Dev-Team Member ‘NerveGas’ Says 3GS Encryption Is Useless, Easy To Break

Jonathan Zdziarski is back, and now he says Apple’s encryption on the iPhone for business users is not as good as it should be, and could potentially put company data at risk. According to him, the encryption is so weak that it could be cracked in two minutes using nothing more than some easily available freeware.

“It is kind of like storing all your secret messages right next to the secret decoder ring,” said Jonathan Zdziarski, an iPhone developer and a hacker known for his work on recovering forensic information from iPhones. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”

The iPhone 3GS is the first device to officially feature encryption, but Zdziarski says sensitive information like credit card numbers and social security digits on a 3GS are just as easy to access as they were on the 3G and first generation iPhone.

The tools he uses? Simply Red Sn0w and Purple Ra1n, which he uses to install a custom kernel on the device, after which he can install an SSH client and port the raw disk image across SSH onto his computer.

[via Wired]

View the comments on the forum…