The iPhone has evolved from a casual smart phone into one with the potential to serve businesses across the globe. Its latest iteration, the iPhone 3GS, comes packaged with an encryption feature supposedly perfect for sensitive information stored on the device.
But information has surfaced that the iPhone 3GS can be hacked in two minutes with readily available freeware. Is the business world ready to ditch the tried-and-true Blackberry in favor of Apple’s offering?
Jonathan Zdziarski—iPhone developer and hacker extraordinaire—showed Wired how easy it is to tear the 3GS apart and expose data. “Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it's entirely useless toward security,” Zdziarski said. He added that the iPhone 3GS is about as secure as the iPhone 3G and the first-generation iPhone, the latter two having no encryption features whatsoever.
Zdziarski’s demonstration bypassed the encryption process in two minutes. As he extracted data from the phone, the iPhone itself began to decrypt everything being pulled, almost as if it wanted to be stripped bare. Hacking is done easily with available jailbreaking tools such as Red Sn0w and Purple Ra1n. Once that process is completed, hackers can then install the Secure Shell client to yank data and plop it onto a computer’s hard drive.
Despite these facts, businesses have already begun adopting the iPhone as a productivity tool. But according to a study conducted by Vanson Bourne, IT decision makers are wary of the iPhone. Only 29 percent believed their departments were prepared to use the iPhone as a business tool, and 64 percent have not implemented steps to protect against threats targeted at the iPhone. The reason was that they aren’t used widely enough in businesses to warrant such measures.
Apple should beef up its encryption code immediately. Corporations who are already using the iPhone deserve this update so potential data theft can be avoided. Businesses who haven’t yet decided whether to choose the Blackberry or the iPhone should take this information under advisement.
This story, "iPhone security: Not beefy enough for businesses?" was originally published by PCWorld.