Why you should encrypt your iPhone backup!

I was reading an article about how the iPhone backup that your iTunes makes when you sync your phone can be cracked (for better or worse).  It wasn’t even really a setting that I paid attention to, until this article came up.  When I went to check, there it was, unchecked: “Encrypt iPhone backup”.  Figuring if it was something that I didn’t pay attention to, then there might be other out there.  Let me show you how easy it can be to get information from that iTunes:

If you browse to:

C:\Documents and Settings\USERNAME\Application Data\Apple Computer\MobileSync\Backup

You should see a bunch of files located in that directory:

The first files I decided to play with where the .plist files, since there are only three of there.  The .plist files are written using XML and be opened with Notepad or any browser.  Two of them are really not of interest, but there was one that contained some interesting information.  the Info.plist file which had:

  • ICC-ID or serial number of installed SIM card
  • IMEI or the serial number of the baseband processor
  • Phone number
  • Serial number of the iPhone
  • Product version and product type

Though this information is interesting, there isn’t much that can be done with it, but it does identify your phone.

Also in that directory were a bunch of files that had pairs of files with the same name and different extensions.  While search around I came across the following article: Apple Examiner that lifted the mystery to me.  The files are SQLite databases, that are SHA1 names of the iPhone’s full path.
If you use a program like SQLite Database Browser and some idea what you are doing, I own Hampton Roads site for pointing me in the right direction.

Contact List: 31bb7ba8914766d4ba40d6dfb6113c8b614be442.mddata

SMS Log: 3d0d7e5fb2ce288813306e4d4636395e047a3d28.mddata

Call Log: ff1324e6b949111b2fb449ecddb50c89c3699a78.mddata

Notes database: 740b7eaf93d6ea5d305e88bb349c8e9643f48c3b.mddata

All this information is just sitting on your computer waiting for someone to come along and see the juicy information inside.  I just wanted to show you how easy it could be to crack the information that you thought that in your iPhone, but laid on the computer as well.
I personally never thought of this information being stored in an easy to way view.  While this could be helpful if you don’t sync your phone with MolbileMe or an Exchange server and lost your phone, a non encrypted backup will let you recover the information with some work.  Though it’s not recommended, I suggest you backup your phone with encryption to make sure that everything is safe, incase someone tries to get your information.
Now go make sure it’s checked!:

No tags for this post.

Related Posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.