Blog article
See all stories ยป

iPhone and iTunes Security

I don't own an iPhone, the Blackberry Bold suits best the way i work on the move, however i have been looking into various aspects of the iPhone as a development platform. I am a little concerned about the security aspects of some of the practices that the iPhone employs, not from an OS perspective, but from the view on how it interops with itunes.

From what i understand the MAC/PC to which the iphone is paired via itunes retains a complete image of the iphone's firmware on its hard disk. it sounds to me that someone with appropriate skills could take that image and retrieive data from it, also perhaps replace an image with a version laced with a self made keylogger.....Thus instant security breach

In fact this feature is the way that you can 'jailbreak' or hack your iPhone with a 3rd party firmware image. I am fairly new to the iPhone and the way it operates, could someone with more experience perhaps comment on this aspect of the iPhones operation?

I feel this means that itunes should be coded with tighter security or pin protection given it provides a conduit to the heart of the iphone.

As long as you don't leave your iphone connected to itunes AND unattended for long periods, i suppose this possible security issue can't be used by potential hackers. However with all the sharing features on itunes now available, how long before itunes becomes the target of hackers? Intresting subject matter that i would like more information on, which does not seem to be readily available from Apple,

Any iphone advice or links readily accepted......

Comments: (2)

Brennan Carley
Brennan Carley - Proton Advisors - New York 18 March, 2010, 12:45Be the first to give this comment the thumbs up 0 likes

Yes, the iPhone gets synched to your computer and an image of your iPhone's database is stored on your computer.  So are copies of your calendar, your address book, etc..

 

So if your computer gets compromised, this information is available.

 

But if your computer gets compromised, ALL the data you store on it is available.

 

So the basic lesson is that you should secure your laptop/desktop machine properly.

 

But you already do that, right?

 

 

Anthony Cossey
Anthony Cossey - Fixnetix ltd - London 18 March, 2010, 15:54Be the first to give this comment the thumbs up 0 likes

Very true, i agree strongly with your commnets, in fact i go bit further with my workstation than most to protect my data, i have an encrypted data store in my home directory, so even if my linux workstation is compromised, my data is still safe. However as you know not many people go to these lengths. However of course the compromising of someones computer is not just for data theft, installation of malware/kelogging applications can get the information you do not generally have stored like your PIN or online banking credentials. Thanks for the comments on my post.