iPhone raises Privacy concerns: it records screenshots every time you hit the home button

iPhone hacker, author, and data forensics expert Jonathan Zdziarski, aka. “NerveGas”, revealed a major privacy issue with the iPhone on a webcast yesterday. He disclosed that every time a user pushes the Home button on the iPhone it takes a screenshot of whatever you are doing at that moment. This is done so that Apple can create that cool, page disappearing animation they have. The problem is that these screenshots are saved and can be recovered using basic iPhone forensic techniques like the ones that Zdziarski writes about in his new book. When you couple the screenshot disclosure with the other focus of his webcast, a demo of how to bypass the iPhone’s passcode lock feature, things get pretty serious. According to Zdziarski, “A custom firmware "passcode cracker" bundle has to be built before someone can break your passcode.” The initial build takes about 15-20 minutes. However, once that is built it only takes about 60 seconds to crack an iPhone of any version. For example, what if you hit the Home button while browsing your e-banking site? You know the page with all of your account info, balances, etc on it. How about if you were VPN’d into your corporate net and were browsing to confidential, internal only websites when you hit the Home button. Now bad guy steals your iPhone, quickly cracks your passcode, and then recovers a boat load of your previously saved screenshots. Not good! According to Zdziarski, Law Enforcement has known, and taken advantage, of the fact that the iPhone tends to keep a bunch of data hidden and cached. Things like deleted email, screenshots, text messages, pics, etc. can all be recovered using iPhone forensics techniques and used as evidence to convict criminals. His webcast will soon be posted here for your viewing pleasure http://www.oreillynet.com/pub/e/1093 Zdziarski’s website can be found here http://www.zdziarski.com/ So fellow iPhone users, does this news disturb you as much as it does me?

The opinions and information presented here are my personal views and not those of my employer.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)