iPhone encryption can be cracked in under two minutes

One major barrier to entry into the business world is security. RIM has earned a solid reputation with reliable and secure data transmissions along with Microsoft. As Apple attempts to show that its platform is ready for the business world, a well known hacker is claiming that the phones encryption can be cracked in less than two minutes.

The ease of use of the iPhone is what is attracting many to the platform. With its finger friendly OS and an application database that is growing at incredible rates; compatibility is expanding each and every week.

Encrypting message is something every organization relies on in-case the mobile equipment accidentally falls into the wrong hands to prevent trade secrets from being stolen. Jonathan Zdziarski, a well known iPhone hacker, claims that "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security." He claims that he was only using off the shelf software and compromised the iPhone in under two minutes.

Until Apple has proven the strength of its encryption it may take longer for widespread corporate adoption. As the user base of the iPhone continues to grow it will become a larger target for malicious users who wish to inflict harm on individuals and corporations; security can never be overlooked.

Report a problem with article
Previous Story

Microsoft denies any Xbox 360 Blu-ray drive possibility

Next Story

Microsoft alters Laptop Hunter ad due to Apple's requests

45 Comments

Commenting is disabled on this article.

I do not understand the complexity of encryption but I pretty much threw this article in the FUD bin when I read that there needs to be physical access to the phone. iPhone data can be nuked remotely if stolen. You can also set it up to self-nuke if the user enters the wrong pass code so many times.

I'm thinking if he's figured out how to hack the phone in 2 minutes, he's not brute forcing the password, so the self nuke is a non-issue for him. Then, supposing he got in, he drops the phones data/cell connection and, BAM, no more remote nuke either. Now your data = pwnd.

There is also a self-nuke that can be configured for a certain number of failed passcode attempts. In the video, it appears that he is running some type of law enforcement forensic software, along with apparently doing a restore on the iPhone.

I don't think it really matters how worst the implementation is. It's just difference between secure, and insecure. Corporates tend not to look at how insecure since they know they won't use it.

Ouch. If this is true, this is really going to hurt Apple. The comment that it's the worst implementation of security he'd ever seen is definitely gotta hurt... :|

I wonder if this is really true though...

Wanderermy said,


For only $9.99!

Best comment so far. A+!
But move the decimal place over 1, and you'll be more accurate, considering that we're talking about an apple product...

He has updated with videos of him supposedly demonstrating this, but all it shows is him encrypting the iPhone, then restoring the iPhone, taking a picture, then accessing that picture. I fail to see how this is bypassing the security.

which encryption?.

The encryption to the communication in between layers of the device, or the encryption used to communicate with the world? (bluetooth, 3g and such)


From the neowin thread up top, it appears you need to first jailbreak the phone, then dump the phone's memory to access the encrypted data. If physical access is indeed required, then that makes this much less of an issue.

It should still be fixed, mind you.

kazuyette said,
So ? It's an unsecure cellphone.

And? Do you store company trade secrets in your phone? Cellphones aren't secure devices, they never were.

Ricardo Gil said,
And? Do you store company trade secrets in your phone? Cellphones aren't secure devices, they never were.


Maybe to you it is just a cell phone and doesn't have confidential data on it, but the reality for businesses is they do need that security.

The executives at large companies and the high ranking politicians in this country, like President Obama, conduct discussions via email on their phones regularly. That means if someone stole the physical phone from these people they would have access to trade secrets, or in the case of the President possibly more, and that stuff needs to be securely wiped.

The fact that the iPhone's encryption can be bypassed so easily means it can't be used in these high security contexts, AKA business + government.

For Joe Consumer, like you, it doesn't make a difference. Your texts about being drunk or nude pics of yourself aren't important enough :P

Frazell Thomas said,
For Joe Consumer, like you, it doesn't make a difference. Your texts about being drunk or nude pics of yourself aren't important enough :P

totally agree. A stolen business could access many trade secrets (first and foremost - emails), so security means a whole lot to corporates.

It never was ready for the business world. No editing of office documents and no multi-tasking. Engadget recently did an article about how lame this is for business. Just because you support exchange doesnt make you a winner.

Where is the proof? How do we know this is true?
"a well known hacker is claiming that the phones encryption can be cracked in less than two minutes."
Claiming? I could claim that the moon is made of cheese, but just because I put it on the internet that doesn't make it true...

I have never had a problem with my iPhone and therefore remain unconvinced.

bigfootabercrombie said,
Where is the proof? How do we know this is true?
"a well known hacker is claiming that the phones encryption can be cracked in less than two minutes."
Claiming? I could claim that the moon is made of cheese, but just because I put it on the internet that doesn't make it true...

I have never had a problem with my iPhone and therefore remain unconvinced.



1. thank you, if he can prove his claim then we can wring our hands in worry.
2. it's really only an issue if Apple does nothing about it.

Nerds may be boring but at least they take security seriously. The hippies at Apple would rather spend their time making the interface look good then making it secure!

The iPhone is not, nor has it ever been, marketed for high security corporate use. Why would people be expecting it to be employing that level of security?

roadwarrior said,
The iPhone is not, nor has it ever been, marketed for high security corporate use. Why would people be expecting it to be employing that level of security?

Hahaha! Wow! haven't you read your Almighty's own website?
http://images.apple.com/iphone/business/do...ty_Overview.pdf
First paragraph:
iPhone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods for access to corporate services, and for iPhone 3GS, hardware encryption for all data stored on the device. iPhone also provides secure protection through the use of passcode policies that can be enforced and delivered over-the-air. And if the device falls into the wrong hands, users and IT administrators can initiate a remote wipe command to help ensure that
private information is erased.

Stop lying please.

Even the jailbreak itself is a security breach since it bypasses Apple's walled garden given anyone full access to the firmware below for easy modifications. You could easily install a keylogger of some sort, and boom passwords galore.

The real problem is not that Apple is advertising a false sense of security with the iPhone 3GS, but any IT person worth their salt should have already realized the jailbreaking is a MASSIVE breach of security and wouldn't bother with the iPhone for sensitive personnel/information anyway.

RealFduch said,
Hahaha! Wow! haven't you read your Almighty's own website?

Stop lying please.


Stop with the arrogance. I had not read that and I stand corrected. The fact remains that this supposed crack has not been substantiated.

FYI, I own a BlackBerry, my wife owns a 3G iPhone. We have two computers in the house, neither of which is an Apple, although I do have OS X installed on the main system (dual boot with Vista) for a few apps that aren't available on Windows.

roadwarrior said,
Stop with the arrogance. I had not read that and I stand corrected. The fact remains that this supposed crack has not been substantiated.

FYI, I own a BlackBerry, my wife owns a 3G iPhone. We have two computers in the house, neither of which is an Apple, although I do have OS X installed on the main system (dual boot with Vista) for a few apps that aren't available on Windows.

Your come back isn't really related to what he said...

leojei said,
Your come back isn't really related to what he said...


How is it not? I admitted that I had not read the web page on Apple's site, and I shot down his claim that Apple was my "Almighty", since I only have two Apple products in my house, along with several non-Apple ones. My wife's iPhone isn't a 3GS so hers doesn't have the hardware based encryption that the article is referring to.

yep well i think it would be fair to say apples choices have left them in same basket of mistakes sony chose to take with psp and this is the end result.