You're viewing an article in iPO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site: Apple iPhone Takes its Own Screen Shots, Possible Security Issue

News

Apple iPhone Takes its Own Screen Shots, Possible Security Issue

Friday, September 12th, 2008 at 4:10 PM - by

iPhone forensic expert Jonathan Zdziarski has revealed that the iPhone takes its own screen shots as an internal programming aid, but the data could also be used by someone who comes into possession of the iPhone to view information the owner thought was deleted.

Apparently, there is no malicious intent on the part of Apple, and the shots are used to enable, for example, the home screen shrinking effect, according to tgdaily on Friday

As an iPhone forensic expert, Mr. Zdziarski noted that someone with sufficient technical knowledge could exploit that data. However, he's divided on the issue. Sometimes, experts are asked to assist with a crime, and that data along with other cached files, could come in handy when assisting police investigations.

As with a Mac, someone who is determined enough can break through security protections on the iPhone, he noted. "This flaw can only be exploited by somebody with physical access to a device, but your phone could get into the hands of someone with more malicious intent," he said. "Obviously, you don't want to trust any of your data to a passcode."

5 comments from the community.

You can post your own below.

+ show options

Your current settings, click to change: Sort Oldest First, Show Guest Posts, Hide Community Stats

dkiechle said:

member since 05 Jan 2005 with 6 posts, unranked, send him a message or view his profile

Fri Sep 12, 2008 5:53 pm

Of course, I should have thought of that! The access code for Fort Knox that I keep in my iPhone might fall into the wrong hands if I lose the device. By the same token, I just realized that my house presents a tremendous security risk: anyone could enter and go through my file cabinet. Of course, they would have to get physical access to my keys, but after all, these could fall into the hand of someone with malicious intent. These so-called security experts and paranoia generators are really getting out of hand; with every new one of these BS reports, my malicious intent to do bodily harm gets a little bit stronger... I hope I don't get physical access to this clown any time soon!

Quote this post ↓

jbruni said:

member since 14 Jul 2006 with 105 posts, unranked, send him a message or view his profile

Fri Sep 12, 2008 5:58 pm

It's FUD spreaders like this that give security professionals a bad name.

Quote this post ↓

randompro42 said:

member since 25 Sep 2003 with 236 posts, unranked, send him a message or view his profile

Fri Sep 12, 2008 9:21 pm

felch

iPhone forensic expert simply means he knows his way around FTK imager and either EnCase or FTK 1.8/2.0 and can plug the iPhone into his computer

not quite fud, but if anyone has physical access to anything, the security is compromised

TRO

Quote this post ↓

Mikuro said:

member since 15 Jun 2002 with 457 posts, unranked, send him a message or view his profile

Fri Sep 12, 2008 9:51 pm

You're missing the point. Yes, access = access. But it is not possible to access data that does not and never has existed. The point is that nobody would have expected this data to exist in the first place. The fact that it does, and that it's outside the control of the user, is news.

Quote this post ↓

geoduck said:

member since 30 Dec 2003 with 1922 posts, unranked, send him a message or view his profile

Mon Sep 15, 2008 8:03 am

This issue is no different than if someone has physical access to your computer and, with 'sufficient technical knowledge' can recover files you thought you'd deleted. I do not know but I wouldn't be surprised if desktop OS-X uses a similar method for the Geneii effect. Why is it suddenly a risk on the iPhone? dkiechle is correct in calling these 'security experts' Paranoia Generators. Unfortunately they cry 'wolf' too often to be believable when a real threat appears.

Quote this post ↓

Post Your Comments

  Remember Me

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.


Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.