By Ondrej Krehel,
A forensic research firm recently . The team decrypted the encryption algorithm used on Apple’s iPhone iOS 4 operating system.
This means that sensitive user data—information about how, when and where the phone was used—can be lifted off the device or an iTunes copy of the phone’s backup. Previously such information was used by Apple and Apple alone.
The researchers at have said they’ll make “Phone Password Breaker” available to “established law enforcement, forensic and intelligence agencies as well as select government organizations” to make sure they don’t “fall into the wrong hands.” But we all know that if it can be done, it’s only a matter of time before the black hats figure out how to do it.
In one sense, this has all been a long time coming.
Apple has a corporate perception of doing things right, of creating solid user-friendly software, but that same reputation—and the company’s astounding success in the last few years—is spurring a kind of development of deconstruction.
Mac products have long had the reputation as more secure and safer than their PC brethren. They’ve suffered fewer hacker exploits and virus attacks. But as Steve Jobs slowly takes over the globe, good guys and bad guys alike are trying to figure how to storm Cupertino.
Much of that famous Mac security and stability, I believe, really came from the hacking community not taking Apple seriously. No banks or governments or other high-profile computer users stored data on Macs. They still don’t, but the sheer amount of consumer data attached to the millions of Apple products out there is drawing attention.
Now that they make the most popular handset on the planet, some industries are starting to turn toward OS X. And with iOS broken, we have to wonder about the rest of the Apple orchard. Is it the same algorithm and technical structure on the iPhone used in OS X? I’m not certain, but in time, I wager, we’ll all know for sure.
Ondrej Krehel, Chief Information Security Officer,
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.