as cause for concern. In a demonstration to Wired, he pulled live sensitive data from an iPhone 3GS using readily available free software in only two minutes.

Zdziarski thinks that developers should add their own security if they're worried. According to Zdziarski, “If they’re relying on Apple’s security, then their application is going to be terribly insecure. Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it’s entirely useless toward security.”

Vanson Bourne reported that IT managers are less than eager to embrace the iPhone. Only 29 percent of respondents thought their departments were ready to deploy the iPhone, and 64 percent have no protection against threats to the iPhone at all.

Other gaps in security on the iPhone also exist. For example, every time the iPhone animates a screen it stores a screenshot in memory. Keystrokes are logged. Malicious code could easily slip into an app under Apple's radar, missed in the approval process.

Apple has addressed this issue with its remote kill switch, to allow the company to remotely disable a malicious application. However, the much-touted remote delete feature is useless, according to Zdziarski. If the iPhone is in enemy hands, the first thing any knowledgeable hacker would do is remove the SIM card, making remote delete impossible.

Although 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones, these threats to security will have to be addressed before businesses fully embrace the iPhone as they have the ubiquitous BlackBerry.