• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

iPhone Security Flaw – Using a PIN Won’t Protect Your Data

June 1, 2010

Views: 13,661

[ad]

Now it wasn’t long ago when the first malicious iPhone worm appeared in the wild and well generally since the boom of the device people have looking at the security measures.

Huge sales are made to corporates touting the security, privacy and encryption features of the iPhone OS. The latest discovery is that using a PIN on your iPhone 3GS really doesn’t protect you from anything as long as the person has physical access to your phone.

But then the same thing goes for desktop/laptop computers too, if someone has physical access you’re done for.

Using a four-digit PIN to lock your iPhone doesn’t really protect your data, security and IT blogger Bernd Marienfeldt has discovered. In an article describing the iPhone’s business security framework, Marienfeldt has found a “data protection vulnerability” in Apple’s iPhone 3GS.

Marienfeldt, working with security expert Jim Herbeck, has been able to reproduce the vulnerability on at least three non jail-broken iPhone 3GS handsets with different iPhone OS versions installed (including the latest). All tested iPhones were protected with a four-digit PIN.

In Marienfeldt’s own words:

“The unprotected iPhone 3GS mounting is “limited” to the DCIM folder under Ubuntu < 10.04 LTS, Apple Macintosh, Windows 2000 SP2 and Windows 7. The way Ubuntu Lucid Lynx handles the iPhone 3GS [6,7,8] allows to get more content (please do make sure that the native Ubuntu system is fully up to date, e.g. "apt-get update, "apt-get upgrade" - any virtualization based solution will not work as described). I used the Alternate CD with x86 and AMD64 on different hardware."

I guess with phones/embedded system we expected the user data to a little more secure and well we guessed wrongly. With a total of 33.75 million iPhones sold up to Q4 2009 that’s a staggering amount of vulnerable devices out there.

Another issue is Apple haven’t as yet worked out what the problem is, they’ve given some vague mentions of “race conditions” or “a pairing issues” but haven’t been able to reproduce it so far.

Other people have had varying success in exploiting the flaw, it seems to depend on the actual iPhone itself rather than anything else.

Basically, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user’s data–including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The “hacker” has read/write access to the iPhone, and the hack leaves no trace.

According to Marienfeldt, “The allowed write access could also lead into triggering a buffer overflow.” A buffer overflow could allow full write access, and full write access could potentially lead to the attacker being able to make phone calls (as far as we know, the attacker can access all of your data but they can’t make any phone calls…how reassuring).

Marienfeldt points out that this is especially an issue for corporate/business users, who “rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it.”

Apple has been notified of the flaw, but has yet to correct it (or give a timeline for the correction).

I hope Apple can address this phone and give a proper breakdown and explanation of why this happens, there must be some technical explanation for it and why it occurs in their so called ‘secure’ implementation.

You can read the original blog post here:

iPhone business security framework

Source: Network World

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Apple, Exploits/Vulnerabilities, Privacy Tagged With: apple iphone, data protection, hacking iphone, iphone, iphone security, race condition



Reader Interactions

Comments

  1. droope says

    June 1, 2010 at 4:10 pm

    Woah. I, for one am sincerely happy that I didn’t code the Iphone security. :)

    • fixer says

      June 2, 2010 at 1:58 pm

      who gives a flying fuck about hacking the iphone, besides maybe a whitehat cunt who uses apple equipment, kill yourself.

      • joe says

        June 17, 2010 at 5:47 pm

        You’re rather stupid, insecure and childish, aren’t you?

        • fixer says

          July 8, 2010 at 10:30 pm

          Bah, the dude who runs this site is a pinhead, with a bunch of sorry ass whitehat douchebags riding his coat tails, kill yourself pl0x

  2. Sugakushuto says

    June 3, 2010 at 2:57 pm

    bwa ha ha ha, don’t hate. I love it when the apple community gets a hole in its smug cloud. However, I am wondering if the access is part of something greater, as in, intentional……

    It would not surprise me if it was intentional. The so called “geniuses” that are overpaid to help stupid apple users would need some way of resetting the “forgotten pin” protected phones. wtg apple.

    Or it may be that certain organizations had apple leave them a back door to collect information if needed.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 324

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 621

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 568

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 606

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 460

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 689

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,298,057)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,105)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,640)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,691)
  • Password List Download Best Word List – Most Common Passwords (933,528)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,171)
  • Hack Tools/Exploits (673,301)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,185)

Search

Recent Posts

  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy