iPhone security

[ajbrehm]

Hi,

I was wondering about losing my iPhone. And at some point I realised that I don't really mind so much buying a new one if I lose mine. More difficult is the fact that my iPhone contains my emails and address book, personal data comparable to what's on my computer rather than a traditional mobile phone.

I assume the iPhone is not encrypted (for some reason).

It is protected by a four digit code. But that's not much.

What's a good way of handling this problem?

If Apple finally got around to giving me the 99$/year key that makes the "free" SDK usable, I would write an application that erases the entire iPhone if not started with the right password at least once every 24 hours.

I know iPhone OS 2.0 includes a remote-erase feature, but that won't protect anybody unless the person finding the iPhone connects to a mobile phone network. Did Apple already include an application like I envision above in 2.0? Why not?

Any ideas?

 

[animenick65]

Hi,

I was wondering about losing my iPhone. And at some point I realised that I don't really mind so much buying a new one if I lose mine. More difficult is the fact that my iPhone contains my emails and address book, personal data comparable to what's on my computer rather than a traditional mobile phone.

I assume the iPhone is not encrypted (for some reason).

It is protected by a four digit code. But that's not much.

What's a good way of handling this problem?

If Apple finally got around to giving me the 99$/year key that makes the "free" SDK usable, I would write an application that erases the entire iPhone if not started with the right password at least once every 24 hours.

I know iPhone OS 2.0 includes a remote-erase feature, but that won't protect anybody unless the person finding the iPhone connects to a mobile phone network. Did Apple already include an application like I envision above in 2.0? Why not?

Any ideas?

Correct me if I'm wrong, but I don't think the SDK gives that kind of access to the phone.

 

[Tallest Skil]

If Apple finally got around to giving me the 99$/year key that makes the "free" SDK usable, I would write an application that erases the entire iPhone if not started with the right password at least once every 24 hours.

... Why? I'd sure love to come home to my iPhone that I hadn't needed to use since Monday night to find that all of my contacts and settings were gone and that it had relocked itself to only work on AT&T. That's not a very good plan.

 

[TonyHoyle]

Correct me if I'm wrong, but I don't think the SDK gives that kind of access to the phone.

Sure hope it doesn't!

From what I know of the SDK you only have write access to a limited number of directories.. so you could wipe yourself and maybe a few temp files but not much else.

 

[ajbrehm]

... Why? I'd sure love to come home to my iPhone that I hadn't needed to use since Monday night to find that all of my contacts and settings were gone and that it had relocked itself to only work on AT&T. That's not a very good plan.

One sync with iTunes would solve the problem of the erased personal data.

If you plan to set the timer to 24 hours even though you plan to be away for longer (or know that you might be), you probably didn't get what I was going for here.

Are you not worried that a lost iPhone would give the finder access to your emails and address book and more?

 

[ajbrehm]

Sure hope it doesn't!

That sucks.

So I hope I never lose the iPhone. Or I must start using it like a normal phone and not keep my full address book and all emails on it.

Pity. It was very convenient.

Why didn't Apple just encrypt everything???

 

[cjandnw]

I think the OP posts a good question. If I lost my iPhone, someone would not only have my contacts, but emails containing bank records, private conversations etc. A blackmailer's wet dream.

I am not fully aware of the functionality of remote wipe. I do know that some cell phones lock after several incorrect attempts to use the passcode to unlock. A new sim is then needed to use the phone.

Any ideas programmers?

 

[philgilder]

programmers won't be able to do anything - this is up to apple

anyway, can you not use, and change often, a 4 digit code?

 

[gandalf18]

That sucks.

So I hope I never lose the iPhone. Or I must start using it like a normal phone and not keep my full address book and all emails on it.

Pity. It was very convenient.

Why didn't Apple just encrypt everything???

Or you could just do a remote wipe if you lose it. A lot more convenient

 

[kevo0822]

Or you could just do a remote wipe if you lose it. A lot more convenient

Question is, how would I do that? I don't have an Exchange server or anything... I'm just a regular iPhone user. Can you still get to the remote wipe feature?

 

[michaelmaxwell2]

Like okay great we have the remote eraser, but what i want is a remote brick that all it shows is my telephone number for them to call me to give me back the phone. A remote eraser is great when people have confidential information but what about getting my phone back. All I really want is to be able to enable my gps from my computer and see that damn blue dot tracking my phone. My old iphone gotten stolen and this would be a great way to get it back just give the police the phone location.

 

[TonyHoyle]

If someone steals your phone they won't call you and give it back They'll either sell it on or dump it somewhere. GPS won't help because it's hard to use GPS when a phone is switched off...

In the UK we have a phone blacklist that'll kill any stolen phone dead within 24 hours. Presumably something similar exists in the US, given the technology clearly exists to do this.

 

[michaelmaxwell2]

If someone steals your phone they won't call you and give it back They'll either sell it on or dump it somewhere. GPS won't help because it's hard to use GPS when a phone is switched off...

In the UK we have a phone blacklist that'll kill any stolen phone dead within 24 hours. Presumably something similar exists in the US, given the technology clearly exists to do this.

Most of the time people are too slow to understand that it does have gps tracking. And when my phone was stolen it was on for a good period of time so I could of tracked it. And if the phone was lost and the person was nice enough the number would of came in handy. In the us they will reactive the phone only sprint and verizon would blacklist the phone.

 

[jsgreen]

1Password

Part of keeping stuff private is to protect it with a secure program - don't use the "contacts" program to store confidential information.

On the Treo I used SplashID for private stuff (bank numbers etc.).

You might want to check out 1Password for use on the on the iPhone (actually they already have a web-based release out, but with the SDK that will probably be much improved).

Doesn't solve all potential issues, but goes a long way to protect the most private stuff.

 

[ajbrehm]

Or you could just do a remote wipe if you lose it. A lot more convenient

That's great, assuming that the lucky finder connects to a mobile phone network.

I am also not sure HOW to remote wipe my phone. Perhaps it is obvious to do how to do it, but it sure isn't for me.

Plus there is the point brought up by another poster. While personal information should be deleted, enough information should remain so that the finder can return the phone.

I wonder why Apple did not simply encrypt the phone data and just display the owner's name on the display before the 4 digits are keyed in.

 

[cjandnw]

Remote wipe?

When people say remote wipe is only good if the stolen phone "is connected to a network"

Does this mean that as soon as it is powered on, as the iPhone does, connects to AT&T edge or 3g, the "remote wipe" signal is sent instantly. This would prevent anyone from seeing anything on the phone.

someone who knows, please post the following:

Who is remote wipe available to?
What does it cost
How is it activated
How soon after the phone is stolen can it be initiated
how soon after the phone is 1st powered on after being stolen does it happen

 

[alFR]

I wonder why Apple did not simply encrypt the phone data and just display the owner's name on the display before the 4 digits are keyed in.

What difference would the encryption make? Presumably when you enter the code correctly the encryption would be bypassed and the data would be accessible or it'd be difficult to use the phone? In that case, your only real protection is the code (just like it is now) because if someone gets the code they get the data. OK, you could make it so you have to enter more codes before you can get at the address book, mail etc. but that wouldn't be desperately usable.

 

[ajbrehm]

What difference would the encryption make?

People wouldn't be able to read the data from the phone without knowing the code.

Presumably when you enter the code correctly the encryption would be bypassed and the data would be accessible or it'd be difficult to use the phone?

That's how encryption works, yes.

In that case, your only real protection is the code (just like it is now) because if someone gets the code they get the data. OK, you could make it so you have to enter more codes before you can get at the address book, mail etc. but that wouldn't be desperately usable.

Encryption protected by four digits is better than none. How does the iPhone store data? Do we know that (for some reason) nobody can read data from that medium in any way except using the original iPhone it was built into?

Here's a possible solution:

1. Encrypt the data with a 10-letter password.

2. Whenever the phone is switched on (from power-off), ask for the 10-letter password.

3. Store the password in memory while the phone is on (or sleeping) and use it to decrypt the data on the fly when the phone is in use.

4. If the phone is switched off (to power-off), lose the password from memory (naturally). If the phone hasn't been used for a (configurable) number of hours, lose the password from memory.

That way a lost phone would be pretty safe. The four-digit code would protect against casual access (and would protect the 10-letter password in memory). And the data encryption would protect against people trying to read the data another way.

A normal iPhone user would nearly never be asked for the 10-letter password. But he could easily change the security settings from, say, 20 hours of no use to 2 hours of no use, if he anticipates going somewhere where he might lose the phone or get it stolen.

14 hours seems like a good setting. I would "use" the phone when it wakes me up in the morning and certainly every few hours during the day.

I don't see how that is difficult to implement.

I think I could do it.

And if you think that would make the phone unusable, set the security setting to zero hours and there would be no encryption. I really don't see why Apple haven't implemented a system like that. Seems obvious to me.

 

[alFR]

Encryption protected by four digits is better than none. How does the iPhone store data? Do we know that (for some reason) nobody can read data from that medium in any way except using the original iPhone it was built into?

But your information is already protected by a 4-digit code (if you have that on). If you're actually worried about someone physically taking your iPhone apart, ripping out the flash chips and putting them into some sort of reader to access your data, I hope you've got your underground lair swept for bugs and all your phone lines monitored for wiretaps. Oh, and watch out for the CIA assassins.

1. Encrypt the data with a 10-letter password.

2. Whenever the phone is switched on (from power-off), ask for the 10-letter password.

3. Store the password in memory while the phone is on (or sleeping) and use it to decrypt the data on the fly when the phone is in use.

4. If the phone is switched off (to power-off), lose the password from memory (naturally). If the phone hasn't been used for a (configurable) number of hours, lose the password from memory.

If you replace "10-letter password" with "4-digit code" you've basically described the way the lock code works now (minus the encryption, of course). I still don't see the point of the encryption, as the only scenario it protects against is unauthorised access to the data in the phone when it's turned off, which would require physical disassembly of the phone to get at the RAM. Currently, in any other scenario you need to unlock the phone with the 4-digit pin first (assuming you've got that turned on).

 

[zed2]

When people say remote wipe is only good if the stolen phone "is connected to a network"

Does this mean that as soon as it is powered on, as the iPhone does, connects to AT&T edge or 3g, the "remote wipe" signal is sent instantly. This would prevent anyone from seeing anything on the phone.

someone who knows, please post the following:

Who is remote wipe available to?
What does it cost
How is it activated
How soon after the phone is stolen can it be initiated
how soon after the phone is 1st powered on after being stolen does it happen

With version 2.0 the iphone is always connected to the network, even when the phone is off (sleeping).... The only way they could stop it would be to put it in a shielded box or room which would block all the radio signals to it.

And as for having to have exchange... well I suspect that mobileMe will have this option too and allow for remote wipe. It's also strongly suspected that an upgrade to OSX server will also support remote wipe and push syncing.

---Zed

 

[ajbrehm]

But your information is already protected by a 4-digit code (if you have that on). If you're actually worried about someone physically taking your iPhone apart, ripping out the flash chips and putting them into some sort of reader to access your data, I hope you've got your underground lair swept for bugs and all your phone lines monitored for wiretaps. Oh, and watch out for the CIA assassins.

Actually, I am about as paranoid as those customers who wanted the remote-swipe feature.

If you replace "10-letter password" with "4-digit code" you've basically described the way the lock code works now (minus the encryption, of course). I still don't see the point of the encryption, as the only scenario it protects against is unauthorised access to the data in the phone when it's turned off, which would require physical disassembly of the phone to get at the RAM. Currently, in any other scenario you need to unlock the phone with the 4-digit pin first (assuming you've got that turned on).

Well, you don't see the point of encryption; and I do.

The obvious solution would be optional encryption, as I proposed.

 

[ajbrehm]

With version 2.0 the iphone is always connected to the network, even when the phone is off (sleeping).... The only way they could stop it would be to put it in a shielded box or room which would block all the radio signals to it.

Or, alternatively, lose the phone in the countryside or in a subway station.

And as for having to have exchange... well I suspect that mobileMe will have this option too and allow for remote wipe.

What about users who don't have MobileMe?

It's also strongly suspected that an upgrade to OSX server will also support remote wipe and push syncing.

Yeah, I don't really see mobile phone customers buying a Macintosh server in case they lose their phone.

 

[zed2]

Or, alternatively, lose the phone in the countryside or in a subway station.

so it gets wiped when it comes back into reception.. keep the password lock on

What about users who don't have MobileMe?

If they are really worried about it then they need to spend the money to pick a solution.

Yeah, I don't really see mobile phone customers buying a Macintosh server in case they lose their phone.

True and that's why you can use MobileMe. I was more referring to small companies who don't want exchange but still have the functionality.

--Zed

 

[Badgerguy]

If the phone owner has set a PIN code on the phone, does that also protect data access when it's connected to a PC/Mac? If so, how secure is that protection?

You want the PIN number to be locking the device up as tightly as possible to anyone that doesn't know the PIN., regardless of how the data is being accessed.

Encryption can then be considered a second layer of defence - if the iPhone OS PIN protection is solid, then a theif would have to hack their way into the storage itself to get data out, which is where encryption comes in.

--
BG

 

[zed2]

If the phone owner has set a PIN code on the phone, does that also protect data access when it's connected to a PC/Mac? If so, how secure is that protection?

You want the PIN number to be locking the device up as tightly as possible to anyone that doesn't know the PIN., regardless of how the data is being accessed.

Encryption can then be considered a second layer of defence - if the iPhone OS PIN protection is solid, then a theif would have to hack their way into the storage itself to get data out, which is where encryption comes in.

--
BG

well you can't sync until you enter the pin code. And currently as the iphone doesn't mount on the desktop, I think it's quite secure.

Basically you can't do anything but wipe the phone it you don't have the pin code.

---Zed