And how does jailbreaking make the problem worse when any jailbreaker can tell you with SBSettings you can close ALL the open holes.

I understand the if someone gets their hands on your device part. That's the only part of this that makes ANY sense to me in this whole article, but I paid good money for my phone, and I never have my phone out of my sight. I mean people were getting mugged for iPods. You know some thief is going to want to steal your iPhone if you leave it somewhere.

IDK I'm gonna have to think about this for a while, but this seems pretty backa$$ward.

http://www.youtube.com/watch?v=5wS3AMbXRLs

The problem is, the encryption key is built into the lowest level of the OS, so any time the baseband running and reading the flash it has the decryption key, and is decrypting data on the fly.

To fix this they need to have some portions of the flash decrypted by default (so that they can load their OS) and other portions encrypted by default to store your user data.

I'm betting there was a forehead slapping moment in Cupertino when they realized the encryption chip was an all or nothing solution, which would not allow you to partition the flash.

The bought the chipset it was already on the boards and when they got the OS developers involved they realized they couldn't even read their own flash to boot the phone without the key. Too late. Factory running full bore, management making big claims. Lets hope no one notices.

This would be a good solution for a removable storage, but not soldered in flash.

Talk about embarrassing.

The thing is, the OS engineers had to know this was the case. They either lied to management, or management chose to "lie" to the public. I say lie in quotes, because it is in fact encrypted, but if you can power the phone at all, you get it decrypted for you.

Phones travel a lot, and, unlike workstations or even laptops, they are often kept loose inside other containers such as purses, backpacks, or briefcases. I would wager most users have at least 10 minutes each day where they cannot vouch for the exact location of their phone. At the very least, it would be naive to rely on 100% of employees not losing track of their phones for 10 minutes, forever.

A two minute attack vector gives a black hat plenty of time to snatch the phone, install a ssh daemon, and return it unnoticed. Yes, it sounds like spy movie paranoia, but, if I were the IT director of a company with extremely sensitive data, I would have to weigh it as an additional risk factor.

Two thoughts here: First, there is no discussion on Wired (or Engadget) about the amount of ease involved when using a BlackBerry instead of an iPhone. It would be useful to have the comparison; otherwise, the story leads you to believe that the BlackBerry is 100% secure and encrypted. And that revelation makes you wonder if another source (RIM, perhaps?) didn't encourage this news article to be released (was the uber-hacker paid by anyone to research the vulnerabilities of the iPhone)?

Second, the premise of the article is that if your iPhone is stolen it isn't secure, and you can easily work around that security. How many thieves steal an iPhone for corporate secrets? The uber-hacker mentions that any thief worth their salt would immediately remove the SIM so that the phone could not be remote-wiped or followed with find-my-iPhon. We've already read on several blogs about how iPhone thieves were identified through the find-my-iPhone feature. So we're talking about a very small subset of thieves who are smart enough to be corporate spies, intentionally tracking CEOs, board members, and R&D engineers to steal their iPhones. Where I am going with this? Ultimately, if the end goal is to steal a device, and it is achieved, regardless of being an iPhone or BlackBerry...that corporate thief has unlimited time to crack that device and steal the secrets contained within, and I'd guess there are ways to break encryption on any device.

So: advice to Apple--beef up the encryption and security measures for the enterprise users that need it. Advice to all--keep track of your iPhone, BlackBerry, or notebook computer. If the device is in your hands, and not in the hands of a corporate thief, it is secure.

When you lose your device, remote wipe it. Or, even better, just try not to lose it.