Lost my iphone 3g, very worried about security issues.

Status
Not open for further replies.

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
Hey guys, I lost my iphone yesterday and I am worried over security issues.

The culprit must have removed the sim and/or switched the phone off because it cannot be located. I have given a remote wipe command which is still pending, but with no sim card I am confused as if this can work over wifi. :confused: A shame really because it was one of the prime reasons I went with mobileme. If it is so easy to bypass that doesn't speak that well about the implementation...

I have been using my cc details on mobile safari, but to the best of my knowledge there are is no other sensitive data on mobile safari. Of course I have read that apple's encryption is quite easy to break, and jailbreaking the iphone will allow access to sensitive information.

As you can understand I am less than happy with all of this. Any help much appreciated, or commiseration from others having lost their iphones...:(
 

optophobia

macrumors 6502a
Oct 26, 2007
879
24
Hudson MA
Was the keypad lock activated ?
HAve you changed all your online passwords for email, banking etc ?
Have you informed your bank ?
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
Was the keypad lock activated ?
HAve you changed all your online passwords for email, banking etc ?
Have you informed your bank ?
Hey thanks for the reply!

What is the keypad lock? I think I have a hint of what it is, so no it wasn't activated.

I 've changed the banking and email ones, but there are tons of sites with passwords as I might imagine to have to change all of them.

Yes I did inform my bank.

So disappointing that remote wipe hasn't worked...
 

gdlcjr

macrumors regular
Dec 3, 2009
143
0
This is what I was saying before. MobileME is just a cashcow. It is useless for remote wipe or locating your Iphone especially if somebody stole it and remove your sim.
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
This is what I was saying before. MobileME is just a cashcow. It is useless for remote wipe or locating your Iphone especially if somebody stole it and remove your sim.
Something being a cash cow is not necessarily bad, and it's of the utmost necessity such a cloud service nowadays, of course that said, I am learning the hard way how poorly remote wipe is implemented... although I was reading somewhere that maybe it can work over wifi too... If it doesn't not having remote wipe work with a mere sim removal is just unbelievable bad implementation...
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,403
At the iPhone hacks section.
This is what I was saying before. MobileME is just a cashcow. It is useless for remote wipe or locating your Iphone especially if somebody stole it and remove your sim.
Nothing is foolproof.
It would help if you had a passcode lock turned on along with the Erase all data on this iPhone after 10 failed passcode attempts setting.
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
Nothing is foolproof.
It would help if you had a passcode lock turned on along with the Erase all data on this iPhone after 10 failed passcode attempts setting.
Look, I am one of the no. 1 apple fans, but to say this isn't foolproof when a simple pin to take out the sim suffices to turn off the whole protection is the understatement of the century. It's a bad and ultimately useless implementation. Everyone knows nowadays about mobile phones, and even the least knowledgeable thief would just chuck the sim card away so they won't be traced. Why would they need the sim anyway in the first place? Sim's can be barred in seconds...

A better system has to be thought of and implemented for sure, there's no excuse to that. As is, this is a miserably failed implementation. It safeguards you against none but the most moronic thief. Exactly from those people that you wouldn't need safeguarding from anyway....

Good thing they've just released the mobileme top exec, maybe now we might see some of the better apple wits tackle these issues much better than the lukewarm product they are offering now.


I will probably put passcode on next time. Thanks for the heads up! But they could jailbreak it then as well, couldn't they?
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,403
At the iPhone hacks section.
Usually most thiefs are moronic though :D
But whatever works for you. If your data is that sensitive buy a different phone with a more sophisticated remote wipe feature that cannot be bypassed. If thats even possible.
I just figured if you're that concerned about your info you'd at least have a pin lock to protect it.
Not every thief would know how to JB the phone and try to acess your info thru SSH etc.... in order to get to your stuff.
With a simlock and password protected backup they can only restore it and JB it by doing a complete restore and that would delete everything on the phone.
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
No, I don't want another phone, I love my iphone and I wish that apple get a move on in implementing this feature the correct way. Because as is it's mostly a for the show parody. And of course there are ways that it can be implemented well. Right now it just plain doesn't work. The reason I didn't apply the various pin locks is because most of them make for cumbersome usage. And what good would it do anyway? As long as the phone is on they can still get the data, it has to be turned off then on again for the master pin code to be enable, why would anyone do that?

I am serious about my sensitive data that's why I have invested in couple of 3DES encoding "wallet" or otherwise known as "safe" apps to keep them there password protected. :)
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,403
At the iPhone hacks section.
The reason I didn't apply the various pin locks is because most of them make for cumbersome usage. And what good would it do anyway? As long as the phone is on they can still get the data, it has to be turned off then on again for the master pin code to be enable, why would anyone do that?
:)
what are you talking about? It doesn't just ask for the pin when you restart the phone. You can set it to require passcode for 1 minute, 1 hour, 5 minutes, 15 minutes etc....
Shorter times are more secure.
A little research would help....
 

Shenaniganz08

macrumors 6502
Jan 26, 2010
467
4
what are you talking about? It doesn't just ask for the pin when you restart the phone. You can set it to require passcode for 1 minute, 1 hour, 5 minutes, 15 minutes etc....
Shorter times are more secure.
A little research would help....
yeah sounds like he's trying to rationalize for not putting a passcode lock

OP for being so "SECURE AWARE" you really screwed up by not putting a password lock + 10 attempt wipe on your iPhone

this is exactly the problem people face with online banking. They try to think of the most complicated password, but then choose extremely easy "password reset" questions like " what is your favorite color.
 

xrp123

macrumors newbie
Sep 22, 2008
8
0
yeah sounds like he's trying to rationalize for not putting a passcode lock

OP for being so "SECURE AWARE" you really screwed up by not putting a password lock + 10 attempt wipe on your iPhone

this is exactly the problem people face with online banking. They try to think of the most complicated password, but then choose extremely easy "password reset" questions like " what is your favorite color.
LOL. So true...
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
what are you talking about? It doesn't just ask for the pin when you restart the phone. You can set it to require passcode for 1 minute, 1 hour, 5 minutes, 15 minutes etc....
Shorter times are more secure.
A little research would help....
I have done my research so I don't appreciate your condescending tone. If you have other issues it's best not to let steam off in forums instead by talking down to people. The fact that I did not remember this functionality doesn't mean that I didn't look into it in the past and dismissed it, as per what I said before, as cumbersome. Not everyone wants to keep inputting a lock code every hour for every day of usage of his iphone as a security measure. It's an important counter measure for critical usage of the iphone and most people who are not anal retentive or paranoid find it adds immense complexity to daily usage.

That's why I opted for "purse" applications with advanced military grade encryption for my most private data.

You also deliberately missed what me and another member are saying about the remote wipe functionality being inadequate to the extent of being useless.

yeah sounds like he's trying to rationalize for not putting a passcode lock

OP for being so "SECURE AWARE" you really screwed up by not putting a password lock + 10 attempt wipe on your iPhone

this is exactly the problem people face with online banking. They try to think of the most complicated password, but then choose extremely easy "password reset" questions like " what is your favorite color.
LOL. So true...
No, I am not rationalising anything. Don't embarrass yourselves by assuming about people you don't know and then being terribly impolite about it. I have an Msc in Computer Science and I, lol, no I would not choose my favourite colour in bank forms...Please do not add insult to injury. And what's with the caps while quoting?...tststst.

I just think the op is pissed off that lost the phone and can't
track it thru mobileme.
No. Again you are miscomprehending and being condescending. First of all I am not "pissed off" and I haven't indicated anywhere in this thread that I am. I am disappointed, that I am, and I am voicing my concerns to hear feedback from others and start the discussion on better security features (and better implementations of the existing ones) from apple. Because they are needed.

Secondly, again, you are saying something I did not. Where did I say that tracking the phone via mobile me was the crux of the problem? I don't care about the phone, I 've lost a few over the years, it comes with the territory. What I do care about is about my data, and what I 've been saying before this barrage of insulting posts that have missed the point altogether, is that I was depended on remote wipe to work. And not be such a silly implementation that a mere taking out of the sim would render it useless.

There are better implementations for security, I have a really simple one that comes to mind, because the simpler ones are the best ones. Make taking out the sim password enabled, that is once you take out the sim a password is required with lock/self destruct features. Thus the thief will have a password locked phone as soon as he takes out the sim, and if that deters him/her from taking it out, then remote wipe via mm might actually work. Problem solved. Now it's not that hard for apple to think about it. I 'll post it in their feedback section and they can have the patent and copyright too.

Of course instead of some of you people being actually helpful and polite here, you have been more interested in playing the blame game with vacant posts. Kudos.
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,403
At the iPhone hacks section.
I know, I want all the security in the world too but I dont feel like using or typing in a password at all. Its too much work you know punching in a 4 digit pin :D
It takes a whole 1 second......
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
I know, I want all the security in the world too but I dont feel like using or typing in a password at all. Its too much work you know punching in a 4 digit pin :D
It takes a whole 1 second......
I too would like to learn how not to be condescending and obnoxious in forums, and maybe even replying to what the others actually have said, but perhaps I am just hopeless at that.
 

ngenerator

macrumors 68000
May 12, 2009
1,834
0
USG Ishimura
A bunch of useless whining
Ultimately, you're getting mad at other people saying that you really don't have anything available to fix your situation. Maybe not freaking out is the way to go at this moment. It may be a good idea for them to implement a better way to track or wipe your iPhone that will still work when the sim is removed, but unfortunately they haven't done this yet.

How about going to the feedback page on Apple's website to bring this up to them instead of just posting to your blog, I mean the MR forums.

Edit: In the end, after thinking about it, I want to thank you for your post. I was debating getting MobileMe just for the "Find my iPhone" feature. But now that it's not going to work if the sim is removed, I will instead save the $70+ and go with a free (or cheaper) option in Cydia.
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
Ultimately, you're getting mad at other people saying that you really don't have anything available to fix your situation. Maybe not freaking out is the way to go at this moment. It may be a good idea for them to implement a better way to track or wipe your iPhone that will still work when the sim is removed, but unfortunately they haven't done this yet.

How about going to the feedback page on Apple's website to bring this up to them instead of just posting to your blog, I mean the MR forums.

Edit: In the end, after thinking about it, I want to thank you for your post. I was debating getting MobileMe just for the "Find my iPhone" feature. But now that it's not going to work if the sim is removed, I will instead save the $70+ and go with a free (or cheaper) option in Cydia.
No, I am not mad at anyone, I am displeased with the kind of blaming, obnoxious and condescending attitude that you show as well which adds nothing to the conversation. Maybe now that you are thanking me, you can also remove your abusive "quote" of myself as someone who has contributed "a bunch of useless whinning". It's very ironic that you would say this, seeing as I am the only one here who has provided some constructive criticism of the securities features on the iphone and mm, some suggestions for it to be more sound and useful, as well as some alternative measures like "purse" apps for securing this information.

Regardless of some people who either out of character or upbringing chose to come here and add nothing other than "you screwed up" type of comments, I d like to keep this thread informative, so I will have to add that apple does claim that remote wipe works over wifi too, provided the phone is opened within a wifi network. But there's a catch to that too, the phone can be restored prior to that and remote wipe won't work. And another catch is that mobileme can become deactivated on the phone thus disabling remote wipe again. All these are huge loopholes of course. I am also wondering if/when the remote function does work (which in all probability isn't going to be very often seeing as how many byways there are for it not to work) how well it will wipe the phone off. Will it wipe it "forensically" clean, or just merely delete it...
 

Night Spring

macrumors G5
Jul 17, 2008
13,064
5,084
But there's a catch to that too, the phone can be restored prior to that and remote wipe won't work.
:confused: If your phone got restored before a remote wipe command reaches it, all your personal data has gotten delted, so no remote wipe is needed... :confused:
 

Macshroomer

macrumors 65816
Dec 6, 2009
1,126
525
Thanks for posting this, I lot my phone about 5 hours ago, freaked, had no screen P/W, not even synced and I have mobile me. But....I got it back not long ago, all is well.

So lesson learned, I will beef up security. I don't do CC trannies on the phone, too risky.

I am having a problem though, I did interrupt service on the phone and now my mail app is gone, I can't seem to get it back with a restore...
 

applesupergeek

macrumors 6502a
Original poster
Nov 20, 2009
879
0
Thanks for posting this, I lot my phone about 5 hours ago, freaked, had no screen P/W, not even synced and I have mobile me. But....I got it back not long ago, all is well.

So lesson learned, I will beef up security. I don't do CC trannies on the phone, too risky.

I am having a problem though, I did interrupt service on the phone and now my mail app is gone, I can't seem to get it back with a restore...
Hey thanks for a post that actually adds to the discussion finally. All's well that ends well with your phone. What your mail.app is gone completely off the phone and won't reappear after a restore? How strange is that...:confused: If you do get it back I have always made it a point to sync all mail accounts with mm, so it will be a piece of cake to restore all the emails on the phone (sent ones too). Worth checking out a few purse/safe apps that use very strong encryption with self destruct features too. If apple can't get it right in term of security at least a third party app can help. I 've researched these extensively so ask away if you are interested. Meo has some good apps, 1password is a standard (albeit one I don't use because it's more password oriented - but will give it a look again), lockbox has a nice free option too, and there are a few other ones, that I ll post as soon as I remember. Meo has a nice photo only app so any scanned documents, ids, ccs or other valuable photos can go there, really strong encryption too.

I still think my idea of a phone lock as soon as the sim is taken out, with a self destruct feature based on a password is probably the single best option apple should implement. I think most of us will be very happy with such a simple and powerful measure, that won't impact on daily usability. I 've already talked to a couple of nice gentlemen about it on applecare and they took note of my feedback.

:confused: If your phone got restored before a remote wipe command reaches it, all your personal data has gotten delted, so no remote wipe is needed... :confused:
Well it depends really, we don't know how much (and how many times, and how securely) everything gets deleted once the phone is restored. So potentially someone who know what they are doing, could restore it, jailbreak it and then try to to extract as much information by undeleting/restructuring files. I don't know how appple handle the restore, but I would doubt it that they use some "bleaching" method for all the file system, all 16gbs of it, and then install the software again. The devil is in the details unfortunately in terms of data security...

Please continue :D
Don't post again in this thread, got it?

You are obviously only here to be obnoxious, post after post of silly and stupid smilly faces and taunts. You don't even have the common decency to understand that someone lost their phones and could do without your behaviour. I 've had enough with your aspd.

Too lazy to change it, sorry:)
You are too lazy to change your "quote" on my "useless whining", but you have the time to reply with another rude post, and re-edit it again? What an embarrassment...
 

tiptopp

macrumors regular
Aug 15, 2008
225
2
Norwich, UK
Not everyone wants to keep inputting a lock code every hour for every day of usage of his iphone as a security measure. It's an important counter measure for critical usage of the iphone and most people who are not anal retentive or paranoid find it adds immense complexity to daily usage.
I've got to add another 'insult' to this thread, and I don't care that you won't appreciate it. But if you are so worried about personal data that you have military strength encryption within other apps on your iPhone, how can you POSSIBLY say that a four digit code, which literally takes a second to key, adds 'immense complexity' to your day??? It's not required every hour of every day, doesn't get in the way of answering the phone, and PROTECTS you, to some extent, against the problems of theft...

I don't care about the phone, I 've lost a few over the years, it comes with the territory. What I do care about is about my data
So why didn't you use the one really basic, easy, free, facility that Apple gave you with the iPhone to protect it???

Your attitude makes me furious. You asked for help, people made suggestions about how to do it better next time, you insult them, they get (appropriately, to my mind) sarcastic, you threaten them... If you can't deal with people you don't know speaking to you in a way that doesn't fit with your self-image, don't ask the whole world a question - go to an Apple Store and ask a Genius...

Tiptopp

p.s. I look forward to your insulting, rude and inappropriate response.
p.p.s. Why say 'It gets in the way' when you can say 'It's an important counter measure for critical usage of the iPhone'. I apologise in advance if English isn't your first language - if that's the case, your English is very 'clever'. But this is as close to a Bushism as I've seen in a long time.
 

Shenaniganz08

macrumors 6502
Jan 26, 2010
467
4
Please continue :D
Not small enough

"No, I am not rationalising anything. Don't embarrass yourselves by assuming about people you don't know and then being terribly impolite about it. I have an Msc in Computer Science and I, lol, no I would not choose my favourite colour in bank forms...Please do not add insult to injury. And what's with the caps while quoting?...tststst. "


Oh and know he's bringing in his technical background, that doesn't sound like rationalizing :rolleyes:

I have A+, MSCE, and Sun certification but

WHAT THE HELL does that have to do with being dumb enough to not put a password lock on a secure phone and then losing it

Again I bring back my metaphor. You can have the most absolutely difficult password to log into your computer, but what's the point if you leave a yellow stickie next to your computer with the password on it. You talk on and on that there should be better implementation for security, but you failed to use the easiest and STRONGEST data protection the iPhone has.

It's your fault for not setting up a password lock, that takes less than a minute to set-up.

OP you made a mistake, just admit it, no need to get angry at us or the world, it was your fault. Just learn from it and move on
 

Status
Not open for further replies.