Passcode Security Flaw Update: it’s a bug in the iPhone OS, not a hack of Ubuntu/Linux

News spread yesterday after Bernd Marienfeldt discovered a security issue with passcode enabled iPhone devices still being accessible using a stock Ubuntu 10.04 system and now reaching major sites on the Internet.

Since those reports appear to point out that  Ubuntu/Linux is “teh evil”, I’ll try to explain why this is totally false information and FUD.

The basic workflow he pointed out was:

  • Set a passcode on a device
  • Switch off the device
  • Attach it to an Ubuntu system it was never attached before
  • The device starts booting
  • Ubuntu automounts the device media partition and allows access

The expected behavior is that the device would refuse to pair with the unknown system due to having a passcode set.

Now the problem here is that you can replicate this flaw with any operating system.

Continue reading “Passcode Security Flaw Update: it’s a bug in the iPhone OS, not a hack of Ubuntu/Linux”