Re: Implications of Jail breaking ipod/iphones

["Doty, Timothy T." <tdoty () MST EDU>]

I can't say that I care for the article. A good bit of fear mongering going on. If you read the comments someone 
(parplin) tries to straighten it out. The Wired author tries to prove the fear mongering claim with a quote from WWDC 
which he even admits doesn't support his claims. There's quite a bit of strawman argument in the article.

What does the encryption achieve?
It allows fast wipe by removing the key instead of having to wipe the entire device.

What does Apple say that it does?
They say it improves security by allowing a fast wipe and because backups are encrypted (by implication without the 
key, it remaining on the iPhone).

Can the protection be bypassed?
To give a proper answer you have to consider what is being protected. If I use a lock that is trivial to pick then if I 
lock something with it there is no significant increase in protection. If I lock my breakables in a wooden crate and 
someone shoots it up -- well, there was never any protection against that attack. I wouldn't say protection was 
bypassed or ineffective, I'd say there wasn't any protection against that attack.

With the iPhone 3GS it does NOT provide protection against someone with physical access imaging your phone. Should 
Apple provide such? IMO, yes, but that is not what they are claiming to provide.

Is Apple's protection better than the competition?
> From what I gather it isn't better or worse, it is different. Blackberry provides an automatic wipe when off network 
> for too long. Apple doesn't, but if you issued a remote wipe and your iPhone connects at all (over the cell network, 
> or over wireless) then it wipes. Blackberry doesn't offer a remote wipe over wireless, and the time for the remote 
> wipe is very likely too long to have any impact. Apple provides GPS tracking which is handy for recovery. If you lost 
> it rather than it being stolen it is conceivable that you will recover it before someone does a theft of opportunity. 
> I don't believe Blackberry offers this.

Is Apple's protection sufficient?
That depends on your needs and risk analysis.

How does Apple's encryption affect iPhone forensics?
Not at all. The same exact procedure as was used previously (jailbreak, use ssh to remotely access and image) still 
works. Note that whatever "security" you have on your iPhone is of no consequence -- someone who knows how to get a 
forensics image will not try and unlock it ten times and risk triggering a wipe. They would most likely keep the iPhone 
in a foil bag (which prevents remote wipe or GPS tracking). This is standard procedure in cellphone forensics.

Remember, security isn't a product. Security isn't a state. Security is a process.

Tim Doty
Systems Security Analyst
Missouri S&T

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Carlson
> Sent: Thursday, July 23, 2009 6:37 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Implications of Jail breaking ipod/iphones
>
> Just thought I would follow-up with this new article which appears to
> be the best analysis thus far of the 3GS encryption scheme:
>
> http://www.wired.com/gadgetlab/2009/07/iphone-encryption
>
> I think these quotes unfortunately sum it up:
>
> "I don't think any of us [developers] have ever seen encryption
> implemented so poorly before, which is why it's hard to describe why
> it's such a big threat to security.”"
>
> "If they're relying on Apple's security, then their application is
> going to be terribly insecure," he said. "Apple may be technically
> correct that [the iPhone 3GS] has an encryption piece in it, but it's
> entirely useless toward security."
>
> So basically, it sounds like if you lose your 3GS and have encryption
> enabled, your data can still be accessed (which is usually what you
> try to prevent with encryption).
>
> I had very much hoped that Apple would beef up it's security, but
> this article talks about why many of Apple's security features are
> still severely lacking.
>
> I know that those who want iPhones are going to use iPhones
> regardless of the security issues, but hopefully this will help
> administrators argue that it should be used for less and never used
> to store sensitive data.
>
> -Adam
>
> Russell Fulton wrote:
> > On 22/07/2009, at 12:41 PM, Russell Fulton wrote:
> >
> > > I have had several people ask me about this and I have tried
> googling
> > > around the area but most the stuff I have found consists of lists of
> > > dos and don'ts with little or no background info.
> > >
> > > The basic question is what are the security implications of jail
> > > breaking your iphone?
> >
> > Thanks very much to all of you who took the time to share your
> thought
> > on this one.
> >
> > By and large you have confirmed what I had expected:
> >
> > 1/ Apple overstates the issue (of course).
> > 2/ the built in security model does provide some real and useful
> > protection.
> > 3/ a jail broken iphone in the hands of someone who is careful and
> know
> > what they are doing is not much different to a PC.
> > 4/ an incautious novice can very easily shoot them selves in the both
> > feet (hmm... that isnt much different to a PC either ;).
> >
> >
> > So I think my advice will be: don't jailbreak your phone unless:
> > a/ you have a really good reason to (i.e. it gets you something that
> out
> > weighs the increased risk)
> > b/ you know what you are doing and are both tech and security savy.
> >
> > Thanks again for all the wonderful input.
> >
> > Russell
>
> --
> Adam Carlson
> Chief Security Officer
> Information Technology
> Residential and Student Service Programs
> Tel: 510-643-0631
> Email: ajcarlson () berkeley edu
>
> "Most of the things worth doing in the world had been declared
> impossible before they were done." ~Louis D. Brandeis

Attachment: smime.p7s
Description: