Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
02-10-2011, 02:03 PM #21
02-10-2011, 02:08 PM #22
I guess jailbreaks should start requiring you to enter the password if that's possible.
02-10-2011, 02:11 PM #23
02-10-2011, 02:15 PM #24
02-10-2011, 02:33 PM #25
Last edited by santacruzlocal; 02-10-2011 at 02:33 PM. Reason: Automerged Doublepost
02-10-2011, 02:36 PM #26
Last edited by bigbaba; 02-10-2011 at 02:36 PM. Reason: Automerged Doublepost
02-10-2011, 02:48 PM #27
Bad article headline/title.
They did not highlight the security threats of jailbreaking.
They used the same voulnerabilities used by jailbreaking (which exist in all iPhones) to highlight the security risk of using an iPhone to connect to other systems.
So if you have an iPhone - and they get physical access to it - you are at risk. It has nothing to do with jailbreaking.
If you have an iPhone and you don't have any passwords stored in it, such as for wifi, email, or VPN - then all they get is your iPhone and the pictures of your dog.
If you have an iPhone and you have set up email, VPN, wifi, and other services then you are at a higher risk - as they can get your pictures of your dog AND access to your email, servers, encrypted data, etc etc...
But like others have said - this exploit requires PHYSICAL ACCESS. The only real noteworthy thing is that it can be accomplished in 6 minutes. If someone has access to a device they can hack it eventually. What this shows is that they can hack it *quickly*.
Leave your iPhone on your desk while you go to a meeting or to lunch? Someone could hack it while you were gone.
Leave your iPhone in your hotel room while you go for a swim? Someone could hack it while you are gone.
Forget your iPhone at a restaurant and remember half way back to work? Someone could hack it before you get back.
The real issue here is *not* jailbreaking. The issue is that the iPhone keychain (which relies on the same basic model as on Mac OSX) is not locked with your iPhone passcode. The keychain on the iPhone is locked using information physically on the device - so it is easily discoverable. Apple could EASILY fix this (or at least make it much harder/slower) by making the iPhone keychain system utilize your passcode in it's encryption.
02-10-2011, 02:48 PM #28
Nothing new but a lot more bancking apps on all phones not just the Iphone. All are in the same boat.
02-10-2011, 02:51 PM #29
I always knew that you could do that...its kinda old news. I just wish i new more abour security script that way before i sold mine i could manually delete "risky" information
02-10-2011, 03:10 PM #30
02-10-2011, 03:22 PM #31
02-10-2011, 03:27 PM #32
Same thing can happen on your mac or any computer......
02-10-2011, 03:32 PM #33
The researchers gained access by jailbreaking the phone and installing OpenSSH. Changing your root password would make it MUCH harder to access your data.
02-10-2011, 03:35 PM #34
If you're storing passwords and other sensitive info on your iPhone and leave your phone lying around out in the open for anyone to grab, then you deserve to have your info stolen...these "Germans" wasted a lot of time on nothing.
02-10-2011, 03:38 PM #35
Last edited by Antman217; 02-10-2011 at 03:38 PM. Reason: Automerged Doublepost
02-10-2011, 03:42 PM #36
02-10-2011, 03:53 PM #37
02-10-2011, 04:07 PM #38
Good guide about how to hack an iPhone if you find one.... Stupid
02-10-2011, 04:14 PM #39
Last edited by psp257; 02-10-2011 at 04:17 PM.
02-10-2011, 04:54 PM #40
Something you guys aren't considering. If you can't get to a computer(or more specifically, YOUR computer) in 6 minutes or let's be generous and say 10 minutes then it doesn't matter if you have MobileMe or not. Plus like someone else said once you pull the sim out or turn the phone off MobileMe won't do anything and then you're free to devise a way to turn it on and have it not be able to acquire a signal thus rendering MobileMe useless yet again.
Another thing, people can't SSH into your phone wirelessly without your root password and you also would have to leave SSH on which most of us turn off with SBSettings since it eats up the battery anyway. Diskaid and iphoneexplorer only work if someone physically has your phone. In other words guys, this is nothing to worry about.
Last edited by alexevo; 02-10-2011 at 04:54 PM. Reason: Automerged Doublepost