The day I saw the Apple commercial depicting an individual entering their credit card number into an iPhone I cringed.
Of course I do the same thing every time I think about someone "typing" their numbers into a box on a website.
Last Friday ago in a post entitled: "In Two Weeks Your iPhone Will Be Hacked" I talked about the threats exposed at the Black Hat Conference in Las Vegas. Now I read that the iPhone 3GS is tantamount to writing your credit card number on a post it note and hanging it on your computer screen. (which is essentially the same thing as typing it into a box on a website...
All I can do is continue to repeat our mantra: "Don't Type...Swipe! (and remind you that you can't say I didn't didn't tell you so!)
(Excerpts Taken From ZDNET and Wired)
"Apple claims that hundreds of thousands of iPhones are being used by corporations and government agencies. What it won’t tell you is that the supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware. “It is kind of like storing all your secret messages right next tothe secret decoder ring,” said Jonathan Zdziarski, an iPhone developerand a hacker who teaches forensics courseson recovering data from iPhones. “I don’t think any of us [developers]have ever seen encryption implemented so poorly before, which is whyit’s hard to describe why it’s such a big threat to security.”
"The encryption functionality of the iPhone 3GS is so easy to crack that it is essentially "broken" when it comes to protecting sensitive personal data such as credit card numbers, according to a forensics expert and iPhone developer."
"I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security," Jonathan Zdziarski told Wired.
Zdziarski added that there are other weaknesses with the iPhone: Pressing the Home button, and even zooming in on a screen, automatically creates a screenshottemporarily stored in the iPhone’s memory, which can be accessed later.
And then there’s the keyboard cache: key strokes logged in a file onthe phone, which can contain information such as credit card numbers orconfidential messages typed in Safari. Cached keyboard text can berecovered from a device dating back a year or more, Zdziarski said.
Apple has been touting the encryption and other features to entice corporate users to the device. Nearly 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones per company, the company said on its financial results conference call on Tuesday."
