Re: Implications of Jail breaking ipod/iphones

["Doty, Timothy T." <tdoty () MST EDU>]

The Wired article puts words in Apple's mouth and then proves that Apple was "wrong". I call that a strawman. Apple 
never claimed to protect against, for example, forensic recovery which methodology is at the heart of the data recovery 
referred to in the article.

As to calling it fear mongering -- that's a personal view, but the sky really isn't falling.

Tim Doty

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Carlson
> Sent: Friday, July 24, 2009 11:57 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Implications of Jail breaking ipod/iphones
>
> Timothy,
>       I'm sorry, but this is not fear mongering.  The way that Apple
> has
> implemented encryption is terribly bad and could have been done in a
> smarter way.  With their current set up, all you have to do is steal
> someone's iPhone and pop out the SIM card and the remote wipe feature
> is useless and the encryption key is still on the device and
> recoverable.  I can do this within seconds of obtaining an iPhone,
> preventing the remote wipe from ever occurring.
>       I do not believe that this is the case with the Blackberry or any
> other disk-based encryption scheme that I am aware of.  If you can
> point to a device that uses such a lazy and easily subverted
> mechanism for encryption, please let me know and I will also avoid
> relying on their protections as well.
>       The whole point of disk-based encryption on mobile devices is
> precisely to protect the data in the event it is lost/stolen and
> falls into the hands unauthorized individual, because that's what
> often happens with mobile devices.  When encryption is done properly,
> you don't need a remote wipe feature to have confidence that your
> data is secure.
>       Any risk analysis worth its salt will show that loss/theft is one
> of
> the biggest issues with mobile devices.  How many laptops, backup
> tapes, and soon mobile devices are physically lost every year?  More
> than we would like believe and there are plenty of statistics out
> there showing that this is a real threat that needs to be taken
> seriously.  The encryption scheme does not adequately mitigate this
> threat so the best option, as I stated, is to not store sensitive
> material on the device.
>       I honestly have no idea what this encryption is supposed to be
> doing
> if it is not protecting against the physical loss of the device.
> Please let me know if you have some insight, because that is
> typically the exact reason for implementing encryption on mobile
> devices.
>       If you are not concerned about physical theft, then yes, this
> issue
> with their encryption isn't a huge deal, however, I would also say
> that the only reason you shouldn't care about physical theft is
> because you aren't storing sensitive information on the device.
>
> -Adam
>
>
> Doty, Timothy T. wrote:
> > I can't say that I care for the article. A good bit of fear mongering
> going on. If you read the comments someone (parplin) tries to
> straighten it out. The Wired author tries to prove the fear mongering
> claim with a quote from WWDC which he even admits doesn't support his
> claims. There's quite a bit of strawman argument in the article.
> > What does the encryption achieve?
> > It allows fast wipe by removing the key instead of having to wipe the
> entire device.
> > What does Apple say that it does?
> > They say it improves security by allowing a fast wipe and because
> backups are encrypted (by implication without the key, it remaining on
> the iPhone).
> > Can the protection be bypassed?
> > To give a proper answer you have to consider what is being protected.
> If I use a lock that is trivial to pick then if I lock something with
> it there is no significant increase in protection. If I lock my
> breakables in a wooden crate and someone shoots it up -- well, there
> was never any protection against that attack. I wouldn't say protection
> was bypassed or ineffective, I'd say there wasn't any protection
> against that attack.
> > With the iPhone 3GS it does NOT provide protection against someone
> with physical access imaging your phone. Should Apple provide such?
> IMO, yes, but that is not what they are claiming to provide.
> > Is Apple's protection better than the competition?
> > > From what I gather it isn't better or worse, it is different.
> Blackberry provides an automatic wipe when off network for too long.
> Apple doesn't, but if you issued a remote wipe and your iPhone connects
> at all (over the cell network, or over wireless) then it wipes.
> Blackberry doesn't offer a remote wipe over wireless, and the time for
> the remote wipe is very likely too long to have any impact. Apple
> provides GPS tracking which is handy for recovery. If you lost it
> rather than it being stolen it is conceivable that you will recover it
> before someone does a theft of opportunity. I don't believe Blackberry
> offers this.
> > Is Apple's protection sufficient?
> > That depends on your needs and risk analysis.
> >
> > How does Apple's encryption affect iPhone forensics?
> > Not at all. The same exact procedure as was used previously
> (jailbreak, use ssh to remotely access and image) still works. Note
> that whatever "security" you have on your iPhone is of no consequence -
> - someone who knows how to get a forensics image will not try and
> unlock it ten times and risk triggering a wipe. They would most likely
> keep the iPhone in a foil bag (which prevents remote wipe or GPS
> tracking). This is standard procedure in cellphone forensics.
> > Remember, security isn't a product. Security isn't a state. Security
> is a process.
> > Tim Doty
> > Systems Security Analyst
> > Missouri S&T
> >
> > > -----Original Message-----
> > > From: The EDUCAUSE Security Constituent Group Listserv
> > > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Carlson
> > > Sent: Thursday, July 23, 2009 6:37 PM
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > > Subject: Re: [SECURITY] Implications of Jail breaking ipod/iphones
> > >
> > > Just thought I would follow-up with this new article which appears
> to
> > > be the best analysis thus far of the 3GS encryption scheme:
> > >
> > > http://www.wired.com/gadgetlab/2009/07/iphone-encryption
> > >
> > > I think these quotes unfortunately sum it up:
> > >
> > > "I don't think any of us [developers] have ever seen encryption
> > > implemented so poorly before, which is why it's hard to describe why
> > > it's such a big threat to security.”"
> > >
> > > "If they're relying on Apple's security, then their application is
> > > going to be terribly insecure," he said. "Apple may be technically
> > > correct that [the iPhone 3GS] has an encryption piece in it, but
> it's
> > > entirely useless toward security."
> > >
> > > So basically, it sounds like if you lose your 3GS and have
> encryption
> > > enabled, your data can still be accessed (which is usually what you
> > > try to prevent with encryption).
> > >
> > > I had very much hoped that Apple would beef up it's security, but
> > > this article talks about why many of Apple's security features are
> > > still severely lacking.
> > >
> > > I know that those who want iPhones are going to use iPhones
> > > regardless of the security issues, but hopefully this will help
> > > administrators argue that it should be used for less and never used
> > > to store sensitive data.
> > >
> > > -Adam
> > >
> > > Russell Fulton wrote:
> > > > On 22/07/2009, at 12:41 PM, Russell Fulton wrote:
> > > >
> > > > > I have had several people ask me about this and I have tried
> > > googling
> > > > > around the area but most the stuff I have found consists of lists
> of
> > > > > dos and don'ts with little or no background info.
> > > > >
> > > > > The basic question is what are the security implications of jail
> > > > > breaking your iphone?
> > > > Thanks very much to all of you who took the time to share your
> > > thought
> > > > on this one.
> > > >
> > > > By and large you have confirmed what I had expected:
> > > >
> > > > 1/ Apple overstates the issue (of course).
> > > > 2/ the built in security model does provide some real and useful
> > > > protection.
> > > > 3/ a jail broken iphone in the hands of someone who is careful and
> > > know
> > > > what they are doing is not much different to a PC.
> > > > 4/ an incautious novice can very easily shoot them selves in the
> both
> > > > feet (hmm... that isnt much different to a PC either ;).
> > > >
> > > >
> > > > So I think my advice will be: don't jailbreak your phone unless:
> > > > a/ you have a really good reason to (i.e. it gets you something
> that
> > > out
> > > > weighs the increased risk)
> > > > b/ you know what you are doing and are both tech and security savy.
> > > >
> > > > Thanks again for all the wonderful input.
> > > >
> > > > Russell
> > > --
> > > Adam Carlson
> > > Chief Security Officer
> > > Information Technology
> > > Residential and Student Service Programs
> > > Tel: 510-643-0631
> > > Email: ajcarlson () berkeley edu
> > >
> > > "Most of the things worth doing in the world had been declared
> > > impossible before they were done." ~Louis D. Brandeis
>
> --
> Adam Carlson
> Chief Security Officer
> Information Technology
> Residential and Student Service Programs
> Tel: 510-643-0631
> Email: ajcarlson () berkeley edu
>
> "Most of the things worth doing in the world had been declared
> impossible before they were done." ~Louis D. Brandeis

Attachment: smime.p7s
Description: