In mid-June iPhone OS 3.0 was released after much anticipation. The release introduced some new security features as well as fixing some existing security-related issues on existing iPhones. One new security feature for all of us is actually in iTuncs on your Mac, which can now encrypt the backup iTunes keeps of your iPhone. As you can imagine, all the data in your iPhone is in that backup by design and sifting useful information out of the backup is a trivial operation widely documented on the Internet. Users of the new iPhone 3GS model can also encrypt data on the iPhone 3GS itself. I haven’t had the opportunity to examine this yet beyond looking around on an iPhone 3GS at a retailer on release day. I have looked at the file system of previous iPhone releases and, on these versions of the operating system, application data is stored in unencrypted, “plain text” form much like on your Mac. And, since we have no data encryption function, this situation remains so for 3.0-updated iPhone (2G), iPhone 3G and iPod touches. Right now very little information is available on how Apple is implementing the iPhone 3GS encryption and, until this is further detailed, few will bet the farm on the iPhone 3GS’s approach to protecting data. It’s hoped that over the longer term Apple will also improve how application data is stored on iPhones – and on the Mac -and doesn’t presume that the encryption “container” for this data will retain its integrity in the iPhone 3GS.
Wipeout. Another new security feature is that the hardware encryption touted in the iPhone 3GS also permits a quicker “remote wipe” of the sensitive data that litters your iPhone. Apparently it achieves this by notifying the phone that it should remove the encryption key used to encrypt the sensitive data on the phone. This leaves the encrypted data in place but it’s not meant to be of use without the key. Time will tell, as this presumption has also been made for other cryptographic implementations. The “remote wipe” feature of the iPhone and data-wiping triggered by failing a certain number of PIN authentication attempts has been supported for a while now in the iPhone. So this concept isn’t new. In previous models, however, a slower, more thorough, process erases all data on the iPhone block-by-block. A “belt and braces” approach would suggest doing the same on the iPhone 3GS. These new security features are part of Apple’s initiative to gain acceptance in larger enterprises for the iPhone. Any moves improving data protection are a welcome improvement of the device’s overall security. A lot of data you’re not aware of accumulates on your iPhone: Caches of keyboard-entered data, deleted mail and calendar data, browser history, etc. Test. Fix. Evaluate. (Repeat). Just like desktop or notebook form-factor Macs the iPhone requires fixes from time to time. Usually software fixes relate to reliability, performance and security. So another aspect of the iPhone 3.0 release is that it included a large number of security-related fixes. Nearly 50 fixes, in fact. For me this is where reading between the lines of a large security disclosure becomes a lot of geeky fun.
Popularity: 4%