Locked iPhone 4 gives up passwords

Insecurity researchers have discovered that Apple's iPhone 4 will give up its password secrets even if it has been locked using a passcode.

Fraunhofer researchers Jens Heider and Matthias Bol have been able to use a modified jailbreak to bypass the home-screen passcode lock on an iPhone 4 running the latest iOS 4.2.1, by gaining access to the file system and installing an SSH server which launches on boot.

We're guessing the researchers used the Chronic Dev Team's recently released Greenp0ison exploit, as it is the first untethered jailbreak which doesn't require reactivation each time the device is power cycled.

The H Security reports that Apple's encryption is pretty much useless because the system automatically decrypts all files that do not use additional security.

Because attackers will need physical access to the handset in order to use the exploit, it's not a worry for most users - but it should be a cause for concern to anyone who has lost or had their iPhone 4 stolen.

Apple does provide the ability to remotely wipe a lost or stolen iPhone, but it has to be switched on in order to work, and most thieves tend not to walk around with active phones in their pockets.

The researchers managed to get at the passwords stored in the phone's Keychain application using a home-made App which "served up the passwords on a silver platter."

Additional security added to the latest version of iOS meant that not all of the iPhone's secrets were exposed, with Apple's own Mail App and Safari notably refusing to spill the beans.