iPhone Security and Encryption
Jul/27/09 15:16
There has been a lot of discussion about this piece regarding security
experts cracking the iPhone 3GS encryption.
While I don’t doubt that a hacker or the FBI, NSA or the CIA can crack iPhone encryption, how does that affect your security risk? Very little I suspect. Here is why.
To get access to your data a person will have to have physical access to your iPhone. I’m not sure if the NSA or CIA need physical access, but from the report above a hacker would have to get physical access. Your risk then is that your iPhone would need to find it’s way into the hands of a hacker criminal with access to the tools described in the article. Can that happen? Sure but what are the odds? Following is a story about common criminals, the kind you do want to protect against.
I have a friend who had their house broken into and had two Mac laptops stolen. One was locked with a login password and the other was not. A few weeks after the theft and long after their bank accounts had been drained and credit card accounts accessed, a stand up citizen contacted my friends asking if they had a laptop stolen. What happened was the citizen purchased the Mac listed in a Craig’s List ad and noticed it was odd that the person selling the Mac to him was different than what seemed to be the true owner, after looking at the Address Book. The laptop was returned but the damage had already been done. How were the bank accounts and credit card accounts accessed? Because of Safari autofill and Safari history. The interesting thing is, it was the laptop that didn’t have a login password that was returned. So, password protect your Mac or PC even at home.
The Mac was stolen by a low-life who did the break-in, then the laptop was given to a computer “hacker”. I use the term hacker lightly and really should not use that term at all. The person was nothing more than a low-life who knew how to use a computer and understood that people use autofill in browsers. These are the kind of people you need to protect against if your iPhone fall into the wrong hands.
I watch people who use iPhones and many, if not most users, don’t use the 4 number pass-code. I believe it is too inconvenient for many when they just want to make a call, IM or use Mobile Safari. If you desire to keep important data on your iPhone or iPod Touch, then you need to protect that information further with encryption and better password protection. That is where an app like My Eyes Only™ and My Eyes Only™ Photo provided enhanced security for any device even the iPhone 3Gs.
Both of these app provide further levels of encryption so that if a true iPhone hacker, or forensics expert would get access to your iPhone they would have to do further efforts to access your data. What would they need to do? Well they would have to decrypt the data. To do that they would need to get access to the encryption keys and run software to decrypt the data using the keys. Where are the keys stored? In a safe and secure location on the iPhone where they are in turn encrypted. So the encryption keys for the encrypted data are encrypted in a safe place in the iPhone.
What about factoring the encryption keys? Again I suspect the NSA can do it, and the RSA organization made this assessment regarding 512 bit keys,
Your password is the weakest link as is your hint and password recovery question and answer in MEO and MEO Photo. Make sure you use characters and numbers in your password; make sure your hint and password recovery question and answer only have meaning to you.
If you have information you want secured on you iPhone then using apps like My Eyes Only™ and My Eyes Only™ Photo will provide you the proper protection in 99.9% of time.
While I don’t doubt that a hacker or the FBI, NSA or the CIA can crack iPhone encryption, how does that affect your security risk? Very little I suspect. Here is why.
To get access to your data a person will have to have physical access to your iPhone. I’m not sure if the NSA or CIA need physical access, but from the report above a hacker would have to get physical access. Your risk then is that your iPhone would need to find it’s way into the hands of a hacker criminal with access to the tools described in the article. Can that happen? Sure but what are the odds? Following is a story about common criminals, the kind you do want to protect against.
A Stolen Mac Story
I have a friend who had their house broken into and had two Mac laptops stolen. One was locked with a login password and the other was not. A few weeks after the theft and long after their bank accounts had been drained and credit card accounts accessed, a stand up citizen contacted my friends asking if they had a laptop stolen. What happened was the citizen purchased the Mac listed in a Craig’s List ad and noticed it was odd that the person selling the Mac to him was different than what seemed to be the true owner, after looking at the Address Book. The laptop was returned but the damage had already been done. How were the bank accounts and credit card accounts accessed? Because of Safari autofill and Safari history. The interesting thing is, it was the laptop that didn’t have a login password that was returned. So, password protect your Mac or PC even at home.
The Mac was stolen by a low-life who did the break-in, then the laptop was given to a computer “hacker”. I use the term hacker lightly and really should not use that term at all. The person was nothing more than a low-life who knew how to use a computer and understood that people use autofill in browsers. These are the kind of people you need to protect against if your iPhone fall into the wrong hands.
Encryption and Password Protection
I watch people who use iPhones and many, if not most users, don’t use the 4 number pass-code. I believe it is too inconvenient for many when they just want to make a call, IM or use Mobile Safari. If you desire to keep important data on your iPhone or iPod Touch, then you need to protect that information further with encryption and better password protection. That is where an app like My Eyes Only™ and My Eyes Only™ Photo provided enhanced security for any device even the iPhone 3Gs.
Both of these app provide further levels of encryption so that if a true iPhone hacker, or forensics expert would get access to your iPhone they would have to do further efforts to access your data. What would they need to do? Well they would have to decrypt the data. To do that they would need to get access to the encryption keys and run software to decrypt the data using the keys. Where are the keys stored? In a safe and secure location on the iPhone where they are in turn encrypted. So the encryption keys for the encrypted data are encrypted in a safe place in the iPhone.
What about factoring the encryption keys? Again I suspect the NSA can do it, and the RSA organization made this assessment regarding 512 bit keys,
Who is going to go through this level of effort to get access to the information you store on your iPhone?“In 1997, a specific assessment of the security of 512-bit RSA keys shows that one may be factored for less than $1,000,000 in cost and eight months of effort [Rob95c]. Indeed, the 512-bit number RSA-155 was factored in seven months during 1999 (see Question 2.3.6). This means that 512-bit keys no longer provide sufficient security for anything more than very short-term security needs.”
The Weakest Link
Your password is the weakest link as is your hint and password recovery question and answer in MEO and MEO Photo. Make sure you use characters and numbers in your password; make sure your hint and password recovery question and answer only have meaning to you.
Bottom Line
If you have information you want secured on you iPhone then using apps like My Eyes Only™ and My Eyes Only™ Photo will provide you the proper protection in 99.9% of time.