Security consultants at Germany’s state-sponsored research institute Fraunhofer SIT recently released this statement:
“Within six minutes the institute’s staff were able to render void the iPhone’s encryption and decipher the passwords stored on it. If the iPhone is used for business purposes then the company’s network security may be at risk as well. Only companies prepared for such an attack will be able to reduce their risk”
This security flaw, originally reported by Australia’s Herald Sun, can compromise iPads (and iPhones) even if users have enabled ’screen lock’ and even on devices with the latest version of iOS installed. According to the security researchers this particular attack aims squarely at Apple’s ”keychain” password management system which is designed to scramble passwords and login information on iOS devices.
In cases where owners have lost physical control of their iPad and an attacker has access to it, a quick ‘jailbreaking’ is all that stands between the hacker and a multitude of passwords including GMail and even your corporate network credentials.
What’s really important about this finding is that the security researchers did not need to break the 256 bit encryption to retrieve to the passwords stored in the device’s keychain. Ooops!
There are many mobile device management (MDM) systems that are designed to shore up security defenses and device management. MobileIron recently received the highest review in a white paper review by Price Waterhouse Coopers. MDM, a growing science for mobile-enabled enterprises, provides remote wipe and other security mechanisms that can thwart attacks. However, as hackers shorten the time it takes to access sensitive information, the arms race will continue. Once a hacker has successfully jailbroken a device, the odds that an MDM system can defend the device drop significantly.
Here’s a great story about how one IT group has set a course to deal with iPad management and security in a hospital environment.
Bill French on iPhoneCTO
[...] This post was mentioned on Twitter by Bill French, Evernote News, Visibility News, Velocity Solutions, Bill French and others. Bill French said: FIXED LINK: RT @iPadCTO iPad Hacking Likely To Increase, IT Groups Prepare for the Worst http://ht.ly/3Wh6I [...]
Did they have physical access to the machine in question? No system is safe, once a knowledgable person has physical access. Please mention the type of access in future articles, or you’re just spreading tripe.
Yes, the article and the research mentions this, and furthermore, I mentioned that the issue is the speed at which physical control races ahead of the ability of MDM systems to achieve a wipe.
Did they really do it in 6 minutes or how much did they spend looking for the flaw before attempting the hack.
“Within six minutes the institute’s staff were able to render void the iPhone’s encryption and decipher the passwords stored on it. If the iPhone is used for business purposes then the company’s network security may be at risk as well. Only companies prepared for such an attack will be able to reduce their risk”
No, Sir, physical access is mentioned nowhere above. You did, however mention the jailbreak possibility when physical access is obtained.