[Shodan775]

So much for feeling safe when you lose an iPhone, even if it’s locked. German researchers were able to coax the password out of the Apple device in just six minutes.

In a new report and video, Jens Heider and Matthias Boll of the Fraunhofer Institute for Secure Information Technology show how to make speedy work of hacking the smartphone, which has posed little challenge in the past to users trying to bypass Apple’s security barriers.

For the password snatch to work, an attacker needs to hold the physical iPhone and must first jailbreak the device. But soon after, e-mail, Wi-Fi, corporate VPN and WLAN passwords are all at risk, the researchers said.

German researchers bypass iPhone password in six minutes | Technology | Los Angeles Times

[TheScionicMan]

Not surprised...

[Daniel Ratcliffe]

That's a kick in the nuts for iPhone-wielding corporations. Now can anyone tell me how long it took researchers to crack a BlackBerry please?

[Rootbrian]

LOL now i call that iCracked

Posted from my CrackBerry at wapforums.crackberry.com

[K Bear]

Not surprised at all by this news.

Posted from my CrackBerry at wapforums.crackberry.com

[i7guy]

While this is indeed distressing news, I can just predict someone will point out how a blackberry can be compromised if a malicious app is installed.

[Xopher]

Definitely a boon for corporations needing security to stay with BlackBerry. There isn't a way to get past with BlackBerry password without wiping the device, which makes corporate information much safer.

From what I have seen, some corporations have put IT policies on their BES BlackBerry devices to require passwords. They already have remote wipe capabilities via BES as well.

I wonder how that one bank feels about their switch to iPhone, now that it is known the devices can be so easily hacked.

[grahamf]

While this is indeed distressing news, I can just predict someone will point out how a blackberry can be compromised if a malicious app is installed.

1. you can't install an app when the phone is locked.
2. an app needs to be signed by RIM in order to install
3. your business will most likely restrict applications that can be installed.

[K Bear]

While this is indeed distressing news, I can just predict someone will point out how a blackberry can be compromised if a malicious app is installed.

The reality is that yes, this could happen on a Blackberry, Android, or WP7 device. The user must be aware of who is utilizing the device and what, if any security is on the device ie. security password, pattern locks.

[i7guy]

I just "happened " on this forum in looking up something else and wanted to share that a friend I have works at a high level for a world wide corporation... they have made the allowance to their employees to switch to iPhones...I'm just very surprised especially in the area of security...they were sold out on Blackberry as the "only" way to go.... I miss my BBM friend :-), no other IM is as good.

The good news is, if any of the employees ever forget their passwords, it will take about 6 minutes to recover.

[Entertainment72]

So who in the general public would actually 1. Go through all that trouble 2. Even know how to do all that based on that video. I'd say maybe .00000000009% of the population.

In other words most mobile phones are STILL safe.

[grahamf]

So who in the general public would actually 1. Go through all that trouble 2. Even know how to do all that based on that video. I'd say maybe .00000000009% of the population.

In other words most mobile phones are STILL safe.

maybe not the general public, but someone or a group that knows you have sensitive information on your iPhone and intend to profit from that information would find it very easy.

[Entertainment72]

maybe not the general public, but someone or a group that knows you have sensitive information on your iPhone and intend to profit from that information would find it very easy.

If I'm missing my phone and cannot locate it instantly I can just remote wipe in in .06 seconds if worse comes to worse.

[TheScionicMan]

Which further exemplifies the consumer vs. enterprise split that some people claim doesn't exist anymore.

[TheScionicMan]

If I'm missing my phone and cannot locate it instantly I can just remote wipe in in .06 seconds if worse comes to worse.

.06 seconds after you get to a computer and hope they haven't pulled the SIM...

[BluCheze]

It should be pointed out that having a BB password and data encryption enabled, there is no way the BB can be hacked. One will still need the password even after a full reset.

Posted from my CrackBerry at wapforums.crackberry.com

[BlackStormRising]

It should be pointed out that having a BB password and data encryption enabled, there is no way the BB can be hacked. One will still need the password even after a full reset.

Posted from my CrackBerry at wapforums.crackberry.com

It should also be pointed out that devices with this level of security are out of favour in many markets that corporations are increasingly moving in to (most recently India, U.A.E).

[SCrid2000]

It should also be pointed out that devices with this level of security are out of favour in many markets that corporations are increasingly moving in to (most recently India, U.A.E).

Unless I'm mistaken, that's where the grunt work goes (the jobs that cost $8 an hour in the US or $8 a month there), not the jobs that require security.
And if a job in India or the UAE does require security, there will be just as much corporate espionage there as there would be in NA or the UK.

Posted from my CrackBerry at wapforums.crackberry.com

[JRSCCivic98]

The big security hole here is that an iPhone does not prompt for the set password when entering DFU mode. Because of that, the Jailbreak and scripting process can continue, which is really what's happening here. Apple needs to find a way to code in some basic OS lockout or Wipe when entering DFU mode after a lockout passcode is set. What they need is a way to set a low level "BIOS like" passcode that the phone aska for when forced into DFU before the OS even starts. This shouldn't be too hard to code the OS to add a passcode lock to the Bootloader as well. Do that and it's problem fixed.

[JRSCCivic98]

It should be pointed out that having a BB password and data encryption enabled, there is no way the BB can be hacked. One will still need the password even after a full reset.

Posted from my CrackBerry at wapforums.crackberry.com

I think that it might be even more important to point out that if a user had the same low level tools that RIM techs have, a password protected BB is no safer than anything else either. The big issue is that no one has bothered to recode such a thing or steal those tools and reverse engineer them for public consumption. Remember, BB isn't cool enough to attract the really good hackers and code stealers.

Heck, how do you think the community got their hands on the capability to enter the Engineering Screen on BBs? An insider tool leaked and when RIM went above and beyond to rid the web of all known download sources of it, someone just reverse engineered and wrote a small web app to generate your code for enabling Engineering Screen. But alas, how quickly we forget the happenings of 2 years ago.

[TheScionicMan]

Yeah, they can't even stop the jailbreaking and you expect them to go deeper? Wake me up when they get Daylight Savings Time coded properly...

[TheScionicMan]

Remember, BB isn't cool enough to attract the really good hackers and code stealers.

Hackers don't look for cool, they look for value and that's RIM's core market. Even state-sponsored hackers had to concede to RIM to give their govt's some sort of access. RIM's market share has just started on the decline. You're going to act like they weren't the BIG target for the last few years? You don't want to admit that the best a hacker has done was to break into a backup file of a BB and you can't even take one of a password protected BB.

[JRSCCivic98]

Why would they want to truly stop Jailbreaking? It sells the platform and it also serves as a guide for what the public wants. iOS1 got Jailbroken app store before Apple came out with theirs. SIM unlocking via Jailbreak sold more devices to people not on AT&T and was a plus since Apple was a bit forced into the 5 year exclusivity contract that AT&T wanted.

[TheScionicMan]

Hello?? Did you watch the video that started this thread? If they could stop jailbreaking, they wouldn't have this kind of egg on their faces...

Jailbreaking gets you to the Man behind the curtain, instead of bowing to the Great and Powerful Oz...

[JRSCCivic98]

Hackers don't look for cool, they look for value and that's RIM's core market. Even state-sponsored hackers had to concede to RIM to give their govt's some sort of access. RIM's market share has just started on the decline. You're going to act like they weren't the BIG target for the last few years? You don't want to admit that the best a hacker has done was to break into a backup file of a BB and you can't even take one of a password protected BB.

If those crazy Chinese wanted into RIM's NOC, they'd be in it by now. Lol

Do you honestly believe RIM has some secret tight security guarding their network that our own FBI and NSA don't have? We all know those two have been entered by Asian sources in the near past. Face it, no one gives a isht about BB. I dread the day something bad happens to the RIM core network. Everyone in the world with a BB would be carrying a dumbphone with voice only capabilities. That wouldn't be a good thing for the immediate time. Can you imagine what impact that would have and how long it would take to roll out another platform to everyone if the infrastructure couldn't be returned to functioing form. I don't even want to think about it!