As many have noticed, Apple has released their new lineup of laptops, software, OSes, and iPhones. As I watched live coverage of the keynotes on Monday (thanks Gizmodo) – a few things caught my attention when they were speaking about the new iPhone 3G S.
The first thing that caught my eye was the mention of “hardware encryption.” Now, simply mentioning that a device supports hardware encryption can mean a lot of things, and Apple isn’t very clear about what they mean by this. Trying to do some further research didn’t help much either as I only ended up being further confused with all the different mentions of this “hardware encryption.” The official word from Apple is…

iPhone 3G S offers highly secure hardware encryption that enables instantaneous remote wipe. You can even encrypt your iTunes backups.

…according to that, it would sound like the remote wipe is dependent on the hardware encryption, which makes me believe that instead of actually wiping the data (as in a format), it would simply delete the private key – therefore making the data inaccessible. (Since iTunes stores a backup of all your iPhone data at every sync, securing this also seems important.)  This also assumes it’s using a strong form of encryption. I’ve also read in other posts…

…hardware encryption for Exchange users…

…as the listed feature. Does this mean it’s only available through Exchange, and at what level is it being used? Is it only securing your email? We know the iTunes songs and videos are already being encrypted on the device. Is this the same form of encryption they’re talking about?  We’ve asked an insider at Apple to help us out with some of these questions and are still awaiting a response.

All of this brings up major questions about the REAL security behind all these marketing terms. How much do companies actually care about security, and how much do they actually do to help protect their users? Is everything just a marketing ploy these days?

Users were upset about the lack of security in our last model of product X. Let’s add minor revisions and throw some good marketing verbiage in the features list and hope that fixes everything.

Is this how security is being treated? Apple isn’t the only company being vague about these types of issues; it rolls all across the board. They just happen to be the ones asking for the most attention at his current point in time.  Stay tuned as I hope to find and relay some answers to many of these questions as more details are revealed.

4 thoughts on “iPhone 3G S – Hardware Encryption?

  1. Larry says:

    http://www.iphoneinsecurity.com/

    July 14, 2009: Seven Deadly iPhone Sins: What Every Enterprise Should Know
    With buzzwords like, “hardware encryption” and “remote wipe”, many enterprises have been misled into believing that the iPhone 3G[s] is secure enough to store confidential correspondence or other information. Apple is no doubt pushing the enterprise market, but is the iPhone truly secure enough?

    While this subject truly warrants a complete white paper, take the following points into consideration. The following apply not only to the iPhone 3G[s], but also to earlier generation devices. Here are the top seven things every enterprise should know about the iPhone:

    1. The 3G[s] passcode and encrypted backup password can easily be bypassed in about 30 seconds. This allows an identity thief who gains physical access to the device (for only a short time) to not only access the 3G[s], but to sync an unencrypted copy of its data through iTunes, creating a copy of the owner’s contacts, correspondence, photos, and other valuable data. If it can be synced with iTunes, it can be stolen in a very short period of time.

    2. The 3G[s] promised hardware encryption, but this hardware encryption does not protect the information on the iPhone from an information thief. The operating system needs to automatically decrypt the iPhone’s disk in order to boot, allowing anyone with the right know-how to easily acquire all of the data – including deleted data – on the device, bypassing any encryption. In fact, the only useful benefit for hardware encryption thus far has been the ability to quickly format the device, discussed next.

    3. Remote wipe and “LocateMe” features can easily be disabled by simply removing the SIM card. Any semi-intelligent thief looking to steal information from your corporate handsets can easily shut these features down within seconds, armed with only a paper clip.

    4. If your device is stolen, not only is the iPhone’s live information exposed, but also all of the deleted information on the device. Because the iPhone has such a large storage capacity, it can take six months or more to cycle through deleted data. The hardware itself is designed to minimize writing to the same place on disk, leaving a wealth of deleted data for an information thief.

    5. The iPhone OS has a built-in keyboard “logger” which logs nearly everything you type into the device’s keyboard to auto-learn the owner’s typing habits. As a result, endless logs of data are being created containing information typed in by the user. Even fields with auto-correction turned off have been seen to have some of the data entered in them stored in this cache.

    6. Every time your employee pushes the home button, the iPhone snaps a screenshot of the last thing they were doing. This is done for most built-in applications such as Mail and Safari, and has been observed for many third party applications as well. A large collection of screenshots of “the last thing” your employee was looking at are being stored on the device, exposing screenshots of potentially confidential information to anyone with the right know-how.

    7. There is a wealth of information stored on the device that most users don’t even realize is there. Information about your last GPS positions, which wireless networks you’ve joined and where, your search unread voicemail, and much more. Anything that goes through the iPhone is indefinitely stored on the iPhone.

    Consider the risk to your enterprise should the confidential information on corporate iPhones be stolen. The iPhone is about the size of a small laptop disk drive, and is about as easy to copy information from should a thief steal or “borrow” it without your knowledge.

  2. w00t ! That’s Huge ! Thanks a lot cool share !

  3. Great write up. The iPhone is truly revolutionary and I don’t like being without it. This time last year I had jumped in a pool with my iPhone and it was dead. I had to wait 9 days before I was able to purchasea new one. The phone I had was a cheap go phone. I really love all the apps that can be downloaded to the iPhone. The best part about the iPhone to me is the ability to check emails on the fly. Thanks for the information.

Comments are closed.