Friday, September 12, 2008

IPhone Pwnage and bypassing the security code

Wired's coverage of Jonathan Zdziarsk's IPhone hack which I mentioned the other day notes that the Pwnage tool can be used in combination with a custom firmware to access the phone without the code. While a local only exploit, it does give forensic investigators a potential way into locked phones without using any special hardware. O'Reilly's webcast of the event is not available yet.

Zdiarski also spoke about the cache retained for fade transitions on the phone. These leave remnant data, which can be recovered, and would show data that users might expect would not still reside on the phone - anything on screen when a transition was prepared would be recoverable.

This emphasizes the need for a secure erase capability on the phone - something that is obviously lacking in the current implementation.

No comments: