The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

What’s With The Encryption in the iPhone 3GS?


To the right, you can see the small blurb that exists on Apple’s website about the built-in encryption feature on the iPhone 3GS. Wanting to find out more, I of course tried searching Apple’s website. There’s not much about it other than it’s there.

I asked some iPhone developers about this feature. In short, there isn’t much to the feature. It is transparent, always happening, and not controllable by any APIs. It can’t be turned off, it can’t be turned on. It’s always happening, always there.

On one hand, I like the simplicity and transparency of the feature. I like that it is not possible to programatically affect the encryption in any way. However, it bothers me that there isn’t a lot of details about the encryption on the website. What kind of encryption is being done? How long is the encryption key? How often is the encryption key changed? What is being done to protect the encryption key from being read either programatically or by hardware hacking methods? Does the “remote wipe” function simply cause the encryption key to be forgotten, rending the device memory complete gibberish? Is the remote wipe function controllable from ActiveSync?

Answers to these kinds of questions would undoubtedly make it easier for the iPhone 3GS to be accepted into enterprise environments. They could know, with a fair degree of certainty, that these devices have secure, encrypted storage that isn’t subject to being decrypted and read in an authorized manner.

Reblog this post [with Zemanta]

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.