iPhone 'Screenshot' Exploit Exposed
September 12, 2008
Tap your Mail icon. Open an email. Now go ahead and press the home button and note the transition of your email shrinking into your SpringBoard. Now tap your Mail icon again, and watch as the same email expands across your screen. Seems harmless enough, right?
Well not according to Jonathan Zdziarski, a popular iPhone hacker (aka NerveGas) and full-time research scientist, who held a webcast earlier today titled - iPhone Forensics 101: Bypassing the iPhone Passcode.
In the webcast, which we'll post video of when it becomes available, Zdziarski described how the process we detailed above actually works on the iPhone. Simply put, screenshots. Lots and lots of screenshots.
Zdziarski detailed how your most recent actions -- checking emails, sending text messages, surfing the net -- are all snapped into photos on your iPhone. Once cached, the screenies are used for the expanding / shrinking images you see when launching / closing programs.
And that trail of pictures is what Zdziarski warned iPhone users about. "I'm kind of divided on it," he said, "I hope Apple fixes it because it's a significant privacy leak, but at the same time it's been useful for investigating criminals."
Though it did take him quite some time to circumvent the iPhone's passcode (about an hour) in the webcast, it shows the fast and dirty truth about the handset -- it hosts a wealth of information that, should it fall into the wrong hands, could be accessible and used for malicious ends.
So why does the iPhone take the screenshots in the first place?
Well, an article on Wired suggests it's done "purely for aesthetic purposes," showing off the shrinking transitions.
We think it has more to do with the user-experience involved with launching an iPhone program though. With its described caching system, users are immediately greeted by a screenshot of their most recently accessed content when opening an app. But note, it's just a screenshot for a brief moment before the actual content is there to interact with again. The screenshot basically serves as a glorified "loading" page to distract you while the iPhone boots up and loads the ACTUAL application.
Zdziarski's new book, iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets, drops tomorrow. His other work includes iPhone SDK Application Development, iPhone Open Application, and Ending Spam.