The iPhone Home Button Is A Security Risk - gHacks Tech News

The iPhone Home Button Is A Security Risk

Now that makes for an interesting opening. When a user taps the iPhone's home button it shrinks and disappears which is a nice looking effect. The problem is that the iPhone is taking a screenshot of the screen contents to create that effect, which means that it may spill information that it is not supposed to. The screenshot can be of anything including emails, sms, notes, contacts or websites.

The screenshots get deleted after the application is closed and most users would think that this is the end of the story but there is a twist according to security researcher Jonathan Zdziarski who was able to recover deleted screenshots that would show him exactly what a user was doing at a given time.

A screenshot is taken every time the home button is pressed, and while it gets deleted when the app is closed, file recovery software may be able to retrieve the deleted information.

This however is not the only privacy risk. Everything that gets at least temporarily stored in storage may be recoverable including keyboard and Safari cache, deleted emails and pictures.

Someone does need physical access to the device to recover data but it is possible. The main issue here comes to light when a phone is sold, given away to someone else, or stolen, as recovery of data may reveal information about the previous owner of the phone.

Will probably be only a matter of time before someone creates or edits a disk eraser so that it can wipe the unused space of the iPhone regularly to avoid this situation.

The security researcher noted furthermore that the iPhone's passcode protection can be bypassed by anyone with enough technical know-how to do so. While the method described requires the creation of a custom firmware for the iPhone, it is something that can be used over and over again once created on the same model.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. darkkosmos said on September 13, 2008 at 9:56 am
      Reply

      One last thing left – Smash the Iphone or grill the harddrive.

    2. Rarst said on September 13, 2008 at 10:02 am
      Reply

      Any mobile phone is security risk. iPhone is only getting more press because it’s iPhone. *yawns*

    Leave a Reply