With the iPhone 3GS, I was quite impressed with the hardware based AES-256 engine, encrypting and decrypting data on the fly, with negligible performance impact for end-users. Call it tech lust.
However, the devil is in the detail, and as Jonathan Zdziarski demonstrates to Wired, the new iPhone 3GS suffers from serious security problems. Watch the videos! In a nutshell, if a thief or attacker has physical access to your iPhone and they have rudimentary knowledge of many hacking tools floating around on the Internet:
- The passcode lock can be removed
- All user data can be extracted and decrypted in about 45 mins
If you have important data or sensitive photos on your iPhone, encrypt them with an app like CameraSafe. Even if you lose your phone and the attacker decrypts the user data partition and gets their hands on your encrypted photos, they won’t be able to decrypt the photos unless they know the secret password(s) you use with CameraSafe.