http://blog.wired.com/gadgets/2008/09/hacker-says-sec.html



By Brian X. Chen 

Gadget Lab

Wired.com

September 11, 2008



Your iPhone is watching you.



If you've got an iPhone, pretty much everything you have done on your 

handset has been temporarily stored as a screenshot that hackers or 

forensics experts could eventually recover, according to a renowned 

iPhone hacker who exposed the security flaw in a webcast Thursday.



While demonstrating how to break the iPhone's passcode lock in a 

webcast, iPhone hacker and data-forensics expert Jonathan Zdziarski 

explained that the popular handset snaps a screenshot of your most 

recent action -- regardless of whether it's sending a text message, 

e-mailing or browsing a web page -- in order to cache it. This is purely 

for aesthetic purposes: When an iPhone user taps the Home button, the 

window of the application you have open shrinks and disappears. In order 

to create that shrinking effect, the iPhone snaps a screenshot, 

Zdziarski said.



The phone presumably deletes the image after you close the application. 

But anyone who understands data is aware that in most cases, deletion 

does not permanently remove files from a storage device. Therefore, 

forensics experts have used this security flaw to successfully nab 

criminals who have been accused of rape, murder or drug deals, Zdziarski 

said.



"There's no way to prevent it," Zdziarski said during the webcast. "I'm 

kind of divided on it. I hope Apple fixes it because it's a significant 

privacy leak, but at the same time it's been useful for investigating 

criminals."



[...]





__________________________________________________      

Register now for HITBSecConf2008 - Malaysia! With 

a new triple-track conference featuring 4 keynote 

speakers and over 35 international experts, this 

is the largest network security event in Asia and 

the Middle East! 

http://conference.hackinthebox.org/hitbsecconf2008kl/



Received on Fri Sep 12 2008 - 00:04:15 PDT