iPhone security ‘too weak for business’

An iPhone developer and hacker says that the gizmos are about as useful as a chocolate teapot for corporations and government agencies because the encryption is too weak.

Jonathan Zdziarski said that Apple’s supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes.

Zdziarski said that no developers he knew had ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security. He added that the new iPhone 3GS encryption feature was ‘broken’ when it comes to protecting sensitive information such as credit card numbers and social-security digits.

He also said that it is easy to access a user’s private information on an iPhone 3GS as it was on the previous generation iPhone 3G or first generation iPhone, both of which didn’t have any encryption.

Hackers can use Red Sn0w and Purple Ra1n to install a custom kernel on the phone. Then, the thief can install a Secure Shell (SSH) client to port the iPhone’s raw disk image across SSH onto a computer.

Apple has been pushing its iPhone as an alternative to the Blackberry and despite the iPhone’s poor battery life, many Fortune 500 outfits have been taking the bait.

Zdziarski showed Wired how to tap into an iPhone 3GS’ data with a few easy steps, adding that the iPhone’s software versatility isn’t worth the risk for use in the workforce.