Warnings about potential security risks have spurred one mid-sized law firm to abandon its iPhones, to the disappointment of one of its lawyers who complained.
Consultant Sharon Nelson wrote about the unnamed law firm in her blog Ride the Lightning. The disappointed lawyer sent word of the firm’s switch to BlackBerrys, and wanted to know about ways to counter security problems because “he loves his iPhone,” Nelson says.
Rather than offering assurances, Nelson linked to her article about potential problems published by the ABA’s Law Practice Magazine and to news of another issue: the iPhone takes screenshots of your data.
“The words iPhone and security do not belong in the same sentence, although you would never know it from the Apple marketing blitz,” Nelson writes in the article with co-author John Simek. Both are consultants with legal technology firm Sensei Enterprises.
Apple says its iPhone 3GS has hardware encryption, but it is still possible to gain access, they write, citing the work of data forensics expert Jonathan Zdziarski. He found a way to “jailbreak” the phone by “sucking a disk image from an encrypted drive to a destination drive,” the Law Practice Magazine article says. He has also figured out a way to replace a user’s unlock code to gain access to the phone's contents.
Apple cites a remote access feature that lets users wipe data from a lost cell phone, but the phone has to be connected to the cellular network for the feature to work.
Zdziarski explained the screenshot problem in a recent webcast, according to the Wired blog Gadget Lab. The iPhone stores users’ actions as a screenshot, he says, whether it’s a text message, an e-mail or a recently browsed web page—to create a shrinking and disappearing effect when the user taps the home button.
Zdziarski says the screenshots are a “significant privacy leak” but they are useful for gathering evidence against criminals.