Re: Implications of Jail breaking ipod/iphones

[Adam Carlson <ajcarlson () BERKELEY EDU>]

Timothy,
        I'm sorry, but this is not fear mongering.  The way that Apple has
implemented encryption is terribly bad and could have been done in a
smarter way.  With their current set up, all you have to do is steal
someone's iPhone and pop out the SIM card and the remote wipe feature
is useless and the encryption key is still on the device and
recoverable.  I can do this within seconds of obtaining an iPhone,
preventing the remote wipe from ever occurring.
        I do not believe that this is the case with the Blackberry or any
other disk-based encryption scheme that I am aware of.  If you can
point to a device that uses such a lazy and easily subverted
mechanism for encryption, please let me know and I will also avoid
relying on their protections as well.
        The whole point of disk-based encryption on mobile devices is
precisely to protect the data in the event it is lost/stolen and
falls into the hands unauthorized individual, because that's what
often happens with mobile devices.  When encryption is done properly,
you don't need a remote wipe feature to have confidence that your
data is secure.
        Any risk analysis worth its salt will show that loss/theft is one of
the biggest issues with mobile devices.  How many laptops, backup
tapes, and soon mobile devices are physically lost every year?  More
than we would like believe and there are plenty of statistics out
there showing that this is a real threat that needs to be taken
seriously.  The encryption scheme does not adequately mitigate this
threat so the best option, as I stated, is to not store sensitive
material on the device.
        I honestly have no idea what this encryption is supposed to be doing
if it is not protecting against the physical loss of the device.
Please let me know if you have some insight, because that is
typically the exact reason for implementing encryption on mobile
devices.
        If you are not concerned about physical theft, then yes, this issue
with their encryption isn't a huge deal, however, I would also say
that the only reason you shouldn't care about physical theft is
because you aren't storing sensitive information on the device.
        
-Adam


Doty, Timothy T. wrote:
> I can't say that I care for the article. A good bit of fear mongering going on. If you read the comments someone 
> (parplin) tries to straighten it out. The Wired author tries to prove the fear mongering claim with a quote from WWDC 
> which he even admits doesn't support his claims. There's quite a bit of strawman argument in the article.
>
> What does the encryption achieve?
> It allows fast wipe by removing the key instead of having to wipe the entire device.
>
> What does Apple say that it does?
> They say it improves security by allowing a fast wipe and because backups are encrypted (by implication without the 
> key, it remaining on the iPhone).
>
> Can the protection be bypassed?
> To give a proper answer you have to consider what is being protected. If I use a lock that is trivial to pick then if 
> I lock something with it there is no significant increase in protection. If I lock my breakables in a wooden crate 
> and someone shoots it up -- well, there was never any protection against that attack. I wouldn't say protection was 
> bypassed or ineffective, I'd say there wasn't any protection against that attack.
>
> With the iPhone 3GS it does NOT provide protection against someone with physical access imaging your phone. Should 
> Apple provide such? IMO, yes, but that is not what they are claiming to provide.
>
> Is Apple's protection better than the competition?
> > From what I gather it isn't better or worse, it is different. Blackberry provides an automatic wipe when off network 
> > for too long. Apple doesn't, but if you issued a remote wipe and your iPhone connects at all (over the cell network, 
> > or over wireless) then it wipes. Blackberry doesn't offer a remote wipe over wireless, and the time for the remote 
> > wipe is very likely too long to have any impact. Apple provides GPS tracking which is handy for recovery. If you lost 
> > it rather than it being stolen it is conceivable that you will recover it before someone does a theft of opportunity. 
> > I don't believe Blackberry offers this.
>
> Is Apple's protection sufficient?
> That depends on your needs and risk analysis.
>
> How does Apple's encryption affect iPhone forensics?
> Not at all. The same exact procedure as was used previously (jailbreak, use ssh to remotely access and image) still 
> works. Note that whatever "security" you have on your iPhone is of no consequence -- someone who knows how to get a 
> forensics image will not try and unlock it ten times and risk triggering a wipe. They would most likely keep the 
> iPhone in a foil bag (which prevents remote wipe or GPS tracking). This is standard procedure in cellphone forensics.
>
> Remember, security isn't a product. Security isn't a state. Security is a process.
>
> Tim Doty
> Systems Security Analyst
> Missouri S&T
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Carlson
> > Sent: Thursday, July 23, 2009 6:37 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Implications of Jail breaking ipod/iphones
> >
> > Just thought I would follow-up with this new article which appears to
> > be the best analysis thus far of the 3GS encryption scheme:
> >
> > http://www.wired.com/gadgetlab/2009/07/iphone-encryption
> >
> > I think these quotes unfortunately sum it up:
> >
> > "I don't think any of us [developers] have ever seen encryption
> > implemented so poorly before, which is why it's hard to describe why
> > it's such a big threat to security.”"
> >
> > "If they're relying on Apple's security, then their application is
> > going to be terribly insecure," he said. "Apple may be technically
> > correct that [the iPhone 3GS] has an encryption piece in it, but it's
> > entirely useless toward security."
> >
> > So basically, it sounds like if you lose your 3GS and have encryption
> > enabled, your data can still be accessed (which is usually what you
> > try to prevent with encryption).
> >
> > I had very much hoped that Apple would beef up it's security, but
> > this article talks about why many of Apple's security features are
> > still severely lacking.
> >
> > I know that those who want iPhones are going to use iPhones
> > regardless of the security issues, but hopefully this will help
> > administrators argue that it should be used for less and never used
> > to store sensitive data.
> >
> > -Adam
> >
> > Russell Fulton wrote:
> > > On 22/07/2009, at 12:41 PM, Russell Fulton wrote:
> > >
> > > > I have had several people ask me about this and I have tried
> > googling
> > > > around the area but most the stuff I have found consists of lists of
> > > > dos and don'ts with little or no background info.
> > > >
> > > > The basic question is what are the security implications of jail
> > > > breaking your iphone?
> > > Thanks very much to all of you who took the time to share your
> > thought
> > > on this one.
> > >
> > > By and large you have confirmed what I had expected:
> > >
> > > 1/ Apple overstates the issue (of course).
> > > 2/ the built in security model does provide some real and useful
> > > protection.
> > > 3/ a jail broken iphone in the hands of someone who is careful and
> > know
> > > what they are doing is not much different to a PC.
> > > 4/ an incautious novice can very easily shoot them selves in the both
> > > feet (hmm... that isnt much different to a PC either ;).
> > >
> > >
> > > So I think my advice will be: don't jailbreak your phone unless:
> > > a/ you have a really good reason to (i.e. it gets you something that
> > out
> > > weighs the increased risk)
> > > b/ you know what you are doing and are both tech and security savy.
> > >
> > > Thanks again for all the wonderful input.
> > >
> > > Russell
> > --
> > Adam Carlson
> > Chief Security Officer
> > Information Technology
> > Residential and Student Service Programs
> > Tel: 510-643-0631
> > Email: ajcarlson () berkeley edu
> >
> > "Most of the things worth doing in the world had been declared
> > impossible before they were done." ~Louis D. Brandeis

--
Adam Carlson
Chief Security Officer
Information Technology
Residential and Student Service Programs
Tel: 510-643-0631
Email: ajcarlson () berkeley edu

"Most of the things worth doing in the world had been declared
impossible before they were done." ~Louis D. Brandeis