OS X

Backup OS X 10.7 Lion Installation to DVD

Apple OS X Lion is available through the App Store since 20 th July 2011. With a download of about 4 Gig it does make sense to get hold of an installation DVD for Lion.

Here is how you can create one:

  • Download OS X Lion through the App Store.
  • Once the download is finished do not immediately install it. (If you already done so you can re-download the “Install Mac OS X Lion.app”  by holding the option key (alt) and clicking on the purchased Lion Icon under Purchased). [1]
  • In your Application folder and or Dock you will see the “Install Mac OS X Lion” application.
  • Right Click on the Lion symbol -> Options -> Show in Finder.
  • Burn the DVD (no Dual Layer required) of the image “InstallESD.dmg” which is under SharedSupport.
  • The DVD allows you to:

* Restore From Time Machine Backup – You have a backup of your system that you want to restore.

* Reinstall Mac OS X – Set up and Install a new copy of Lion.

* Get Help Online – Browse the Apple Support website to find help for your Mac.

* Disk Utility – Repair or erase a disk using Disk Utility.

Utilities allow you to manage:

* Firmware Password Utility

* Network Utility

* Terminal

Please Note possible installation problems:

Update 27072011: If you experienced problems during Lion installation and did erase your install media you might get the error “There was a problem installing Mac OS X”. This is caused by parts of the broken installation are kept in the parameter random access memory (PRAM) and nonvolatile RAM (NVRAM). To reset Mac PRAM, see: http://support.apple.com/kb/ht1379

[ 1 ] Apple Support Communities:

https://discussions.apple.com/thread/3191518?start=0&tstart=0

[ 2 ] Erasing Mac Parameter random access memory (PRAM)

http://support.apple.com/kb/ht1379

Cryptography, Encryption, OS X

Apple OS X 10.7 Lion upgrade with PGP Desktop encryption

During the past few months rumors [1] about Apples final release date for OS X 10.7, aka Lion [2] have been going on. One of the latest estimation of arrivals was referring to July 14 th 2011. Time to get your gear together so once the OS is available you can move on as painless as possible.  Normally you would not care much about preparation but recent upgrades in combination with PGP’s whole Disk encryption (WDE) [3], now owned by Symantec, scared Apple’s Pantherinae family a hell out of the Master Boot Record (MBR) [4]. People also looking forward to use Lion’s new built in WDE solution but to get there they have to migrate  somehow without pitfalling into the MBR chopping down.

This migration might become challenging for enterprise deployments when people are using different versions of PGP Desktop full disk encryption (WDE). Key requirements for a successful update/migration consist of, which solution is actually the most secure one (confidentiality), the best process (manageability) in conjunction with the amount of time (achievability) spent.

Facts to be considered for discussing possible solutions:

  • Mac OS X Lion 10.7 pre- requires an up to date OS X Snow Leopard [5] 10.6.8:

Best recommendation for OS X updates in general is to keep the system most up to date before applying a newer version. Before applying OS X 10.7  you are also advised to update to OS X 10.6.8. From the changelog [6] of OS X 10.6.8 “Enhancements to the Mac App Store to get your Mac ready to upgrade to Mac OS X Lion.”

  • OS X 10.7 is yet only announced to be available through the app-store:

Snow Leopard’s first mayor release could be upgraded in iterations through the built in update function or by a download link from a Apple support page. The major release was introduced by providing an Original retail DVD. However OS X Lion will only be available as a download from the Mac App Store. Therefore older versions of OS X which doesn’t support the Mac App Store have first to be upgraded to Mac OS X Snow Leopard 10.6.8.
Update 22/07/2011: See https://marienfeldt.wordpress.com/2011/07/22/backup-os-x-10-7-lion-to-dvd/ for how to create a Lion DVD.

  • A change of the encryption solution demands for the removal of the former  WDE installation:

Removing WDE solutions should consist of first decrypting the encrypted media storage and then secondly fully uninstall the WDE application. This have to be done in exact order otherwise you will end up with an encrypted media which you can’t access any longer. It is also important to make sure the actual application is cleanly removed from your system and no leftovers are available. Having parts of the application left can conflict with the new solution, especially if the conflict appears in your Master Boot Record (MBR) .

  • Removing PGP Desktop’s encryption can be managed by running the decryption in the background but depending on the storage media size it can be very time consuming and weakens data confidentiality throughout the decryption process:

As you can run the decryption for PGP Desktop WDE in the background, the time it takes to get the job done really depends on what other system processes are running in parallel. The storage size of the hard drive is obviously heavily influencing the amount of time spent. Latest MacBook Pro Standard Hard disk 320 GB decryption will take between 8 and 12 hours depending on your run environment. During the decryption process the system weakens the data security in respect of how much of the storage media is still encrypted and therefore protected. Until the decryption is finished and the new WDE encryption is applied with full disk encryption in place the system is not secured any longer.

  • Compatibility between OS X and PGP Desktop WDE :

Not only once but several times problems have been reported by PGP Desktop users on various different OS X platforms. Some of the users could recover their systems some been actually forced into a rebuilt. Sadly this recently happened again with the rollout of OS 10.6.8 with some variants of PGP Desktops lower than 10.1.1. Because of the nature of the compatibility issue it’s impossible to predict which version works with what and therefore time consuming tests are necessary. PGP Desktop older than the supported and reportedly successfull working version, should be upgraded before applying the OS X update. e.g. OS X 10.6.8.

  • Deployment testing is necessary to ensure the impact to users is as low as possible and the involved risks are kept to an acceptable minimum:

Although its hard to cover all aspects of tests some of them are actually happened just by accident and helped to improve the strategy for new test scenarios:

 Test Description  Results  Key requirements
OS X 10.6.7 / PGP WDE 10.1.1: Not really a test for an update/migration –  more an attempt to increase hard disk storage size from 320 GB to 1 TB. Decryption of WDE and attempt to remove PGP Desktop Application. Even after decryption and full removal of PGP the hard disk storage size could not be increased. Enabling verbose mode during boot up showed still pgp copyright messages. The MBR had to be repaired to increase disk size successfully. Confidentiality: Not focusing on.
Manageability: The process is not straight forward
Achieveability: PGP has leftovers after removal which could break a OS X Lion update and/or Lion encryption. Factor time was not a criteria.
OS X 10.6.7 / PGP WDE 10.1.1 -> OS X 10.6.8 upgrade : Actual upgrade test. No PGP decryption and no PGP WDE application removed. OS X 10.6.8 could be applied. Ended up with error “Installation failed”. One test unit reported no problems with this test. Confidentiality: No risk.
Manageability: The process is easy to handle.
Achieveability: The installation was reported as failed. Unreliable upgrade path. The applied 10.6.8 update reported as failed, quite likely break the Lion update.
OS X 10.6.7 / PGP WDE 10.1.1 -> OS X 10.6.8 upgrade : Actual upgrade test. PGP decryption and PGP WDE application removed. OS X 10.6.8 could be applied successfully. Confidentiality: Medium Data exposure risk during process.
Manageability: The process is easy to handle.
Achieveability: Possible option but very time consuming.
OS X 10.6.7 / PGP WDE 10.0.2 -> OS X 10.6.8 upgrade: Actual upgrade test. No PGP decryption and no PGP WDE application removed. Renders PGP Desktops EFI/MBR Authentication useless. Confidentiality: Secure full lost of data in the worst case.
Manageability: The process is easy to apply.
Achieveability: The system needs to be repaired. In the worst case full lost of data and OS.
OS X 10.6.7 / PGP WDE 10.1.0 -> OS X 10.6.8 upgrade : Actual upgrade test. No PGP decryption and no PGP WDE application removed. Renders PGP Desktops EFI/MBR Authentication useless. Confidentiality: Secure full lost of data in the worst case.
Manageability: The process is easy to apply.
Achieveability: The system needs to be repaired. In the worst case full lost of data and OS.
OS X 10.6.8 / PGP WDE 10.1.0 -> OS X Lion beta upgrade : Actual upgrade test. PGP decryption and PGP WDE application removed. Successful update to Lion Confidentiality: Medium Data exposure risk during process.
Manageability: The process is easy to apply.
Achieveability: Possible option but very time consuming.

Conclusions:

  • The OS X 10.6.8 update with PGP WDE < version 10.1.1 will break the OS X update. A recovery procedure [7] is available but not confirmed to be working with all variations of PGP WDE.
  • PGP WDE with decrypted data storage and removed application still keeps some leftover. E.g. copyright notes during bootup (verbose mode). There is a risk that Lion’s disk encryption will not work properly.
  • If PGP WDE is in use, the safest way to update to OS X 10.6.8 and Lion beta is by getting rid of PGP WDE
  • Updating to Lion 10.7 and carrying over PGP WDE is non of an option. The risk is far to high that either the migration fails or any future update will create again software conflicts.
  • The risk of data lost during the update should not be underestimated and a backup is highly recommended.
  • People should consider risk management for data confidentiality when they deal with the decryption.

Update requirements apply for all possible solutions:

  • 2GB RAM, Intel processor that is at least a Core 2 duo, i3, i5, i7, or Xeon.
  • Applied OS X 10.6.8 update

Possible update solutions for Lion preparation:

  1. For OS X 10.6.7 with PGP 10.1.1 -> apply 10.6.8 update
  2. For OS X 10.6.7 with PGP < 10.1.1 -> Decrypt WDE and uninstall PGP Desktop, repair MBR using Snow Leopard Live CD, apply 10.6.8 update. Install PGP Desktop and encrypt hard drive.

Possible solutions for Lion update:

  1. For OS X 10.6.8 -> apply Lion upgrade
  2. For OS X 10.6.8 with PGP WDE, decrypt hard disk, uninstall PGP WDE, repair MBR using Snow Leopard Live CD, apply OS X Lion 10.7
  3. Backup User data. Built a OS X 10.6.8 from scratch, update to Lion, if necessary clone it across your enterprise deployment. Apply individually Lions WDE and recover data from (individual) backups.

Migrated to Lion:

  1. Enable Lion’s Full Disk encryption
  2. Do not send the Encryption key to Apple 😉

Which ever solution you prefer, I strongly recommend always using  backups. Physical security is very important if your Time Machine backup is not setup for solutions like truecrypt. Lion is supposed to allow Time Machine using an encrypted container. We will have to see if this is also supported through the full restore procedure but it sounds promising.

Appendix:

[1] Lion update rumor
http://www.computerworld.com/s/article/9218158/How_to_prep_your_Mac_for_Lion or http://tinyurl.com/3wsvjt3

[2] OS X Lion 10.7:
https://secure.wikimedia.org/wikipedia/en/wiki/Mac_OS_X_Lion or http://tinyurl.com/6jl8akl

[3] Disk Encryption:
https://secure.wikimedia.org/wikipedia/en/wiki/Disk_encryption or http://tinyurl.com/6xte86a

[4] Master Boot Record:
https://secure.wikimedia.org/wikipedia/en/wiki/Master_boot_record or http://tinyurl.com/6x8ntll

[5] OS X 10.6 Snow Leopard:
https://secure.wikimedia.org/wikipedia/en/wiki/Mac_OS_X_Snow_Leopard or http://tinyurl.com/64u7emm

[6] About the OS X 10.6.8 Update
http://support.apple.com/kb/HT4561 or http://tinyurl.com/6lx43wv

[7] PGP Whole Disk Encryption Recovery
https://supportimg.pgp.com/guides/Tech_Note_PGP_WDE_Recovering_Data_Mac_OS_X.pdf or http://tinyurl.com/26bb4jo

IPv6

IPv6 Basics I

Just recently the last two IPv4 /8s [1] have been allocated by IANA, providing the lift off for IPv4 address space exhaustion [2]. While the issue has been well known for years, and many people have been promoting IPv6 [3], only a few companies have migrated their networks and services [4,7]. It is now receiving its long demanded attention.

I am currently working on IPv6 security implementations and would like to feedback about how to migrate IPv4- into dual stacked IPv6 networks, securely. This article starts off with an example of a tunnel broker setup to help people get their first hands-on IPv6 experience. More advanced topics and focusing on various security issues are planned to be published on a part by part base. Stay tuned on IPv6.

IPv6 in IPv4 tunneling:

From Wikipedia (http://en.wikipedia.org/wiki/Tunnel_broker) “A tunnel broker is a service which provides a network tunnel. These tunnels can provide encapsulated connectivity over existing infrastructure to a new infrastructure.

There are a variety of tunnel brokers, though most commonly the term is used to refer to an IPv6 tunnel broker, as defined in RFC 3053 [5]. These commonly provide IPv6 tunnels to endusers/endsites using either manual, scripted or automatic configuration. In general tunnel brokers offer so called ‘protocol 41′ or proto-41 tunnels. These are tunnels where IPv6 is tunneled directly inside IPv4 by having the protocol field set to ’41’ (IPv6) in the IPv4 packet.”

Basically a IPv6 tunnel broker allows you to connect to and communicate with existing IPv6 networks even if your Service Provider network only supports IPv4. It allows testing for IPv6 deployment where some network node or transit communication is not fully IPv6 enabled:

Subscribing for IPv6 tunnel service with SixXS Tunnelbroker:

Please note that SixXS is just one of several tunnelbrokers available [6]. At the time I came around IPv6 tunneling this was simply one of the most popular ones.

Signup for a – SiXS handle: http://www.sixxs.net/signup/create/

You will receive a confirmation mail with your username, password and tunnel id and further details, e.g. login into the main website with your login details, request a tunnel and wait for tunnel approval.

Tunnel Name My V6 Tunnel
PoP Name gblon02
PoP Location London, United Kingdom (Great Britain) United Kingdom (Great Britain)
PoP IPv4 77.75.104.126
Your Location Peterborough, United Kingdom (Great Britain) United Kingdom (Great Britain)
Your IPv4 AYIYA, currently 80.40.20.10
IPv6 Prefix 2a01:348:6:157::1/64
PoP IPv6 2a01:348:6:157::1
Your IPv6 2a01:348:6:157::2
Created 2008-11-11 15:17:51 CEST 

State AYIYA (automatically enabled on the fly)

This is a sample of user’s authentication data provided::

Username : BMsixxs-SIXXS
Password : TrfGvfda

URL to logon and verify : https://www.sixxs.net/home/

Setup for Windows (XP) example using SixXS Tunnelbroker:

Install the Windows XP IPv6 TCP/IP stack and type into a command line and do a reboot after:

ipv6 install

Install the OpenVPN software bundle with default settings (http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe).

You do not to run/configure any OpenVpn application, we just need the “tap” driver to get aiccu working. SixXS tab driver from their own site didn’t work for me.
(Note that you need another reboot.)

Download the Windows(XP) Aiccu Gui version from http://www.sixxs.net/archive/sixxs/aiccu/windows/aiccu-current-gui.exe .

Start the Windows(XP) Aiccu Gui version. Type in your username and password Select your tunnel and click enable.

In a Windows command shell you should be now able to ping ipv6.google.com (Note that the firewall might block your icmp echo request).

You can also test your IPv6 connectivity by directing your browser to URL:

C:\Documents and Settings\Administrator>ping6 ipv6.google.com

Pinging ipv6.l.google.com [2001:4860:a003::68]
from 2a01:348:6:157::2 with 32 bytes of data:

Reply from 2001:4860:a003::68: bytes=32 time=104ms
Reply from 2001:4860:a003::68: bytes=32 time=98ms
Reply from 2001:4860:a003::68: bytes=32 time=97ms
Reply from 2001:4860:a003::68: bytes=32 time=97ms

http://ipv6.google.com

Your “ipconfig” ouput looks now similar to:

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : wawabinbung
Primary Dns Suffix . . . . . .:
Node Type . . . . . . . . . . . . ..: Hybrid
IP Routing Enabled. . . . . . : No
WINS Proxy Enabled. . . . . : No
DNS Suffix Search List. . . ..: dyn.bernd.marienfeldt.de

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : dyn.bernd.marienfeldt.de
Description . . . . . . . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-22-97-97-97
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 80.40.20.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::20c:29ff:feb4:9d97%4
Default Gateway . . . . . . . . . : 80.40.20.1
DHCP Server . . . . . . . . . . . : 80.40.20.2
DNS Servers . . . . . . . . . . . : 80.40.20.2
80.40.20.3
fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
Primary WINS Server . . . . . . . : 80.40.20.2
Lease Obtained. . . . . . . . . . : 16 June 2009 17:23:08
Lease Expires . . . . . . . . . . : 16 June 2009 21:23:08

Ethernet adapter aiccu:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-F6-0E-68-C9
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : 2a01:348:6:157::2
IP Address. . . . . . . . . . . . : fe80::2ff:f6ff:fe0e:68c9%5
Default Gateway . . . . . . . . . : 2a01:348:6:157::1
DHCP Server . . . . . . . . . . . : 255.255.255.255
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6to4 Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : dyn.bernd.marienfeldt.de
Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C3-42-E9-41
Dhcp Enabled. . . . . . . . . . . : No
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : dyn.bernd.marienfeldt.de
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C3-42-E9-41
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:80.40.20.10%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Disabled

Example Setup Linux Ubuntu using SixXS Tunnelbroker:

Install “aiccu” the SixXS client application:

sudo aptitude install aiccu

Provide Username, Password and Tunnel id (if necessary) during the setup. This will be all set for you during the installation but you can find the config in:

/etc/aiccu

username Charly-SIXXS
password Random
protocol tic
server tic.sixxs.net
tunnel_id T18743
# AICCU Configuration
.
.

Your network should now be configured ready to go:

Again you can test your ipv6 connectivity:

ifconfig -a

sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2a01:348:6:157::2/64 Scope:Global
inet6 addr: fe80::48:6:157:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:269 errors:0 dropped:0 overruns:0 frame:0
TX packets:332 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:155985 (155.9 KB) TX bytes:48812 (48.8 KB)

bernd@isopiece:~$ ping6 ipv6.google.com
PING ipv6.google.com(fx-in-x68.google.com) 56 data bytes
64 bytes from fx-in-x68.google.com: icmp_seq=1 ttl=56 time=95.7 ms
64 bytes from fx-in-x68.google.com: icmp_seq=2 ttl=56 time=96.8 ms
64 bytes from fx-in-x68.google.com: icmp_seq=3 ttl=56 time=96.4 ms
^C

IPv6 Enabled Websites:

http://www.sixxs.net/wiki/IPv6_Enabled_Websites [7]

References:

[1] CIDR: http://en.wikipedia.org/wiki/CIDR or http://tinyurl.com/27jw9x
[2] IPv4 exhaustion
[3] IPv6, http://en.wikipedia.org/wiki/Ipv6 or http://tinyurl.com/9wjqy
[4] Pushing towards IPv6 implementations:

  • http://www.ipv6actnow.org/
  • Hurricane Electric Internet Services
  • http://www.6uk.org.uk/
  • http://gogonet.gogo6.com/
  • LINX IPv6 Workshop 2009 or http://tinyurl.com/6krd78n
  • IPv6 Congress May 2011
  • [5] RFC 3043, IPv6 Tunnel Broker from 2001 : http://www.ietf.org/rfc/rfc3053
    [6] List of tunnel brokers

  • http://www.sixxs.net/tools/aiccu/brokers/ or http://tinyurl.com/cx6pc
  • http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers or http://tinyurl.com/288z4h
  • [7] List of IPv6 enabled websites: http://www.sixxs.net/wiki/IPv6_Enabled_Websites or http://tinyurl.com/6lbubxp

    _______________________
    Back to IPv6 Analysis Overview
    .

    Apple iPhone

    ENISA smartphone cyber security report

    ENISA, the European Network and Information Security Agency [1], released their latest EU’s cyber-security agency report which highlights risks, opportunities and recommendations for users of smartphones.

    I am glad that part of my work towards more secure smartphones was mentioned and referenced in this latest update.

    Given the growing importance of smartphones for EU businesses, governments and citizens, we consider it essential to assess their security and privacy implications.

    says Prof. Dr.Udo Helmbrecht, Executive Director of ENISA.

    Smartphones are a goldmine of sensitive and personal information – it’s vital to understand how to maintain our control over this data. We’ve designed our recommendations to plug into a typical security policy

    says Dr. Giles Hogben, co-author of the report.

    The full story

    Reference:

    [1] http://en.wikipedia.org/wiki/European_Network_and_Information_Security_Agency or http://tinyurl.com/237ac8h

    Apple iPhone

    Making phone calls with locked iOS 4.1

    I came an article across which describes how to make a phone call from a locked iPhone with iOS 4.1. The web link refers to a Mac Forum where a member explains how to produce the hack:

    When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.

    I tried it out and it doesn’t work for me on iPhone 3GS (Model MC 132B) with iPhone 4.1 (8B117).(* see update)

    The person who discovered the flaw mentioned that he used a jailbroken phone but some people claimed that they could reproduce it on non jailbroken versions.

    I am now wondering if the flaw depends on specific hardware parameters(* see update ) like processor speed etc. and it currently can only be practised on the more powerfull iPhone 4.

    *Update: Confirmed to be working on iPhone 3GS with iOS 4.0 (8A293) (model MC131B) and if you are quick enough it also works on iPhone 3GS (Model MC 132B) with iPhone 4.1 (8B117).

    Apple iPhone

    Apple iOS4 iPhone update

    Apple says U  p  d  a  t  i  n  g   i s   e  a  s  y. But if you care about security it’s not:

    I strongly recommend following update procedure for iOS4:

    Upgrading your iPhone to the latest version is the normal procedure, however if you read the installation notes during the software update very carefully you will note as mentioned:

    Apple: * Better data protection using the device passcode as an encryption key* (Requires full restore)

    What this means is that unless you go through the Full Restore process you will not gain any data protection improvement promised by Apple.

    iOS4 Update flowchart

    1.) Make sure your PC system is connected to a reliable power source.

    2.) Get iTunes up to date, use the built in update function (Help -> Check for Updates)

    3.) Make a backup of your iPhone data: Connect your iPhone to the computer system and open iTunes. Under ‘Devices’ on the left hand side of the window, right-click on the name you assigned your iPhone and first select ‘Sync’. Once this has been completed follow the same procedure, only this time select ‘Back Up’. Again, once this is finished right click on your iPhone and finally select ‘Transfer Purchases’. Once this has been done your iPhone would be fully backed up onto iTunes locally.

    4.) iPhone iOS4 installation Phase 1:

    Once you have fully backed up your iPhone go onto ‘Summary’ and select ‘Check for Updates’. The option to update to the latest version (4.0) will appear, select the update option and leave the iPhone to run its system update. The iPhone will require restarting.

    Apple iOS 4 update is disabling your security settings: After the update Apple iOS4 leaves you with no passcode protection and “Erase Data” feature disabled even when you have set this up before the update.

    After the iOS4 update make sure under Settings – General – Passcode Lock On:

    – Require Passcode is set to “Immediately”

    – Simple Passcode is set to “OFF” , I recommend at least 6 characters (numbers and or letters with at least one special character included). This is very important as the passcode will be used to generate your encryption key during the full restore procedure .

    – Erase Data is set to “ON”

    5.) iPhone iOS4 installation Phase 2:

    Note: If a Backup is available you should not lose any data at all.

    Once the iPhone has completed its updates, select ‘Restore’ in the ‘Summary’ section of iTunes. If you have already backed up your iPhone with all the latest changes you’ve made to it (New songs, pictures etc) you won’t need to update the iPhone again, just allow it to run its System Restore, this will reset the iPhone back to its factory settings. Once the process is completed the device will restart and the Apple logo will appear on the screen. After the restore, the iPhone displays the “Connect to iTunes” screen. Keep your device connected until the “Connect to iTunes” screen goes away or you see “iPhone is activated.” If iTunes does not have an Internet connection, you cannot complete this step.

    Finally, to restore your device from the previous backup you should be able to see a set of options in iTunes, stating that “An iPhone has been previously synced with this computer” with a list of synced devices, select the backup from which you want to restore your settings and select the continue button to complete the devices restoration.

    Thank You

    Appendix:

    Apple iOS4 Software Update Release Notes:

    iOS 4 Software Update

    This update contains over 100 new features, including the following:

    * Multitasking support for third-party apps*
    – Multitasking user interface to quickly move between
    apps
    – Support for audio apps to play in the background
    – VoIP apps can receive and maintain calls in the
    background or when device is asleep
    – Apps can monitor location and take action while
    running in the background
    – Alerts and messages can be pushed to apps using
    push and local notifications
    – Apps can complete tasks in the background
    * Folders to better organise and access apps
    * Home screen Wallpaper*
    * Mail improvements
    – Unified inbox to view emails from all accounts in one
    place
    – Fast inbox switching to quickly switch between
    different email accounts
    – Threaded messages to view multiple emails from the
    same conversation
    – Attachments can be opened with compatible third-
    party apps
    – Search results can now be filed or deleted
    – Option to select size of photo attachments
    – Messages in the outbox can be edited or deleted
    * Support for iBooks and iBookstore (available from the
    App Store)
    * Photo and Camera improvements
    – 5x digital zoom when taking a photo**
    – Tap to focus during video recording**
    – Ability to sync Faces from iPhoto
    – Geo-tagged photos appear on a map in Photos
    * Ability to create and edit playlists on device
    * Calendar invitations can be sent and accepted wirelessly
    with supported CalDAV servers
    * Support for MobileMe calendar sharing
    * Suggestions and recent searches appear during a web
    search
    * Searchable SMS/MMS messages**
    * Spotlight search can be continued on web and Wikipedia
    * Enhanced location privacy
    – New Location Services icon in the status bar
    – Indication of which apps have requested your location
    in the last 24 hours
    – Location Services can be toggled on or off for
    individual apps
    * Automatic spellcheck
    * Support for Bluetooth keyboards*
    * iPod out to navigate music, podcasts and audiobooks
    through an iPod interface with compatible cars
    * Support for iTunes gifting of apps
    * Wireless notes syncing with IMAP-based mail accounts
    * Persistent Wi-Fi connection to receive push notifications*
    * New setting for turning on/off mobile (cellular) data only**
    * Option to display the character count while composing
    new SMS/MMS**
    * Visual Voicemail messages can be kept locally even if
    they have been deleted from the server**
    * Control to lock portrait orientation*
    * Audio playback controls for iPod and third-party audio
    apps*
    * New languages, dictionaries and keyboards
    * Accessibility enhancements*
    * Bluetooth improvements
    * Better data protection using the device passcode as an
    encryption key* (Requires full restore.)
    * Support for third-party Mobile Device Management
    solutions
    * Enables wireless distribution of enterprise applications
    * Exchange Server 2010 compatibility
    * Support for multiple Exchange ActiveSync accounts
    * Support for Juniper Junos Pulse and Cisco AnyConnect
    SSL VPN apps (available from the App Store)
    * More than 1,500 new developer APIs
    * Bug fixes

    Products compatible with this software update:
    * iPhone 3G
    * iPhone 3GS
    * iPhone 4
    * iPod touch 2nd generation
    * iPod touch 3rd generation (late 2009 models with 32GB
    or 64GB)

    * Requires iPhone 3GS, iPhone 4 or iPod touch 3rd generation.
    ** Requires iPhone 3G, iPhone 3GS or iPhone 4. SMS/MMS messaging and Visual Voicemail require support from your wireless carrier.

    For feature descriptions and complete instructions, see the user guides for iPhone and iPod touch at:
    <http://support.apple.com/manuals/iphone&gt;
    <http://support.apple.com/manuals/ipodtouch&gt;

    For more information about iPhone and iPod touch, go to:
    <http://www.apple.com/uk/iphone&gt;
    <http://www.apple.com/uk/ipodtouch&gt;

    To troubleshoot your iPhone or iPod touch, or to view additional support information go to:
    <http://www.apple.com/uk/support/iphone&gt;
    <http://www.apple.com/uk/support/ipodtouch&gt;

    For information on the security content of this update, please visit this website:
    <http://support.apple.com/kb/HT1222&gt;

    Apple iPhone

    iPhone Advice

    Be aware of that Apple iOS 4 update is disabling your security settings, see Update 24/06/2010 below

    Do not store any sensitive or confidential data on your iPhone and follow the iOS4 update procedure described.

    Shutdown your iPhone only in the locked state and keep it in locked state when not in use: Intending to shutdown your iPhone from the unlocked state (thats when you see the App icons) press the top right button once. Wait a second and then keep pressing the button again until the slide to power off appears and then shutdown your iPhone.

    Please do also use the “encryption” feature with iTunes for your Backup. Click on your phone device under iTunes and under Summary -> Options Select “Encrypt iPhone Backup” and use a strong password.

    Ideally Do store your Backup only on a PC with an encrypted storage.

    Apple will release iOS 4 which might fix the massive security vulnerability for the iPhone 3G and iPhone 3GS. Please update asap. According to Apple the release date will be on the 21st of June 2010.

    Apple released today (21st June 2010) a newer version of the iPhone software (version 4.0-8A293). If you want to update the phone please make sure to get iTunes also updated to its latest version 9.2.0.61 before attempting the software update.

    After the first tests done, please bear in mind that I need further investigations followed to provide a more reliable conclusion. So far it turns out that the time-of-check-to-time-of-use (TOCTTOU) bug (race condition) seems to be patched in iOS4. The flaw is for me no longer reproducible in the way described.

    However, I would not call the issue as cleared off for the time being:

    Apple security release notes can be found here and Apple is not mentioning anything about the security improvements towards better authentication and/or encryption.

    If you read the installation notes during the software update very carefully you will note:

    “* Better data protection using the device passcode as an encryption key* (Requires full restore)”

    What this means is that unless you go through the Full restore process you will not gain any data protection improvement promised by Apple.

    Update 22/06/2010:

    Apple hasn’t pointed this out so far but I would strongly recommend following update procedure for iOS4:

    Upgrading your iPhone to the latest version is the normal procedure, however if you read the installation notes during the software update very carefully you will note as mentioned:

    Apple: * Better data protection using the device passcode as an encryption key* (Requires full restore)

    What this means is that unless you go through the Full Restore process you will not gain any data protection improvement promised by Apple.

    1.) Make sure your PC system is connected to a reliable power source.

    2.) Get iTunes up to date, use the built in update function (Help -> Check for Updates)

    3.) Make a backup of your iPhone data: Connect your iPhone to the computer system and open iTunes. Under ‘Devices’ on the left hand side of the window, right-click on the name you assigned your iPhone and first select ‘Sync’. Once this has been completed follow the same procedure, only this time select ‘Back Up’. Again, once this is finished right click on your iPhone and finally select ‘Transfer Purchases’. Once this has been done your iPhone would be fully backed up onto iTunes locally.

    4.) iPhone iOS4 installation Phase 1:

    Once you have fully backed up your iPhone go onto ‘Summary’ and select ‘Check for Updates’. The option to update to the latest version (4.0) will appear, select the update option and leave the iPhone to run its system update. The iPhone will require restarting.

    Added 24/06/2010

    Apple iOS 4 update is disabling your security settings: After the update Apple iOS4 leaves you with no passcode protection and “Erase Data” feature disabled even when you have set this up before the update.

    After the iOS4 update make sure under Settings – General – Passcode Lock On:

    – Require Passcode is set to “Immediately”

    – Simple Passcode is set to “OFF” , I recommend at least 6 characters (numbers and or letters with at least one special character included). This is very important as the passcode will be used to generate your encryption key during the full restore procedure .

    – Erase Data is set to “ON”

    5.) iPhone iOS4 installation Phase 2:

    Note: If a Backup is available you should not lose any data at all.

    Once the iPhone has completed its updates, select ‘Restore’ in the ‘Summary’ section of iTunes. If you have already backed up your iPhone with all the latest changes you’ve made to it (New songs, pictures etc) you won’t need to update the iPhone again, just allow it to run its System Restore, this will reset the iPhone back to its factory settings. Once the process is completed the device will restart and the Apple logo will appear on the screen. After the restore, the iPhone displays the “Connect to iTunes” screen. Keep your device connected until the “Connect to iTunes” screen goes away or you see “iPhone is activated.” If iTunes does not have an Internet connection, you cannot complete this step.

    Finally, to restore your device from the previous backup you should be able to see a set of options in iTunes, stating that “An iPhone has been previously synced with this computer” with a list of synced devices, select the backup from which you want to restore your settings and select the continue button to complete the devices restoration.

    Update 24/06/2010:

    Apple iOS 4 update is disabling your security settings: After the update Apple iOS4 leaves you with no passcode protection and “Erase Data” feature disabled even when you have set this up before the update.

    After the iOS4 update make sure under Settings – General – Passcode Lock On:

    – Require Passcode is set to “Immediately”

    – Simple Passcode is set to “OFF” , I recommend at least 6 characters (numbers and or letters with at least one special character included). This is very important as the passcode will be used to generate your encryption key during the full restore procedure .

    – Erase Data is set to “ON”

    If you had to change from Simple Passcode “ON” to a more complex passcode follow again the “iPhone iOS4 installation Phase 2” described above. This will generate a new stronger encryption key.

    To make it easier, I summarized the iOS4 iPhone update.

    Thank You.

    DECT

    DECT (Phone) Interception made Easy

    Preface:

    More than a year ago people done serious research on the topic of the DECT security and found significant flaws but since then nothing changed dramatically in the way the industry implements DECT. I guess most people are probably not fully aware of that DECTs insecurity could affect them. In April 2010 experts are now able to recover the DECT standard Cipher key [1,8,9]. Please note that I have done my analysis when the topic was just raised and it’s quite likely that some of the OS specific issues have changed in the meantime.

    What’s it all about:

    Remember the good old days when people made their calls from a traditional landline and had their tripping hazard all inclusive:

    These days people usually got cordless phones which are more convenient but unfortunatelly insecure in utilizing the DECT (Digital Enhanced Cordless Telecommunications) protocol standard as demonstrated [1],[2] by members of the CCC-Chaos Computer Club at the 25C3 Chaos Communication Congress . The hack (The Register reported) is not limited to DECT based phone call eavesdropping, see listed DECT implementations but a strong warning that listening to phonecalls without prior permission is illegal, e.g in Germany even the attempt is punishable up to five years .

    DECT implementations:

    • Cordless phones
    • Wireless ISDN access
    • Babyphones
    • Emergency calls
    • Remotely controllable door openers
    • Cordless Credit card terminals (Will probably become less popular in near future)
    • Traffic lights control (Germany) and traffic control systems (UK)
    • Situation in Germany, currently ~ 30.000.000 cordless DECT based phone base stations in use, I do not have UK and US specific stats but there should be also a fairly high number of deployments similar  as worldwide to be expected.

    Overview:

    This post describes only basics of the “deDECTed” hack [3] and more details can be found in the Appendix.

    DECT implementations do vary on the vendor and DECT “secret key” (UAK) has been made available to vendors which are implementing DECT under a Nondisclosure Agreement. However it appears that encryption in DECT based phones is often not implemented/enabled and even the latest generation of DECT phones which are supposed to use encryption can be intercepted by forwarding traffic to a Voice over Internet Protocol (VOIP) system (e.g. Asterisk Pbx ) which is not supporting the encryption and so DECT is falling back to an insecure communication.

    If encryption is not implemented someone only needs a PC,  software and a DECT Controller  to penetrate  the own DECT phone.

    The German hacker group initially used a hardware device utilizing Gnu Radio to sniff to the DECT traffic on 1.88 – 1.9 GHz (in comparison Wifi 802.11 b/g is on the 2.4 GHz band and Wifi 802.11a on 5 GHz) but then decided later on to make their “life easier” and wrote a Linux kernel driver and obviously some user space utilities for the “Com-on-Air” PCMCIA based Dect Controller by “Dosch/Ammand” (D/A).

    When I looked into getting the card the current prices on Ebay for the Type II cards (ironically D/A is bankrupt since years) have been appx. 10 x more than the card was before the DECT weaknesses report made it to the public and the card main purpose at that time was using it as an IP-DECT solution where the backhaul from the base station is VoIP (H323 or SIP) while the handset loop is still DECT or in other words people just used the Com-On-Air card to extend their VOIP networks through the DECT Controller forwarding calls to their convenient (DECT based) cordless phones.

    ++

    Com-On-Air Linux Kernel driver:

    To get the PCMCIA Type II card working the students wrote their own driver for the card. The code compilation is straight forward, just make sure you got the latest kernel sources and headers in place.  The DECT analysis tools are also in the code framework included and they compile as easy as the driver does. After a successful module load (insmod, modprobe etc.) you will see (lsmod) “com_on_air_cs” kernel module loaded and it will dealing with the DECT controller card under Linux.

    [  339.588207] >>> loading com_on_air_cs
    [  339.588875] com_on_air_cs: >>>>>>>>>>>>>>>>>>>>>>>>
    [  339.588879] com_on_air_cs: card in slot        com_on_air_cs
    [  339.588882] com_on_air_cs: prod_id[0]          DECTDataDevice
    [  339.588885] com_on_air_cs: prod_id[1]          PCMCIA F22
    [  339.590638] com_on_air_cs: ioremap()’d baseaddr 9ab34000
    [  339.590664] com_on_air_cs: registered IRQ 3
    [  339.630471] com_on_air_cs: valid client.
    [  339.630474] com_on_air_cs: type          0x118
    [  339.630476] com_on_air_cs: function      0x0
    [  339.630478] com_on_air_cs: Attributes    1
    [  339.630480] com_on_air_cs: IntType       2
    [  339.630483] com_on_air_cs: ConfigBase    0x1020
    [  339.630485] com_on_air_cs: Status 0, Pin 0, Copy 0, ExtStatus 0
    [  339.630488] com_on_air_cs: Present       1
    [  339.630490] com_on_air_cs: AssignedIRQ   0x3
    [  339.630492] com_on_air_cs: IRQAttributes 0x12
    [  339.630494] com_on_air_cs: BasePort1     0x0
    [  339.630496] com_on_air_cs: NumPorts1     0x10
    [  339.630498] com_on_air_cs: Attributes1   0x10
    [  339.630500] com_on_air_cs: BasePort2     0x0
    [  339.630502] com_on_air_cs: NumPorts2     0x0
    [  339.630504] com_on_air_cs: Attributes2   0x0
    [  339.630506] com_on_air_cs: IOAddrLines   0x0
    [  339.630508] com_on_air_cs: has function_config
    [  339.630512] com_on_air_cs: get_card_id() = 0
    [  339.630514] com_on_air_cs: ———————–

    DECT Kismet integration with Kismet plugin in kismet-newcore:

    Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. The authors of Kismet made it possible to extend the portfolio of the application to understand DECT detection which is quite neat for someone who is frequently using Kismet anyway. Please note that you need to compile Kismet from scratch if you want to use the plugin support as it is only available in the latest kismet-newcore through subversion (svn).

    Some DECT specific acronyms:

    RFPI = Radio fixed part identity, phone base station id (note that a Ethernet MAC address is 6 and not 5 bytes)
    RSSI = Received Signal Strength Indication
    FP = Fixed part (e.g. telephone base station)
    PP = Portable part (e.g. phone handset itself)
    B-FIELD = Actual payload, e.g  voice codec
    C-CHANNEL = Contains all  DECT higher layer control
    CH = Channel

    Kismet Dect plugin:

    The help menu of the Kismet (Newcore) DECT plugin shows the basic scan options for phones, basestations and the plugin ability to sort the findings in the order of the users choice. The DECT integration also allows to change channel hop settings and sync on a call and dump it to a local system for example.

    Dect Scan Example:

    Dect Analysis tool:

    The most featurecomplete tool is dect_cli. it can dump pcap formatted captures and is shown in

    action below.

    There are also other tools available:

    coa_syncsniff dumps pcap files on a given channel and RFPI

    pcap2cchan dumps C-channel informa

    tion from pcap files:

    ./pcap2cchan dump_2009-02-13_23_46_42_RFPI_00_7e_94_dd_a8.pcap

    station: addr:8e ctrl:4c len:c0 crc:9ab2 -> reserved     cc 05 dc 82 64 de 9b 7a ca b8 01 6a 9e c2 11 04 74 d7 fb d4 f9 f6 f0 54 39 73 fc 8c f7 11 10 19 d5 1b 9b 8a ac 12 9d d5 76 55 2e a2 f5 79 aa 4d

    pcapstein dumps all B-Fields found in a pcap file

    Dect command line interface menu:

    DECT command line interface
    type “help” if you’re lost
    help

    help – this help
    fpscan – async scan for basestations, dump RFPIs
    callscan – async scan for active calls, dump RFPIs
    autorec – sync on any calls in callscan, autodump in pcap
    ppscan <rfpi> – sync scan for active calls
    chan <ch> – set current channel [0-9], currently 0
    band – toggle between EMEA/DECT and US/DECT6.0 bands
    ignore <rfpi> – toggle ignoring of an RFPI in autorec
    dump – dump stations and calls we have seen
    name <rfpi> <name> – name stations we have seen
    hop – toggle channel hopping, currently ON
    verb – toggle verbosity, currently OFF
    stop – stop it – whatever we were doing
    quit – well

    Example of Base station- and call dump with DECT command line interface:

    dump
    ### stations
    00 7e 94 dd a8  ch 7  RSSI 18.53  count   76  first 1234794847  last 1234795069
    ### calls
    00 7e 94 dd a8  ch 7  RSSI 19.20  count    5  first 1234795128  last 1234795129

    Example of a call dump processing:

    Scan for active calls and sync against DECT phone using “callscan” mode:

    ### calls
    00 7e 94 dd a8  ch 7  RSSI 19.20  count    5  first 1234795128  last 1234795129

    Enabling automatic record of calls found using “autorec”:

    ### got sync
    ### dumping to dump_2009-02-13_23_46_42_RFPI_00_7e_94_dd_a8.pcap
    ### stopping DIP

    Postprocessing:

    This is the resulting information by extracting from the .pcap capture the raw G.726/G.721 (.ima codecs – ADPCM 4bit per sample) 32 kbps dumps and finally decode them using Sound eXchange into Waveform audio format (.wav).

    dump_2009-02-13_23_46_42_RFPI_00_7e_94_dd_a8.pcap

    —>

    dump_2009-02-13_23_46_42_RFPI_00_7e_94_dd_a8.pcap_fp.ima
    dump_2009-02-13_23_46_42_RFPI_00_7e_94_dd_a8.pcap_pp.im

    ——>

    bernds_siemens_gigaset1.wav

    (.wav file(s) can be listened to in using the favourite audio player)

    DECT support in Wireshark:

    No support for dissecting DECT was present in the main Wireshark repository however captured DECT data can be analysed further in loading the relevant .pcap files into Wireshark Development unstable version compiled from scratch or by applying the wireshark-1.0.5_dect.patch to wireshark version 1.0.5.

    This is a list of software packages you need to have installed prior wireshark compilation to get a succesful build under Linux Ubuntu 8.04 LTS/ 8.10:

    • bison – A parser generator which is compatible with YACC
    • flex – A fast lexical analyzer generator
    • gtk2-engines – theme engines for GTK+ 2.x 9!)
    • libgtk2.0-dev – Development files for the GTK+ library
    • libpcre3-dev – Perl5 compatible regular expression
    • libkrb5-dev – Header and Development Files for MIT Kerberos
    • library – development files
    • libc-ares-dev – library for asyncronous name resolves
    • libsmi2 – A library to access MIB information
    • libsmi2-dev – A library to access MIB information (development files)
    • libgcrypt – LGPL Crypto library – development files
    • libcap-bin – basic utility programs for using capabilities
    • libcap-dev – development libraries and header files for libcap
    • libgeoip-dev – Development files for the GeoIP library
    • libgnutls-dev – the GNU TLS library – development files
    • libssl0.9.8-dbg – Symbol tables for libssl and libcrypto

    External antenna connector hardware:

    Some people claim operating DECT within the European 1.88 – 1.9  GHz range (similar frequency window as used by Global System for Mobile communications (GSM) in the 1900 MHz band) does allow to receive a reasonable signal from up to 300 meters ( appx. 980 feet) distance.  More EIRP will significantly improve the signalling and hence less noise.

    The photo illustration below is for a Wifi card extension but the DECT controller should have a similar circuit board layout so the SMA connector soldering can be easily adapted with use of  a standard GSM 1900 antenna or best a custom made DECT frequency antenna.

    Conclusion:

    • “Conversations relayed through cordless household phones are far easier to snoop upon than previously suspected.”
    • DECT based phones are a bad choice for using in business.
    • VOIP Security can be eliminated by implementing VOIP->DECT gateways
    • DECT is cracked [7] .

    Appendix:

    [1] https://dedected.org/trac/blog/dsc-cryptanalysis-final and Cryptanalysis of the DECT Standard Cipher – Full Paper – final version – PDF

    [2] 25C3 presentation: (talk-25c3.pdf)

    [3] DECT Talk at 25C3 (Video in 720×576 mp4 )

    [4] deDECTed.org website

    [5] Introduction to DECT standardisation

    [6] Attacks on the DECT authentication mechanisms (pdf)

    [7] DECT encryption cracked

    [8] Cryptanalysis of the DECT, Bruce Schneier

    [9] 26C3: DECT (part II), ChrisJohnRiley

    Open Source, Ubuntu

    Terminator for Linux Ubuntu

    Have you ever looked for a tool to keep track of your terminal sessions by not loosing conspectus under Linux. Split Screens can help to perceive a much quicker and simultaneous record of what’s going on by contrast with terminal tabs.

    Well first there is the built in terminal under Ubuntu, depending on whether using KDE or Gnome you either end up with “Konsole” or  “Gnome-Terminal , which both refuse a split screen like they would be afflicted with a disease by offering such handy feature.

    Then there is the option to fire up a Gnu Screen session inside your terminal application which can be very useful to leave a session running in the “background” with closing the terminal or even loosing connectivity. However I felt the split screen feature is a bit stale bread.

    Then I found this Multi Gnome Terminal application which won’t compile unless you drag immemorial libraries into your system which I really didn’t prefer either.

    Finally a working solution for me:

    The Terminator application paves itself on top of your existing Gnome-Terminal and allows split-screens easily. Terminator is available in the Ubuntu repository and can be installed “apt-get install terminator”.

    Right mouse button drops you a menu for splitting terminals horizontally or vertically as many you like or if you prefer quick shortcuts it can assist this way just as well :

    Ctrl-Shift-E: will split the view vertically.
    Ctrl-Shift-O: will split the view horizontally.
    Ctrl-Shift-P: will focus be active on the previous view.
    Ctrl-Shift-N: will focus be active on the next view.
    Ctrl-Shift-W: will close the view where the focus is on.
    Ctrl-Shift-Q: will exit terminator.

    F11: will make terminator go fullscreen.

    Apple iPhone

    iPhone business security framework


    Overview:

    I recently had the chance to look into Apple’s iPhone [11] security model specifically for the 3G and 3GS version.  As the iPhone acts as a small computing device my concerns are related to the integrity of the device, communication  and the security of data stored locally.  Apple provides an “iPhone Security Overview” [1] which is a good start to find out more about:

    Apple iPhone mobile device security features:

    Apple Enterprise Management and Security:

    • Supports standards-based servers for mail, calendar and contacts integration. Syncing with IMAP mail servers and search the mail server from the iPhone.
    • CalDAV-compliant calendar servers like iCal Server, Oracle Beehive, Kerio and Zimbra.
    • iPhone 3GS protects data through encryption of information in transmission, at rest on the device, and when backed up to iTunes.
    • Provides secure methods to prevent unauthorised use of the device through passcode policies and restrictions.
    • In the event of a lost or stolen iPhone, you can even clear all data and settings by issuing a remote wipe command from Microsoft Exchange.
    • Network communications stay secure with Cisco IPSec VPN, WPA2 Enterprise Wi-Fi and SSL/TLS on iPhone.
    • Microsoft Exchange users can enforce complex passcodes, camera restrictions and other policies on iPhone to protect corporate data.
    • Certificate-based authentication enables iPhone to connect with corporate servers via Exchange as well as VPN On Demand, making network communications seamless and secure.

    Security Configuration Profiles:

    • Establish corporate passcode policies and settings with configuration profiles created and distributed via USB or over the air.
    • With configuration profiles, you can remotely configure your company’s VPN, email and wireless network settings, ensuring that each iPhone is secure and ready for business.
    • For users, installing a configuration profile is as easy as tapping a secure web link or receiving an email with the configuration profile attached. Configuration profiles can be signed and encrypted – and once installed, individual users can be restricted from removing these profiles from their iPhones.

    Framework:

    This is the outcome of  the overview and  more research on various details  matched against the security requirements which I would like to see implemented,  so an iPhone can become a reasonable secure mobile network device:

    • Platform Protection
    • OS Patch Management
    • Antivirus Protection
    • Network Traffic Filtering
    • Application Security
    • Data Storage Protection
    • Communication Encryption
    • Wireless Security
    • Manageability of Acceptable Use

    Platform Security:

    Requirement: iPhone3G(S): Comment:
    Application Security: – Runtime Protection (Sandboxing)

    – Mandatory Code signing

    Separates local Data stored by applications and the code itself from each other and protects from third-party applications. Code signing binds your application framework to Apple).
    OS Patch Management Build in update feature for

    iPhone OS

    Similar to OS X the phone can fetch automatic updates when connected to a network.
    Antivirus Protection None built in. Apple claims no need for this. Jailbreaking [2] would make a need for it.
    Manageability of Acceptable Use – Password Management and Enforcement

    – Remote and local wipe

    – Restriction management of:

    iTunes Store medias, Use of Safari, Use of YouTube, Use of App Store, Installations of Applications, Use of the camera

    This is mostly to restrict the use of the device through a policy. Most of the sync profile updates can only be synced automatically using a Microsoft Exchange server. However profiles can also be manually applied via email attachment or through a download from a website.

    Network Security:

    Requirement: iPhone3G(S): Comment:
    Network Traffic Filtering A built in firewall is not claimed A host based firewall solution is not available through Apples App store.
    Communication Encryption – Common Crypto APIs

    – SSL/TLS

    Solid SSL/TLS support promised.
    VPN – Cisco IPSec

    – L2TP/IPSec

    – PPTP

    Solid VPN support promised but I am missing the OpenVPN standard.
    Authentication – Password (MSCHAPv2)

    – RSASecurID

    – CRYPTOCard

    – x.509 Digital Certificates

    – Shared Secret

    – X.509 certificates with RSA keys

    Common Authentication schemas are supported RSASecureID capability can make the phone becoming a one time security token for 2 and more factor authentication.
    Wireless Security – WPA

    – WPA2 shared key

    – WPA2 Enterprise mode

    Solid Authentication and Encryption support for 802.11 b/g wireless networks.

    Local Data:

    Requirement: iPhone3G(S): Comment:
    Data protection – Encrypted configuration

    – Encrypted i-Tunes backup

    Encrypted profiles can be only read by an Admin.

    Broken authentication model [9]

    Data encryption – Hardware based Full DIsk Encryption (FDE). Iphone3GS offers hardware-based- encryption and uses AES 256 bit encoding to try to protect all data on the device. Encryption is always enabled and cannot be disabled by users.

    However the encryption renders pointless by the FDE key implementation flaw [4]

    Password storage Keychain Services Local passwords and logins are stored in an encrypted local safe.

    Outcome:

    Mobile computing and storage devices are easily lost or stolen, presenting a high risk for unauthorized access and introduction of malicious software to a network [3].

    These risks should be mitigated to acceptable levels. A portable -computing device and -electronic storage media that contains confidential, personal, or sensitive information should use encryption or equally strong measures to protect the data while they are in transit or stored.

    The Apple iPhone can’t fully satisfy the requirements. People should understand that the iPhone 3GS fails to provide full disk encryption (FDE) which renders useless by how the phone manages the protection of the encryption key [4] and that the authentication model for the FDE is also broken.[see recent update]. Most of automatic sync and update features are built around Microsofts Exchange Server however important security profile management and updates can be achieved by manual interaction of the user without using Exchange.

    The iPhone’s operating system is designed to only run software that has an Apple-approved cryptographic signature. This should protect from malicious third-party applications but it certainly  leaves authority and actual security management fully in the hand of Apple.  There is no open Source code involved and applications can only be chosen from Apples apps store. Apples recent removal of random content and apps [5] makes users wonder if the trust in Apple is justifiable.

    Restrictions can be overcome by “jailbreaking” the device [2], which involves replacing the iPhone’s firmware with a slightly modified version that does not enforce the signature check. Jailbroken phones are at risk for an iPhone worm and system compromise through malicious applications.

    By the time writing there is no way to directly encrypt or sign your email and although there are some more (non security related) caveats like: Java and Flash aren’t supported  and the fact Apple iTunes software latest version is only running on Windows and Apple platforms,  the iPhone still can be used in an efficient way if people understand that there is no secure FDE available and a appropriate policy is in place to cover these facts.

    Having this said,  iPhone security really only applies with having a sensible trust in Apples business model,  being the gatekeeper for your own security needs, and when user’s attitude takes into account that the iPhones Hard Disk encryption and Authentication model is useless towards storage protection.

    Update 17/05/2010: Apple’s iPhone 3GS broken authentication model:

    I uncovered a data protection vulnerability [9], which  I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all passcode (4 digits) protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.

    To clarify, the given file access is read and write !

    This is what you get via an auto mount without any PIN (passcode 4 digits) request:

    The unprotected iPhone 3GS mounting is “limited” to the DCIM folder under Ubuntu < 10.04 LTS, Apple Macintosh, Windows 2000 SP2 and Windows 7. The way Ubuntu Lucid Lynx handles the iPhone 3GS [6,7,8] allows to get more content (please do make sure that the native Ubuntu system is fully up to date, e.g. “apt-get update, “apt-get upgrade”  – any virtualization based solution will not work as described). I used the Alternate CD with x86 and AMD64 on different hardware.

    The “Libimobiledevice” [6] developers probably done just their best to make some  content available under Linux but nevertheless I would still expect that the iPhone 3GS takes ownership and requests an authentication challenge when in the process to be mounted.

    Copied contents file structure:

    bernd@isopiece:~/Desktop/phonecontents$ ls -R
    .:
    ApplicationArchives                  com.apple.itunes.lock_sync  Downloads       Photos    PublicStaging  Recordings
    com.apple.itdbprep.postprocess.lock  DCIM                        iTunes_Control  Podcasts  Purchases      Safari

    ./ApplicationArchives:
    com.occamygames.motoxmayhem.zip

    ./DCIM:
    100APPLE

    ./DCIM/100APPLE:
    IMG_0433.JPG  IMG_0435.JPG  IMG_0436.JPG  IMG_0437.JPG  IMG_0438.JPG  IMG_0439.JPG  img_1974.jpg

    ./Downloads:
    manifest.plist

    ./iTunes_Control:
    Artwork  Device  iTunes  Music  Ringtones

    ./iTunes_Control/Artwork:
    ArtworkDB  F3001_1.ithmb  F3002_1.ithmb  F3003_1.ithmb  F3005_1.ithmb  F3006_1.ithmb  F3007_1.ithmb  F3012_1.ithmb

    ./iTunes_Control/Device:
    HashInfo  SysInfoExtended  Trainer

    ./iTunes_Control/Device/Trainer:
    Workouts

    ./iTunes_Control/Device/Trainer/Workouts:
    Empeds

    ./iTunes_Control/Device/Trainer/Workouts/Empeds:
    4H0047X7VSX  linkData

    ./iTunes_Control/Device/Trainer/Workouts/Empeds/4H0047X7VSX:
    bests.plist  calibration.xml  lastWorkout.xml  latest  preferences.xml  settings.plist

    ./iTunes_Control/Device/Trainer/Workouts/Empeds/4H0047X7VSX/latest:
    2010-04-19 18;07;04.xml  2010-04-20 17;50;49.xml  2010-04-20 18;02;57.xml  2010-04-21 18;01;51.xml

    ./iTunes_Control/iTunes:
    IC-Info.sidb  iTunesApplicationIDs  iTunesControl  iTunes Library.itlp   iTunesMovies     iTunesPrefs        Rentals.plist    VoiceMemos.plist
    IC-Info.sidv  iTunesCDB             iTunesDB       iTunesMoviePlaylists  iTunesPlaylists  iTunesPrefs.plist  Ringtones.plist

    ./iTunes_Control/iTunes/iTunes Library.itlp:
    DBTemp  Dynamic.itdb  Extras.itdb  Genius.itdb  Library.itdb  Locations.itdb  Locations.itdb.cbk

    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp:
    Backup  ddd.itdbm

    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup:
    iTunes_Control

    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup/iTunes_Control:
    iTunes

    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup/iTunes_Control/iTunes:
    iTunes Library.itlp

    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup/iTunes_Control/iTunes/iTunes Library.itlp:
    Dynamic.itdb  Extras.itdb  Library.itdb  Locations.itdb  Locations.itdb.cbk

    ./iTunes_Control/Music:
    F00  F02  F04  F06  F08  F10  F12  F14  F16  F18  F20  F22  F24  F26  F28  F30  F32  F34  F36  F38  F40  F42  F44  F46  F48
    F01  F03  F05  F07  F09  F11  F13  F15  F17  F19  F21  F23  F25  F27  F29  F31  F33  F35  F37  F39  F41  F43  F45  F47  F49

    ./iTunes_Control/Music/F00:
    AUXM.mp3  BPGL.mp3  CMKZ.mp3  DXEC.mp3  FWQN.mp3  IGUA.mp3  KHDB.mp3  MTCN.mp3  OOZM.mp3  OVLK.mp3  RIDE.mp3  SOAU.mp3  TWFV.mp3  UJHE.mp3  YBIW.mp3
    BLXF.mp3  CDIN.mp3  DICJ.mp3  EXLN.mp3  GAZI.mp3  JEXQ.mp3  KYKH.mp3  NEUC.mp3  ORHK.mp3  QWGA.mp3  SNIN.mp3  TAPC.mp3  TZIF.mp3  VTCR.mp3

    ./iTunes_Control/Music/F01:
    ACPV.mp3  BZVB.mp3  DNTQ.mp3  FDZE.mp3  GECU.mp3  IMPV.mp3  KJCP.mp3  KWFT.mp3  LKJF.mp3  MSPV.mp3  NQVB.mp3  TOJU.mp3  WKQU.mp3  XBTL.mp3  YNYH.mp3
    BZPH.mp3  CBSB.mp3  EEWN.mp3  GDYD.mp3  GXSW.mp3  JHUJ.mp3  KPSS.mp3  LDKQ.mp3  MLZI.mp3  NKQK.mp3  PHDL.mp3  TVVO.mp3  WYCW.mp3  YLIT.mp3

    ……

    ./iTunes_Control/Ringtones:

    ./Photos:

    ./Podcasts:

    ./PublicStaging:

    ./Purchases:

    ./Recordings:
    20100517 111440.m4a  20100517 111501.m4a  20100519 122148.m4a  Recordings.db

    ./Safari:
    goog-phish-shavar.dat_aside

    Contents list of disk usage:

    bernd@isopiece:~/Desktop/phonecontents$ du -h
    4.0K    ./PublicStaging
    920K    ./Safari
    4.0K    ./iTunes_Control/Ringtones
    107M    ./iTunes_Control/Music/F23
    133M    ./iTunes_Control/Music/F39
    124M    ./iTunes_Control/Music/F29
    122M    ./iTunes_Control/Music/F40
    136M    ./iTunes_Control/Music/F47
    109M    ./iTunes_Control/Music/F11
    98M    ./iTunes_Control/Music/F05
    174M    ./iTunes_Control/Music/F27
    76M    ./iTunes_Control/Music/F07
    130M    ./iTunes_Control/Music/F42
    167M    ./iTunes_Control/Music/F06
    139M    ./iTunes_Control/Music/F44
    104M    ./iTunes_Control/Music/F19
    116M    ./iTunes_Control/Music/F46
    111M    ./iTunes_Control/Music/F21
    164M    ./iTunes_Control/Music/F15
    141M    ./iTunes_Control/Music/F25
    168M    ./iTunes_Control/Music/F37
    121M    ./iTunes_Control/Music/F03
    140M    ./iTunes_Control/Music/F38
    150M    ./iTunes_Control/Music/F45
    132M    ./iTunes_Control/Music/F10
    67M    ./iTunes_Control/Music/F20
    80M    ./iTunes_Control/Music/F41
    135M    ./iTunes_Control/Music/F43
    148M    ./iTunes_Control/Music/F48
    161M    ./iTunes_Control/Music/F24
    96M    ./iTunes_Control/Music/F04
    1.5G    ./iTunes_Control/Music/F09
    127M    ./iTunes_Control/Music/F02
    116M    ./iTunes_Control/Music/F22
    147M    ./iTunes_Control/Music/F49
    132M    ./iTunes_Control/Music/F18
    185M    ./iTunes_Control/Music/F26
    168M    ./iTunes_Control/Music/F35
    130M    ./iTunes_Control/Music/F17
    126M    ./iTunes_Control/Music/F33
    275M    ./iTunes_Control/Music/F30
    146M    ./iTunes_Control/Music/F34
    154M    ./iTunes_Control/Music/F08
    132M    ./iTunes_Control/Music/F36
    226M    ./iTunes_Control/Music/F12
    183M    ./iTunes_Control/Music/F00
    121M    ./iTunes_Control/Music/F28
    234M    ./iTunes_Control/Music/F31
    140M    ./iTunes_Control/Music/F14
    98M    ./iTunes_Control/Music/F16
    182M    ./iTunes_Control/Music/F32
    169M    ./iTunes_Control/Music/F01
    197M    ./iTunes_Control/Music/F13
    8.3G    ./iTunes_Control/Music
    94M    ./iTunes_Control/Artwork
    4.5M    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup/iTunes_Control/iTunes/iTunes Library.itlp
    4.5M    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup/iTunes_Control/iTunes
    4.5M    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup/iTunes_Control
    4.5M    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/Backup
    4.5M    ./iTunes_Control/iTunes/iTunes Library.itlp/DBTemp
    9.0M    ./iTunes_Control/iTunes/iTunes Library.itlp
    9.4M    ./iTunes_Control/iTunes
    20K    ./iTunes_Control/Device/Trainer/Workouts/Empeds/4H0047X7VSX/latest
    44K    ./iTunes_Control/Device/Trainer/Workouts/Empeds/4H0047X7VSX
    52K    ./iTunes_Control/Device/Trainer/Workouts/Empeds
    56K    ./iTunes_Control/Device/Trainer/Workouts
    60K    ./iTunes_Control/Device/Trainer
    96K    ./iTunes_Control/Device
    8.4G    ./iTunes_Control
    4.0K    ./Photos
    4.0K    ./Podcasts
    2.0M    ./Recordings
    8.0K    ./Downloads
    4.0K    ./Purchases
    55M    ./ApplicationArchives
    16K    ./DCIM/.MISC
    7.3M    ./DCIM/100APPLE/.MISC
    18M    ./DCIM/100APPLE
    18M    ./DCIM
    8.4G    .

    This data protection flaw exposes music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker. It’s about to imagine how many enterprises (e.g. Fortune 100) actually do rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it.

    The contents sample have been collected off a non jail broken iPhone 3GS (with latest iPhone OS installed, all apps fully up to date and immediately “PIN lock” (passcode, 4 digits) enabled, by simply connecting it powered off via USB to a Linux Lucid Lynx PC (10.04) and then switched back on – being automatically mounted with given insecurity and never been attached to the PC before.

    Other exposed contents and OS behavior has to be further investigated. The allowed write access could also lead into triggering a buffer overflow.

    We already know that iPhone 3GS encryption is broken by the way the encryption key is handled [4].

    The newly uncovered vulnerability shows that the Apple’s iPhone 3GS authentication model is somehow or other broken. The iPhone vulnerability was covered in SANS webcast “iPhone Insecurity” by Jim Herbeck [10]: Webcast audio excerpt of iPhone vulnerability.

    Apple iPhone Security Overview [1]:

    Data Protection:

    Protecting data stored on iPhone is important for any environment with a high level of sensitive corporate or customer information. In addition to encrypting data in trans-mission, iPhone 3GS provides hardware encryption for data stored on the device.

    Encryption:

    iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users.

    Update 25/05/2010:

    Apple’s product security team (case 105700225) still can’t reproduce described auto mounting and believes it could be a “race condition” or “a pairing issue” but is trying to get to the bottom of this issue and I am more than happy to assist, given a total 33.75 million of iPhones have been sold at Q4 2009 [11].

    Update 27/05/2010:

    Apple could reproduce the as described serious issue and believes to understand why this can happen but cannot provide timing or further details on the release of a fix.

    Update 29/05/2010:

    To clarify: This is a iPhone vulnerability and not an Ubuntu/Linux/libimobiledevice specific issue. Please see also “News” under [6]. In other words, Ubuntu Lucid Lynx just helped me to uncover the flaw easier.

    The reason behind the issue that some people are not able to reproduce the time-of-check-to-time-of-use (TOCTTOU) bug [12] lies in the implementation of the iPhone authentication model, not the OS you tested with. So, this has nothing to do with the OS you used, but with the iPhone itself, and nothing else. People are best of luck to reproduce the flaw in getting the long boot cycle by powering off the iPhone from the non locked state.

    Update 31/05/2010:

    heise Security did manage to access a full backup of the iPhone by connecting the device to iTunes under Windows, using the flaw I uncovered recently. They could read notes, SMS-messages and even passwords in plaintext.

    More info (in German):

    http://www.heise.de/security/meldung/iPhone-Leck-weitet-sich-aus-1012473.html

    Update 01/06/2010:

    The H Security explains their associates findings from heise Security in English:

    “While with Linux only a few selected folders on the iPhone were displayed, Windows allowed full system access. For instance, it was no problem to create a complete backup using iTunes, including items such as notes, text messages and even plain text passwords.”

    Update 03/06/2010:

    Please follow the uncertain workaround but take it as an intermediate advice:

    Shutdown your iPhone only in the locked state and keep it in locked state when not in use.

    Update 05/06/2010:

    Please do also use the “encryption” feature with iTunes for your Backup [13].

    Update 08/06/2010:

    Apple will release iOS 4 which might fix the massive security vulnerability for the iPhone 3G and iPhone 3GS. Please update asap. According to Apple the release date will be on the 21st of June 2010.

    Update 21/06/2010:

    Apple released today a newer version of the iPhone software (version 4.0 8A293). If you want to update the phone please make sure to get iTunes also updated to the latest version 9.2.0.61 before attempting the software update.

    After the first tests done, please bear in mind that I need further investigations followed to provide a more reliable conclusion. So far it turns out that the time-of-check-to-time-of-use (TOCTTOU) bug (race condition) [12] seems to be patched in iOS4. The flaw is no longer reproducible for me in the way described above.

    However, I would not call the issue as cleared off for the time being:

    Apple security release notes can be found here and Apple is not mentioning anything about the security improvements towards better authentication and/or encryption.

    If you read the installation notes during the software update very carefully you will note:

    “* Better data protection using the device passcode as an encryption key* (Requires full restore)”

    What this means is that unless you go through the Full restore process you will not gain any data protection improvement promised by Apple.

    Update 22/06/2010:

    Although Apple hasn’t pointed this out so far I would recommend following update procedure for iOS4:

    Upgrading your iPhone to the latest version is the normal procedure, however if you read the installation notes during the software update very carefully you will note as mentioned:

    Apple: * Better data protection using the device passcode as an encryption key* (Requires full restore)

    What this means is that unless you go through the “Full Restore” process you will not gain any data protection improvement promised by Apple.

    Please follow this procedure:

    1.) Make sure your PC system is connected to a reliable power source.

    2.) Get iTunes up to date, use the built in update function (Help -> Check for Updates)

    3.) Make a backup of your iPhone data: Connect your iPhone to the computer system and open iTunes. Under ‘Devices’ on the left hand side of the window, right-click on the name you assigned your iPhone and first select ‘Sync’. Once this has been completed follow the same procedure, only this time select ‘Back Up’. Again, once this is finished right click on your iPhone and finally select ‘Transfer Purchases’. Once this has been done your iPhone would be fully backed up onto iTunes locally.

    4.) iPhone iOS4 installation Phase 1:

    Once you have fully backed up your iPhone go onto ‘Summary’ and select ‘Check for Updates’. The option to update to the latest version (4.0) will appear, select the update option and leave the iPhone to run its system update. The iPhone will require restarting.

    5.) iPhone iOS4 installation Phase 2:

    Note: If a Backup is available you should not lose any data at all.

    Once the iPhone has completed its updates, select ‘Restore’ in the ‘Summary’ section of iTunes. If you have already backed up your iPhone with all the latest changes you’ve made to it (New songs, pictures etc) you won’t need to update the iPhone again, just allow it to run its System Restore, this will reset the iPhone back to its factory settings. Once the process is completed the device will restart and the Apple logo will appear on the screen. After the restore, the iPhone displays the “Connect to iTunes” screen. Keep your device connected until the “Connect to iTunes” screen goes away or you see “iPhone is activated.” If iTunes does not have an Internet connection, you cannot complete this step.

    Finally, to restore your device from the previous backup you should be able to see a set of options in iTunes, stating that “An iPhone has been previously synced with this computer” with a list of synced devices, select the backup from which you want to restore your settings and select the continue button to complete the devices restoration.

    Update 24/06/2010:

    Apple iOS 4 update is disabling your security settings: After the update Apple iOS4 leaves you with no passcode protection and “Erase Data” feature disabled even when you have set this up before the update.

    After the iOS4 update make sure under Settings – General – Passcode Lock On:

    – Require Passcode is set to “Immediately”

    – Simple Passcode is set to “OFF” , I recommend at least 6 characters (numbers and or letters with at least one special character included). This is very important as the passcode will be used to generate your encryption key during the full restore procedure .

    – Erase Data is set to “ON”

    If you had to change from Simple Passcode “ON” to a more complex passcode follow again the “iPhone iOS4 installation Phase 2” described above. This will generate a new stronger encryption key.

    To make it easier, I summarized the iOS4 iPhone update.

    Thank you.

    References:

    [1] iPhone Security Overview:

    http://images.apple.com/iphone/business/docs/iPhone_Security_Overview.pdf or http://tinyurl.com/n6md76

    [2] Jailbreaking:

    http://www.en.wikipedia.org/wiki/Jailbreaking or http://tinyurl.com/36fxcxc

    [3] University of Central Florida: http://tiny.cc/uo86u

    [4] Wired: Encryption key threat:

    http://www.wired.com/gadgetlab/2009/07/iphone-encryption/

    or http://tinyurl.com/36mlxsx

    [5] The Register about verboten iPhone Apps:

    http://www.theregister.co.uk/2010/03/04/wifi_stumbling_iphone/ or http://tinyurl.com/ye67z3c

    iPhone support in Ubuntu 10.04:

    [6] http://www.libimobiledevice.org/ or http://tinyurl.com/yc56msh

    [7] http://www.osnews.com/story/22942/Ubuntu_10_04_To_Support_iPhone_iPod_Touch_ or http://tinyurl.com/ylcfwhr

    [8] http://www.webupd8.org/2010/02/confirmed-ubuntu-1004-supports-iphone.html or http://tinyurl.com/ybybd8g

    [9] Full disclosure:

    http://seclists.org/fulldisclosure/2010/May/215 or http://tinyurl.com/3ywwee8

    [10] SANS “iPhone Insecurity” Webcast:

    https://www.sans.org/webcasts/iphone-insecurity-93463 or http://tinyurl.com/2vxzyyr

    Audio excerpt of the webcast covering the new vulnerability:
    iPhone/Linux vulnerability

    Jim Herbeck’s Research for the webcast:

    http://nouvelstrategies.com/E/Research/Entries/2010/5/18_iPhone_Insecurity.html
    or http://tinyurl.com/355cfvy

    PDF slides of the webcast:

    http://nouvelstrategies.com/E/Research/Entries/2010/5/18_iPhone_Insecurity_files/iPhone-Insecurity.Handout.pdf or http://tinyurl.com/32n7sqf

    [11] Wikipedia: iPhone:

    http://en.wikipedia.org/wiki/IPhone or http://tinyurl.com/yxmg67

    [12] Time-of-check-to-time-of-use, race condition:

    http://en.wikipedia.org/wiki/Time-of-check-to-time-of-use or http://tinyurl.com/d7ect2

    [13] iTunes Backup:

    http://support.apple.com/kb/HT1766 or http://tinyurl.com/6ybv4r