If you were wondering how much Apple invest in security, here is one quick question for you: have you enabled the Passcode Lock feature of your iPhone? As you may already know, iPhone security has now reached a high level, as the most recent studies show, but it wasn’t always this way. Here is a little story about iPhone security.
When Apple decided to redefine the term Smartphone more than five years ago with the launch of the iPhone, a new era in the company’s life began. Firstly, it launched the product which now generates more than 50% of its revenue, but it also started an era of research and development of mobile security for the company.
The first-generation iPhone was embarrassing in terms of security: every App Apple wrote ran with root privileges, which meant it had full control over the iPhone, allowing hackers to easily access the phone and take it over from the inside.
However, iPhone security was among the top priorities for Apple, so it started investing in research and development in this field, and each year it increased the difficulty level of hacking the iPhone. A key feature of iPhone security now is that Apps are running in their own, isolated “sandbox”. The “phone” even verifies its operating system as it boots, the latest iOS security document published by the company states.
The second milestone in making the iPhone more secure than other Smartphones made for the consumer market was encryption. As you know, when you enable the Passcode Lock on your iPhone, you enable data encryption, which means your iPhone’s hard drive will be encrypted.
At the heart of Apple's security architecture is the Advanced Encryption Standard algorithm (AES), a data-scrambling system published in 1998 and adopted as a U.S. government standard in 2001. After more than a decade of exhaustive analysis, AES is widely regarded as unbreakable. The algorithm is so strong that no computer imaginable for the foreseeable future—even a quantum computer—would be able to crack a truly random 256-bit AES key. The National Security Agency has approved AES-256 for storing top-secret data.
The AES key in each iPhone (or iPad) is unique to each device, and it is not recorded by Apple or any of its suppliers, the company’s white paper read. This could be considered as a response to some whispers that Apple could offer a back door key to bypass iPhone security at the request of the police.
But how does this encryption work? Simson L. Garfinkel explains that iOS devices keep a copy of the AES key in their flash memory, but this key is itself protected by the Passcode Lock, which must be entered before the device can be used. Now, there are a couple of security levels to resist so-called brute-force attacks—special software created by computer forensics to access the data stored on a device.
Examiners perform these so-called brute-force attacks with special software, because the iPhone can be programmed to wipe itself if the wrong PIN is provided more than 10 times in a row. This software must be run on the iPhone itself, limiting the guessing speed to 80 milliseconds per PIN. Trying all four-digit PINs therefore requires no more than 800 seconds, a little more than 13 minutes. However, if the user chooses a six-digit PIN, the maximum time required would be 22 hours; a nine-digit PIN would require 2.5 years, and a 10-digit pin would take 25 years.
There is one thing, though: while iPhone security excels compared to other Smartphones made for the consumer market, it still remains just no. 2 on the list of the top 3 most secure mobile devices, right behind the Blackberry. RIM devices use a very strong encryption system based on multiple factors in addition to the user’s PIN, but it has to be noted here that Blackberries were made for corporate use.
So, if you enabled Passcode Lock, you are on the right path toward protecting your data from foreign eyes. But if not, maybe it’s time to tap “on”, to increase your iPhone security.Contact Us for News Tips, Corrections and Feedback