iPhone flaw lets Linux users in without PIN

A data protection vulnerability has been found in the latest version of the iPhone OS which bypasses the device's PIN protection.

A apir of researchers found that simply hooking a non-jailbroken iPhone 3Gs running the latest version of the firmware up to a PC running Ubuntu Lucid 10.04 will automount some of the device's folders.

Apparently, an attacker will have unfettered read/write access to your pictures, music, videos, voice recordings and Google browsing database... all without having to supply a PIN.

One of teh researchers Bernd Marienfeldt, writes: "This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it."

He continues: "The contents sample have been collected off a non-jail-broken iPhone 3GS (with latest iPhone OS installed, all apps fully up to date and immediately “PIN lock” (passcode, 4 digits) enabled, by simply connecting it powered off via USB to a Linux Lucid Lynx PC (10.04) and then switched back on – being automatically mounted with given insecurity and never been attached to the PC before."

Apple has been informed of the flaw but says it can't replicate it. Possible because no-one there knows how to run Ubuntu.