Tuesday, September 16, 2008

Your iPhone is taking screenshots of everything you do.

From Wired comes a disturbing article.

If you've got an iPhone, pretty much everything you have done on your handset has been temporarily stored as a screenshot that hackers or forensics experts could eventually recover, according to a renowned iPhone hacker who exposed the security flaw in a webcast Thursday.

While demonstrating how to break the iPhone's passcode lock in a webcast, iPhone hacker and data-forensics expert Jonathan Zdziarski explained that the popular handset snaps a screenshot of your most recent action -- regardless of whether it's sending a text message, e-mailing or browsing a web page -- in order to cache it. This is purely for aesthetic purposes: When an iPhone user taps the Home button, the window of the application you have open shrinks and disappears. In order to create that shrinking effect, the iPhone snaps a screenshot, Zdziarski said.

The phone presumably deletes the image after you close the application. But anyone who understands data is aware that in most cases, deletion does not permanently remove files from a storage device. Therefore, forensics experts have used this security flaw to gather evidence against criminals convicted of rape, murder or drug deals, Zdziarski said.

...

Other methods include taking data from the iPhone's keyboard cache, Safari cache, Google Maps lookups and so on. Experts and hackers can also recover deleted photos or e-mails from months ago.


Good for me I've got nothing to hide, but this is pretty scary! They need to fix this before iPhone can be taken seriously in the enterprise.

0 comments: