| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 May 2010 11:28:38 +0100 From: Bernd Marienfeldt <bernd@...x.net> To: full-disclosure@...ts.grok.org.uk Subject: iPhone data protection flaw -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior: Fully switch off the iPhone 3GS and then connect it to the Lucid Lynx PC via USB, the phone turns on and will be automatically mounted without any authentication challenge (PIN), allowing read/write access to your various local data, e.g. purchases, DCIM, Downloads, Photos, Recordings etc. Obviously there are other flaws discovered, see [1] which might be even worse depending on your security policy and requirements. Can people confirm same behavior with other iPhone models and OS's ? Cheers Bernd [1] http://marienfeldt.wordpress.com/2010/03/22/iphone-business-security-framework/ or http://tinyurl.com/yyjpfbn - -- Bernd Marienfeldt (Information Security Officer LINX) London Internet Exchange Ltd. Trinity Court, Peterborough, PE1 1DA Registered England and Wales number 3137929 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvxGlYACgkQuhj/IfS3mc5XegCg6Sh5Twpd/hmsigKBDOPyxU5e +i4AoNBuLuJKrBkYyK6G/MD+s5PMD5XC =9PPI -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists