However, the encryption is not designed to protect the data from hackers and forensics professionals. The iPhone 3GS essentially decrypts data whenever programs make a request for data.

I just read something about iPhone’s encryption from Wired website and I remembered your post about this topic. Check it out if you have not read it yet. http://www.wired.com/gadgetlab/2009/07/iphone-encryption/

This may not be as big an issue depending on how it works. If Apple knew how to properly implement security, my first book on iPhone Forensics wouldn’t have been able to be written. Unfortunately for consumers, Apple IMO has a history of reckless regard for “secure” coding practices.

If the 3GS is TPMish then an app on the phone querying data will get unencrypted output at the end of it’s read functions, or be able to query the crypto facility itself to decrypt. Since the forensics process of today institutes a recovery agent in memory, it may be able to masquerade as a legitimate process to use the phone against itself for decryption.

If a PIN is used, it may only be used to enable access to the device, and not to decrypt. In this case, you can bypass it all together. If the PIN is needed to decrypt, it’s likely you could disable the kill switch after each try so you could brute force it.

Encrypted backups can already be defeated by simply moving the keychain so depending on whether the entire FS is encrypted or individual files, this could also be an easy solution. The keychain doesn’t exist in the user home directory either making the chance of being able to move it likely.

Finally, as is the case with the keychain right now, the keys might be easy to deduce or extract. Lots of guys do reverse engineering so it’s likely the method for this will be published at some point. Hell if the baseband computer can be cracked, so can a simple crypto mechanism.

Unlike a computer, the phone needs access to user data just to boot… So the ability to get to this data may not be as big of a deal. There are a number of potential ways around it. The question is: can one out of the hundreds of iPhone hackers out there be smarter than Apple? So far, the odds aren’t in Apple’s favor.

One important thing to note is that iPhoneOS 3.0 on an iPhone or iPhone 3G uses _no_ disk encryption, and one can easily perform a forensic recovery of the user data by following the same methods outlined in the book. Encrypted backups, iPhone passcodes, and all of the huge privacy leaks in v3.0 are still there. The question is whether Apple will be able to gloss over them all with effective encryption.

As far as the 3GS, only time will tell if the ‘S’ stands for ‘Security’.