SleepyEgg

Though Apple has added additional data security features to the iPhone with every iteration of the OS—including encrypting files on-device for the iPhone 3GS—vulnerabilities still exist. These issues are of particular concern to enterprise users, since sensitive corporate data may exist on any given employee's mobile device. A new vulnerability revealed by security researcher Bernd Marienfeldt, however, shows that all someone needs to get at that data is the latest version of Ubuntu.

Noted iPhone data forensics expert Jonathan Zdziarski demonstrated last year that common hacking tools could remove the data protection features that Apple added with iPhone OS 3.x and the iPhone 3GS. He told Ars that there are ways to get around both the on-device encryption as well as the encrypted backups that can be saved via iTunes. "The only benefit hardware encryption [as implemented] is that it makes wipes faster, by just dropping the [encryption] key," he said. But even the remote wipe feature can be thwarted by removing a device's SIM card.