Some businesses need their information to be secure and, in the event of an emergency, need to be able to wipe with strong encryption so that sensitive data cannot be recovered. One of the features Apple touted on their new iPhone 3GS was the business friendly hardware encryption. This was supposed to provide strong built in security, but according to a few developers and forensics enthusiasts, it’s not too difficult to crack.
Jonathan Zdziarski, who actually teaches a forensics course on recovering information from iPhones, says it’s just as easy to retrieve information from the new hardware encrypted 3GS as it was to recover it from the 3G. According to Zdziarski, “I don’t think any of us have ever seen encryption implemented so poorly before.”
Apparently information can be retrieved rather easily using most popular jail-breaking tools. Using this to install custom software on the phone gives a hacker the ability to then SSH into the phone and extract all the data they want. The phone does the decrypting for them.
Zdziarski also says that the iPhone’s remote wiping ability is nothing compared to that of rival RIM’s. Of course RIM and their Blackberry OS has much more experience dealing with enterprise software and security. One weakness that people point to is that to remote wipe, the iPhone must be connected to the network. Blackberry devices can be set to wipe if they are disconnected from the network for too long.
Apple is new to the enterprise game, so they will surely improve their techniques for keeping secret information secure. But if you’re running a business, you might want to think twice before you deploy iPhones for your sensitive communications just yet.