Jonathan Zdziarski, a member of the iPhone Dev-Team, says that Apple’s encryption on the iPhone 3GS for business users is not as good as it should be and could put company data at risk. He said that the encryption is so weak, that it could be cracked in two minutes using nothing more than some easily available freeware.
He said after making this discovery: “I don’t think any of us developers have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”
The iPhone 3GS is the first device to officially feature encryption, but Zdziarski says sensitive information like credit card numbers and social security digits on a 3GS are just as easy to access as they were on the 3G and first generation iPhone.
He used Redsn0w and PurpleRa1n to install a custom kernel on the device, then he installed used an SSH client to port the raw disk image onto his computer.