Apple's iPhone 3GS encryption cracked in under 2 minutes

Hacker says its data scrambling is "entirely useless"

The iPhone 3GS has a newly minted hardware encryption capability. That's the good news.

The bad news is: it can be hacked in less than 2 minutes with commonly available freeware, according to PC World, picking up on a story originally broken by Wired.com. 

The ease with which the hack can be performed raises new questions, at least for some, about how suitable even the newest iPhone is for enterprise deployments accustomed to the policy-driven management and security with the RIM BlackBerry and Microsoft Windows Mobile platforms. InfoWorld’s Doug Dineley recently did a very thorough assessment of the new security elements in iPhone OS 3.0, and concluded that the improvements, though welcome, still are far short of what many if not most enterprises require.

An excerpt from PC World story on the decryption: Jonathan Zdziarski -- iPhone developer and hacker extraordinaire -- showed Wired how easy it is to tear the 3GS apart and expose data. "Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it's entirely useless toward security," Zdziarski said. He added that the iPhone 3GS is about as secure as the iPhone 3G and the first-generation iPhone, the latter two having no encryption features whatsoever.

Zdziarski did more than assert: with the Wired story, there’s a video of one of his iPhone decryption exploits.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.