Peace of Mind... Guaranteed!


Call For A Free Assessment: (949) 709-2233

iPhone data accessible even with PIN code enabled

May 28, 2010

A security researcher named Bernd Marienfeldt last week discovered that iPhone user data is accessible even if the PIN code is enabled. He was able to access photos, music, videos, podcasts, and some device databases without having to input the PIN to unlock the device first.  The exploit allows both read and write privileges and there is no record of the unauthorized access.

We were able to replicate the same results with a PIN protected iPhone 3GS which had the latest firmware from Apple. While this was already possible with Windows 7, hackers were limited to just photos.

Widespread use of this exploit is unlikely to happen because it requires several components to accomplish the task:

  1. The Ubuntu Linux operating system must be downloaded, burned to CD, and installed on a compatible system
  2. The hacker must physically be in possession of the iPhone as it has to be plugged into the computer
  3. The hacker must perform a specific task in order for the data to be accessible.  Simply plugging the iPhone into the computer will not reveal the data.

Apple was first notified of the situation on May 27 and will likely correct the issue in the next few weeks by way of a firmware update to the iPhone.


Leave a Comment

{ 1 trackback }

Previous post:

Next post: