Andrew Coles
Andrew Coles による投稿 Published on

So how secure is the data stored on your iPhone?

Normally here at iPBE we like to preach the ways of making sure that your data is backed up to cover all eventualities of being an iPhone owner. But after reading this excellent article by Fraunhofer SIT about how secure passwords on the iPhone are, we thought it would be wise to highlight the security problems on the iPhone to our users.

It should be a priority of anyone owning an iPhone, iPad or anysmart device to be aware of issues surrounding their personal data and what they can do to protect it.

How easy is it to access data on an iPhone then, after all I have a passcode set?

Pretty easily it seems, Fraunhofer SIT says “Within six minutes the institute’s staff was able to render the iPhone’s encryption void and decipher many passwords stored on it”.

Checkout out Fraunhofer SIT’s video to see how easy it actually is:

Users also assume that if they jailbreak their iPhone, install ssh and change the root password they are then resistant to this hacking process, well it seems not. This process is not attacking the encryption itself, but a flaw in the way the passwords keys are stored in the operating system. This is independent from the actual encryption which should protect the password and iOS itself.

Limiting access and protecting your data

Of course no device is completely secure, so you don't need to run out and immediately change over to an Android or Windows phone just yet. The question that you should ask yourself is, “Am I doing enough to protect my data?”.

With all the social media, email, network access keys and personal information stored on these devices, users should be take care not to be complacent and prioritize convenience over security.

If you feel that you need to have access to all your accounts, apps, home or company network, make sure you at least have a process in place to change passwords quickly if your phone is lost or stolen.

We would recommend not storing email passwords and keeping them session based at very least. Most people can change all their passwords via an email account, so locking this down means you are still in control of resetting your devices associated passwords. It also lessens hackers’ opportunities to change passwords and gain access to any accounts linked to your email account.

So will Apple fix these iPhone security flaws?

As the problem is linked to iOS we would imagine that Apple will continually improve the way the passwords and encryption works on all their devices. But because of the ease at which Apple’s iPhones are continually jail-breaked in every iOS version, we think total lock-down could be a way off.

Apple’s Find my iPhone app

Apple does offer the useful Find my iPhone app for free, but only on the iPhone 4 with iOS 4.2. installed.

This app enables you to locate your iPhone if lost or stolen via another iPhone, iPad or computer. The app obviously has to be turned on and have location services running to work. You can also reset and clear all the data stored on the iPhone remotely before it gets in to the wrong hands.

Of course switching off the iPhone or removing the sim card renders this service defunct. It maybe also be possible to recover data from a wiped disk using a file system recovery tool. Although the percentage of data obtainable can be minimal depending on the wiping technics used.

If you have any comments, ideas or recommendations on this issue, please let us know here or leave your comments on this blog.