On Wed, May 19, 2010 at 12:22 AM, comex com...@gmail.com wrote:
On Mon, May 17, 2010 at 6:28 AM, Bernd Marienfeldt be...@linx.net wrote:
I'm not sure how it's done on Linux, but in general the iPhone pairs
with computers and refuses to talk to to an unpaired computer if there
is a passcode
Bernd,
IIRC, the iPhone gets mounted, however, you'll only have access to
pictures videos (3gs). I wouldn't consider that a security flaw -
this behaviour is standard for almost any device being mounted via
USB.
Question:
iPhone OS 3.1.3? Jailbreaked / original firmware?
I'll check it tonight
Gregor Schneider writes:
Bernd,
IIRC, the iPhone gets mounted, however, you'll only have access to
pictures videos (3gs). I wouldn't consider that a security flaw -
this behaviour is standard for almost any device being mounted via
USB.
Question:
iPhone OS 3.1.3? Jailbreaked /
On Tue, 18 May 2010 10:24:42 +0200, Gregor Schneider said:
IIRC, the iPhone gets mounted, however, you'll only have access to
pictures videos (3gs). I wouldn't consider that a security flaw -
this behaviour is standard for almost any device being mounted via USB.
The fact that most devices do
On 18/05/10 09:24, Gregor Schneider wrote:
Question:
iPhone OS 3.1.3? Jailbreaked / original firmware?
I'll check it tonight with a 3G, iPhone OS 3.1.1, Jailbreak and come
back to you.
Hi Gregor,
I updated my blog, hope this helps:
On Tue, May 18, 2010 at 11:39 AM, valdis.kletni...@vt.edu wrote:
The fact that most devices do it doesn't mean it's not a security flaw.
-1
AFAIK the USB-protocol does not contain any authorization /
authentication-mechanism:
http://www.beyondlogic.org/usbnutshell/usb3.htm
Please correct
That is because it is a hardware protocol. But that doesn't mean
applications can't have their own protocol, or use a standard one such as
TLS.
As a comparison, it is like https/ssl vs tcp/ip protocol.
Cheers.
On Tue, May 18, 2010 at 2:02 PM, Gregor Schneider rc4...@googlemail.comwrote:
On
On Tue, 18 May 2010 14:02:53 +0200, Gregor Schneider said:
AFAIK the USB-protocol does not contain any authorization /
authentication-mechanism:
-1 (as you put it).
1) Google broken as designed sometime.
2) Google for secure USB flash drive. Oddly enough, the lack of said
mechanism doesn't
On Tue, 18 May 2010 14:38:47 +0200, Christian Sciberras said:
That is because it is a hardware protocol. But that doesn't mean
applications can't have their own protocol, or use a standard one such as
TLS.
Or get even simpler - design the device with the rule: Don't even bother
talking on the
AFAIK the USB-protocol does not contain any authorization /
authentication-mechanism:
USB just defines the signaling protocol and interface.
After that, you can make the target device to whatever you want with the
corresponding driver on the host side. Take a look at any Sansa MP3
player ..
On Mon, May 17, 2010 at 6:28 AM, Bernd Marienfeldt be...@linx.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been
surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior:
Fully switch off the iPhone 3GS and
The iPhone uses proprietary protocols over USB for file operations, syncing
and the like -- only real authentication that I can recall (and I got it
working to begin with ;)) was that the session with lockdownd (kind of a
broker for starting services, etc.) eventually goes SSL... there is also
: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of comex
Sent: Tuesday, May 18, 2010 3:23 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] iPhone data protection flaw
On Mon, May 17, 2010 at 6:28 AM, Bernd Marienfeldt
Truly? Wait, are you going through AFC or some other way? It was my
understanding that iPhone internal storage never comes up any other way...
Doesn't lockdownd require that your computer be paired before even going SSL
to start services?
On May 18, 2010 4:23 PM, Thor (Hammer of God)
. [mailto:fxc...@gmail.com]
Sent: Tuesday, May 18, 2010 4:27 PM
To: Thor (Hammer of God)
Cc: comex; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] iPhone data protection flaw
Truly? Wait, are you going through AFC or some other way? It was my
understanding that iPhone internal storage
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been
surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior:
Fully switch off the iPhone 3GS and then connect it to the Lucid Lynx PC
via USB, the phone turns on and will be
16 matches
Mail list logo
