Your IT Consultant

iPhone Security is Getting Better – Many Holes Still Remain

August 10, 2015

Noted security guru Bruce Schneier summarized a recent essay by Nicholas Weaver on iPhone security. You can do a really good job of securing the iPhone if you configure it properly. The trouble is, the majority of users don’t. As an example, it’s pretty simple to bypass the fingerprint reader or the weak 4-digit passcode. Even though you can take steps to secure the device itself, there are plenty of other places and ways to capture your information. One of our personal favorites is the iCloud backups. Users simply don’t realize what they are sending to Apple servers. Well perhaps those involved in Celebgate do now.

Another place to snag your information is with iMessages, especially the metadata which isn’t encrypted. There’s also a flaw in the way encryption is deployed for iMessages, making access a lot easier than Apple would like you to believe. The design flaw has to do with the key exchange that happens with every message. Since the iMessage to iMessage communications routes through Apple, snagging the keys is an easy process.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com