Data Encryption, 3.1/3GS

Apple’s decision to add data encryption with the iPhone 3GS was a nod to enterprise customers who wanted to offer iPhones to their employees, but were wary of the lack of security features compared with competing platforms like RIM’s Blackberry. Still, when they finally got around to it – with the release of the 3GS in 2009 – the company quickly found itself in hot water. Apple’s implementation of encryption, though perhaps successful in assuaging the concerns of corporate CIOs, was roundly panned by security experts. Jonathan Zdziarski, an independent security researcher who now works for the firm ViaForensics likened the encryption scheme to “storing all your secret messages right next to the secret decoder ring.”  Zdziarski showed how an attacker who had possession of a lost or stolen iPhone could circumvent the device’s security features using popular jailbreaking tools, download a copy of the iPhone’s disk and then use common cracking tools to bypass the encryption and begin extracting unencypted data from the device. Updating the data encryption features of the iPhone is felt, by many security experts, to be a top priority for the latest iPhone update, Version 5.