iPhone ‘Screenshot’ Exploit Exposed
Author: Andrew Robinowitz | Posted under: NewsTags: exploit, flaw, hacking, iphone forensics, jonathan zdziarski, security, webcast
Tap your Mail icon. Open an email. Now go ahead and press the home button and note the transition of your email shrinking into your SpringBoard. Now tap your Mail icon again, and watch as the same email expands across your screen. Seems harmless enough, right?
Well not according to Jonathan Zdziarski, a popular iPhone hacker (aka NerveGas) and full-time research scientist, who held a webcast earlier today titled - iPhone Forensics 101: Bypassing the iPhone Passcode.
In the webcast, which we’ll post video of when it becomes available, Zdziarski described how the process we detailed above actually works on the iPhone. Simply put, screenshots. Lots and lots of screenshots.
Zdziarski detailed how your most recent actions — checking emails, sending text messages, surfing the net — are all snapped into photos on your iPhone. Once cached, the screenies are used for the expanding / shrinking images you see when launching / closing programs.
And that trail of pictures is what Zdziarski warned iPhone users about. “I’m kind of divided on it,” he said, “I hope Apple fixes it because it’s a significant privacy leak, but at the same time it’s been useful for investigating criminals.”
Though it did take him quite some time to circumvent the iPhone’s passcode (about an hour) in the webcast, it shows the fast and dirty truth about the handset — it hosts a wealth of information that, should it fall into the wrong hands, could be accessible and used for malicious ends.
So why does the iPhone take the screenshots in the first place?
Well, an article on Wired suggests it’s done “purely for aesthetic purposes,” showing off the shrinking transitions.
We think it has more to do with the user-experience involved with launching an iPhone program though. With its described caching system, users are immediately greeted by a screenshot of their most recently accessed content when opening an app. But note, it’s just a screenshot for a brief moment before the actual content is there to interact with again. The screenshot basically serves as a glorified “loading” page to distract you while the iPhone boots up and loads the ACTUAL application.
Zdziarski’s new book, iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets, drops tomorrow. His other work includes iPhone SDK Application Development, iPhone Open Application, and Ending Spam.
Ah, that explains why a photo of a web page I was viewing appeared in my Camera Roll.
wyatt on September 12th, 2008 at 6:56 am
That definately answers the problem with the device seeming slow to respond. Go to PHONE > CONTACTS > and try to click a contact… it seems to take forever to respond. Now, we know that we’re just clicking on a PIC and that’s why it’s not doing anything!
Bob on September 12th, 2008 at 8:09 am
@wyatt: If the picture showed up in your camera roll you might have inadvertently taken a user screenshot (you can take screenshots on the phone by pressing the home and the power buttons at the same time and releasing). The article above describes screenshots taken by the iPhone itself without your knowledge.
Nic Elder on September 12th, 2008 at 8:46 am
@Bob: Yes and no. It definitely takes a long time to load contacts for some reason, but the original iPhone 1.x.x had the same screen caching mechanism, and it did not have the contact lag that 2.0 software has, so I’m convinced there is still something wrong with the contacts application in general.
Nic Elder on September 12th, 2008 at 8:48 am
[...] latest news about iPhone security got you skerred? Want to beef up your iPhone security, give it a little extra [...]
New Firmware 2.1 Feature: Auto-Wipe All Data Upon Failed Passcodes on September 12th, 2008 at 11:47 am
[...] latest news about iPhone security got you skerred? Want to beef up your iPhone security, give it a little extra [...]
New Firmware 2.1 Feature: Auto-Wipe All Data Upon Failed Passcode Attempts — Best Mobile Phone Deal on September 12th, 2008 at 1:31 pm
[...] article we brought you earlier this month, iPhone ‘Screenshot’ Exploit Exposed, was based on an O’Reilly Webcast that is now available. So dim the lights, grab some [...]
iPhone Forensics 101: Bypassing the iPhone Passcode (Video) on September 22nd, 2008 at 10:49 am
[...] article we brought you earlier this month, iPhone ‘Screenshot’ Exploit Exposed, was based on an O’Reilly Webcast that is now available. So dim the lights, grab some [...]
iPhone Forensics 101: Bypassing the iPhone Passcode (Video) — Best Mobile Phone Deal on September 22nd, 2008 at 11:35 am