> The trick is to install an alternative kernel (operating system) on > the device and then copy the data off. I don't know that there is any > computer that can't be defeated this way.
That's not the point. The point was to demonstrate how easy it is to hack a device that someone drags with them everywhere. The article also illustrated how any app in the App store could be perverted once it was approved for use. > For years we've cracked > Windows passwords by mounting the drive with a Linux kernel. The Mac > OS DVD includes a utility to reset passwords. This is not news. Very true. But his point is how pathetic the encryption is on the iPhone. He was able to do it so quickly, it could be done while you go to the bathroom at a restaurant and leave your iPhone behind. I can easily envision a corporate/guvmint espionage scenario involving switching out iPhones for the purpose on stealing sensitive information. I expect to see this demonstrated on "Burn Notice" soon. > If > you have lost physical control of your computer you have lost the > data too. I guess this will be news to boneheaded IT directors, but > should not be news to anyone on this List. I'm guessing that the article was intended for an audience a little bigger than this list. Feeling a such swagger in your ego so that your world is defined by this list? Is this 1995-AOL-envy? Maybe, just maybe, it was intended for the gibbering fanbois who insist on using a consumer-level product as an enterprise device. I recall many posts and articles by boneheaded IT directors who were concerned early on about the iPhone's lax security and how they were shut down by the gibbering fanboi CEO and/or pressure from fanboi staff who insisted on bringing them into the enterprise. My Blackberry has 256-bit AES encryption and can wipe itself when disconnected from the server for too long, as when a simple thief swipes it for resale later. I haven't read anything about how easily p0wned they are either. There are many, many options for centrally managing and securing Blackberries that iPhones simply don't have. A BB can be config'ed to wipe after x number of bad passwords attempts. > iPhones can be remotely told to wipe their drives. That is probably > your best defense. Something easily defeated by removing the SIM card. Are you sure you read the article? ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
