Seven Deadly iPhone Sins: What Every Enterprise Should Know

With buzzwords like, “hardware encryption” and “remote wipe”, many enterprises have been misled into believing that the iPhone 3G[s] is secure enough to store confidential correspondence or other information. Apple is no doubt pushing the enterprise market, but is the iPhone truly secure enough?

While this subject truly warrants a complete white paper, take the following points into consideration. The following apply not only to the iPhone 3G[s], but also to earlier generation devices. Here are the top seven things every enterprise should know about the iPhone:


1. The 3G[s] passcode and encrypted backup password can easily be bypassed in about 30 seconds. This allows an identity thief who gains physical access to the device (for only a short time) to not only access the 3G[s], but to sync an unencrypted copy of its data through iTunes, creating a copy of the owner’s contacts, correspondence, photos, and other valuable data. If it can be synced with iTunes, it can be stolen in a very short period of time.

2. The 3G[s] promised hardware encryption, but this hardware encryption does not protect the information on the iPhone from an information thief. The operating system needs to automatically decrypt the iPhone’s disk in order to boot, allowing anyone with the right know-how to easily acquire all of the data – including deleted data – on the device, bypassing any encryption. In fact, the only useful benefit for hardware encryption thus far has been the ability to quickly format the device, discussed next.

3. Remote wipe and “LocateMe” features can easily be disabled by simply removing the SIM card. Any semi-intelligent thief looking to steal information from your corporate handsets can easily shut these features down within seconds, armed with only a paper clip.

4. If your device is stolen, not only is the iPhone’s live information exposed, but also all of the deleted information on the device. Because the iPhone has such a large storage capacity, it can take six months or more to cycle through deleted data. The hardware itself is designed to minimize writing to the same place on disk, leaving a wealth of deleted data for an information thief.

5. The iPhone OS has a built-in keyboard “logger” which logs nearly everything you type into the device’s keyboard to auto-learn the owner’s typing habits. As a result, endless logs of data are being created containing information typed in by the user. Even fields with auto-correction turned off have been seen to have some of the data entered in them stored in this cache.

6. Every time your employee pushes the home button, the iPhone snaps a screenshot of the last thing they were doing. This is done for most built-in applications such as Mail and Safari, and has been observed for many third party applications as well. A large collection of screenshots of “the last thing” your employee was looking at are being stored on the device, exposing screenshots of potentially confidential information to anyone with the right know-how.

7. There is a wealth of information stored on the device that most users don’t even realize is there. Information about your last GPS positions, which wireless networks you’ve joined and where, your search unread voicemail, and much more. Anything that goes through the iPhone is indefinitely stored on the iPhone.

Consider the risk to your enterprise should the confidential information on corporate iPhones be stolen. The iPhone is about the size of a small laptop disk drive, and is about as easy to copy information from should a thief steal or “borrow” it without your knowledge.

About Jonathan Zdziarski

Respected in his community as an iOS forensics expert, Jonathan is a noted security researcher, penetration tester, and scientist. Author of many books ranging from machine learning to iPhone hacking and software development, Jonathan frequently trains many federal and state law enforcement agencies in digital forensic techniques and assists law enforcement and the military in high profile cases. Jonathan is also inventor on several US patent applications, father of DSPAM and other language classification technology, and an App Store developer. All opinions expressed on this website are the author's own. Follow Jonathan on Twitter: @JZdziarski
This entry was posted in Forensics, iPhone. Bookmark the permalink.

Leave a Reply