Educause Security Discussion mailing list archives
Re: Implications of Jail breaking ipod/iphones
From: Adam Carlson <ajcarlson () BERKELEY EDU>
Date: Fri, 24 Jul 2009 09:56:32 -0700
Timothy, I'm sorry, but this is not fear mongering. The way that Apple has implemented encryption is terribly bad and could have been done in a smarter way. With their current set up, all you have to do is steal someone's iPhone and pop out the SIM card and the remote wipe feature is useless and the encryption key is still on the device and recoverable. I can do this within seconds of obtaining an iPhone, preventing the remote wipe from ever occurring. I do not believe that this is the case with the Blackberry or any other disk-based encryption scheme that I am aware of. If you can point to a device that uses such a lazy and easily subverted mechanism for encryption, please let me know and I will also avoid relying on their protections as well. The whole point of disk-based encryption on mobile devices is precisely to protect the data in the event it is lost/stolen and falls into the hands unauthorized individual, because that's what often happens with mobile devices. When encryption is done properly, you don't need a remote wipe feature to have confidence that your data is secure. Any risk analysis worth its salt will show that loss/theft is one of the biggest issues with mobile devices. How many laptops, backup tapes, and soon mobile devices are physically lost every year? More than we would like believe and there are plenty of statistics out there showing that this is a real threat that needs to be taken seriously. The encryption scheme does not adequately mitigate this threat so the best option, as I stated, is to not store sensitive material on the device. I honestly have no idea what this encryption is supposed to be doing if it is not protecting against the physical loss of the device. Please let me know if you have some insight, because that is typically the exact reason for implementing encryption on mobile devices. If you are not concerned about physical theft, then yes, this issue with their encryption isn't a huge deal, however, I would also say that the only reason you shouldn't care about physical theft is because you aren't storing sensitive information on the device. -Adam Doty, Timothy T. wrote:
I can't say that I care for the article. A good bit of fear mongering going on. If you read the comments someone (parplin) tries to straighten it out. The Wired author tries to prove the fear mongering claim with a quote from WWDC which he even admits doesn't support his claims. There's quite a bit of strawman argument in the article. What does the encryption achieve? It allows fast wipe by removing the key instead of having to wipe the entire device. What does Apple say that it does? They say it improves security by allowing a fast wipe and because backups are encrypted (by implication without the key, it remaining on the iPhone). Can the protection be bypassed? To give a proper answer you have to consider what is being protected. If I use a lock that is trivial to pick then if I lock something with it there is no significant increase in protection. If I lock my breakables in a wooden crate and someone shoots it up -- well, there was never any protection against that attack. I wouldn't say protection was bypassed or ineffective, I'd say there wasn't any protection against that attack. With the iPhone 3GS it does NOT provide protection against someone with physical access imaging your phone. Should Apple provide such? IMO, yes, but that is not what they are claiming to provide. Is Apple's protection better than the competition?From what I gather it isn't better or worse, it is different. Blackberry provides an automatic wipe when off network for too long. Apple doesn't, but if you issued a remote wipe and your iPhone connects at all (over the cell network, or over wireless) then it wipes. Blackberry doesn't offer a remote wipe over wireless, and the time for the remote wipe is very likely too long to have any impact. Apple provides GPS tracking which is handy for recovery. If you lost it rather than it being stolen it is conceivable that you will recover it before someone does a theft of opportunity. I don't believe Blackberry offers this.Is Apple's protection sufficient? That depends on your needs and risk analysis. How does Apple's encryption affect iPhone forensics? Not at all. The same exact procedure as was used previously (jailbreak, use ssh to remotely access and image) still works. Note that whatever "security" you have on your iPhone is of no consequence -- someone who knows how to get a forensics image will not try and unlock it ten times and risk triggering a wipe. They would most likely keep the iPhone in a foil bag (which prevents remote wipe or GPS tracking). This is standard procedure in cellphone forensics. Remember, security isn't a product. Security isn't a state. Security is a process. Tim Doty Systems Security Analyst Missouri S&T-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Carlson Sent: Thursday, July 23, 2009 6:37 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Implications of Jail breaking ipod/iphones Just thought I would follow-up with this new article which appears to be the best analysis thus far of the 3GS encryption scheme: http://www.wired.com/gadgetlab/2009/07/iphone-encryption I think these quotes unfortunately sum it up: "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security.”" "If they're relying on Apple's security, then their application is going to be terribly insecure," he said. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it's entirely useless toward security." So basically, it sounds like if you lose your 3GS and have encryption enabled, your data can still be accessed (which is usually what you try to prevent with encryption). I had very much hoped that Apple would beef up it's security, but this article talks about why many of Apple's security features are still severely lacking. I know that those who want iPhones are going to use iPhones regardless of the security issues, but hopefully this will help administrators argue that it should be used for less and never used to store sensitive data. -Adam Russell Fulton wrote:On 22/07/2009, at 12:41 PM, Russell Fulton wrote:I have had several people ask me about this and I have triedgooglingaround the area but most the stuff I have found consists of lists of dos and don'ts with little or no background info. The basic question is what are the security implications of jail breaking your iphone?Thanks very much to all of you who took the time to share yourthoughton this one. By and large you have confirmed what I had expected: 1/ Apple overstates the issue (of course). 2/ the built in security model does provide some real and useful protection. 3/ a jail broken iphone in the hands of someone who is careful andknowwhat they are doing is not much different to a PC. 4/ an incautious novice can very easily shoot them selves in the both feet (hmm... that isnt much different to a PC either ;). So I think my advice will be: don't jailbreak your phone unless: a/ you have a really good reason to (i.e. it gets you something thatoutweighs the increased risk) b/ you know what you are doing and are both tech and security savy. Thanks again for all the wonderful input. Russell-- Adam Carlson Chief Security Officer Information Technology Residential and Student Service Programs Tel: 510-643-0631 Email: ajcarlson () berkeley edu "Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis
-- Adam Carlson Chief Security Officer Information Technology Residential and Student Service Programs Tel: 510-643-0631 Email: ajcarlson () berkeley edu "Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis
Current thread:
- Implications of Jail breaking ipod/iphones Russell Fulton (Jul 21)
- <Possible follow-ups>
- Re: Implications of Jail breaking ipod/iphones Anderson, Sherry (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Rick Holland (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Guy Pace (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Russell Fulton (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 23)
- Re: Implications of Jail breaking ipod/iphones Doty, Timothy T. (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Doty, Timothy T. (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 24)