Wired has a report about the iPhone 3GS encryption feature. Jonathan Zdziarski is quoted as saying the encryption is basically worthless; while that quote alone wouldn’t normally attract my attention, the article has a lot of details that should make a lot of businesses think twice about relying on the “wipe my phone” feature.
As others have noted, the encryption is handled transparently, with the encryption key stored on the device itself so you don’t have to enter the entire key when booting or unlocking the phone. Simply putting an iPhone into recovery mode will allow you to obtain an unencrypted disk image containing all information that is stored on it. Zdiarski has even provided a video that details the process:
So stealing a phone, using a cell phone jammer or other techniques to prevent it from contacting Apple to get the “wipe disk” signal and grabbing a disk image containing all unencrypted data is less than an hour’s work; after that you can simply boot it again using the “normal” kernel, and the phone will wipe itself removing all evidence that you made the copy.
Since this is build into the way the encryption process on the iPhone works, it’s actually harder to read the encrypted data (you’d have to open the phone and remove the flash memory) than to get the decrypted version! I wonder what Apple’s response to this will be.