Educause Security Discussion mailing list archives
Re: Implications of Jail breaking ipod/iphones
From: Adam Carlson <ajcarlson () BERKELEY EDU>
Date: Thu, 23 Jul 2009 16:37:08 -0700
Just thought I would follow-up with this new article which appears to be the best analysis thus far of the 3GS encryption scheme: http://www.wired.com/gadgetlab/2009/07/iphone-encryption I think these quotes unfortunately sum it up: "I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security.”" "If they're relying on Apple's security, then their application is going to be terribly insecure," he said. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it's entirely useless toward security." So basically, it sounds like if you lose your 3GS and have encryption enabled, your data can still be accessed (which is usually what you try to prevent with encryption). I had very much hoped that Apple would beef up it's security, but this article talks about why many of Apple's security features are still severely lacking. I know that those who want iPhones are going to use iPhones regardless of the security issues, but hopefully this will help administrators argue that it should be used for less and never used to store sensitive data. -Adam Russell Fulton wrote:
On 22/07/2009, at 12:41 PM, Russell Fulton wrote:I have had several people ask me about this and I have tried googling around the area but most the stuff I have found consists of lists of dos and don'ts with little or no background info. The basic question is what are the security implications of jail breaking your iphone?Thanks very much to all of you who took the time to share your thought on this one. By and large you have confirmed what I had expected: 1/ Apple overstates the issue (of course). 2/ the built in security model does provide some real and useful protection. 3/ a jail broken iphone in the hands of someone who is careful and know what they are doing is not much different to a PC. 4/ an incautious novice can very easily shoot them selves in the both feet (hmm... that isnt much different to a PC either ;). So I think my advice will be: don't jailbreak your phone unless: a/ you have a really good reason to (i.e. it gets you something that out weighs the increased risk) b/ you know what you are doing and are both tech and security savy. Thanks again for all the wonderful input. Russell
-- Adam Carlson Chief Security Officer Information Technology Residential and Student Service Programs Tel: 510-643-0631 Email: ajcarlson () berkeley edu "Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis
Current thread:
- Implications of Jail breaking ipod/iphones Russell Fulton (Jul 21)
- <Possible follow-ups>
- Re: Implications of Jail breaking ipod/iphones Anderson, Sherry (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Rick Holland (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Guy Pace (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Russell Fulton (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 23)
- Re: Implications of Jail breaking ipod/iphones Doty, Timothy T. (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Doty, Timothy T. (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 24)