Bad news for anyone with an iPhone 3GS: even if you have the latest OS, even if you have a PIN number, even if it isn't jailbroken - it can be hacked by anyone using a computer running Ubuntu Lucid Lynx.
I wouldn't ordinarily reveal exactly how to hack an iPhone within a news story such as this, but what the heck, here's all the gory detail revealed, step by step.
- Step 1 - Take a powered down iPhone 3GS and connect it to your computer running a fully up to date version of Ubuntu Lucid Lynx.
- Step 2 - See Step 1.
Seriously, that really is all it takes according to security blogger Bernd Marienfeldt who reckons that the way Ubuntu Lucid Lynx handles the iPhone means that a ton of data is accessible, even if that iPhone is PIN protected and running the very latest version of the OS. How much data exactly? Well how about all your Google safe browsing databases, game content, music, photos and videos, voice recordings and so on for starters? The person gaining access in this way will leave no visible footprints to show the iPhone has been compromised, and will enjoy full read and write access during the hack.
About the only thing someone could not do is make phone calls without having your PIN number, but that's precious little comfort should your lost or stolen iPhone end up in the hands of someone with access to a Ubuntu machine.
According to Bernd "Apple could reproduce the as described serious issue and believes to understand why this can happen but cannot provide timing or further details on the release of a fix".
Nice.
