The iPhone Home Button Is A Security Risk

Now that makes for an interesting opening. When a user taps the iPhone's home button it shrinks and disappears which is a nice looking effect. The problem is that the iPhone is taking a screenshot of the screen contents to create that effect, which means that it may spill information that it is not supposed to. The screenshot can be of anything including emails, sms, notes, contacts or websites.

The screenshots get deleted after the application is closed and most users would think that this is the end of the story but there is a twist according to security researcher Jonathan Zdziarski who was able to recover deleted screenshots that would show him exactly what a user was doing at a given time.

A screenshot is taken every time the home button is pressed, and while it gets deleted when the app is closed, file recovery software may be able to retrieve the deleted information.

This however is not the only privacy risk. Everything that gets at least temporarily stored in storage may be recoverable including keyboard and Safari cache, deleted emails and pictures.

Someone does need physical access to the device to recover data but it is possible. The main issue here comes to light when a phone is sold, given away to someone else, or stolen, as recovery of data may reveal information about the previous owner of the phone.

Will probably be only a matter of time before someone creates or edits a disk eraser so that it can wipe the unused space of the iPhone regularly to avoid this situation.

The security researcher noted furthermore that the iPhone's passcode protection can be bypassed by anyone with enough technical know-how to do so. While the method described requires the creation of a custom firmware for the iPhone, it is something that can be used over and over again once created on the same model.

Advertisement