Alternate article title
"Good on you, Apple, says rest of the world" ?
Felons wanting to best forensic investigators need only perform a factory reset of all current model iPhones, say forensic security experts. Apple's decision to encrypt data on the iPhone is responsible for this state of affairs because a factory reset erases the decryption key required to reveal the handset's contents, …
Hypothetical question - is there an app that will perform a factory reset automatically if you don't tell it not to every 8 hours? Useful if your iPhone is lost and found and kept in a Faraday cage to prevent it connecting a network and receiving a remote wipe command.
No need, the default action is to wipe the phone after 8 failed login attempts. With iCloud, your data is all backed up so this poses no problem. Once wiped the device is effectively bricked until your Apple ID is used to unlock it again (although I've not Googled for workarounds to this to be fair)
I would assume it'd be just as much an issue for BlackBerry devices but the expectations are different: RIM made security its touchstone feature and has always marketed primarily to businesses. Apple claims security but has primarily been consumer oriented, where customers tend not to care so much.
No.
Well, maybe.
It's complicated, but if you take all the default user options you still don't get everything backed up in the cloud, apps can have a temporary data area that isn't backed up, usually it's used for things that can be downloaded again and are large so you don't want them backed up because they just fill your backup space (iOS will default to backing up application data). Financial apps normally use this area for authorisation data, so that if you restore a device the data is not present and you have to re-authorise.
That's the default position, so already not all of your data would be in the cloud, although you should still be able to recover a device; you just re-download any content from the relevant provider after a restore. Even with this option you can still have calendar entries and contacts that are only stored on the phone if you wish.
After that, you have options. Most secure thing to do would be to simply not configure a cloud account if you're worried about security.
Next thing you could do is to disable backup of specific apps to the cloud, which should work quite well given the sandboxed nature of iOS.
After that, depending on the data you want to keep secure, you could use a specifc app that provides the security you want, they normally feature an additional level of encryption, so that even their backup data can't be easily breached.
And, of course, there's always the option of either writing your own app or paying someone to write one for you that has the features you want.
but surely much of your data will still be up there on the Apple cloud - to be rifled there - no?
Correct, certainly after Apple quietly removed the ability to just sync between laptop and iDevices from iTunes (a couple of months back). There is, however, a way around that: use your own groupware server. That way you have contact, calendar and email sync without giving it all away to the US.
Yes, this was one of the sillier things to do, showing complete cultural and non-USA legal ignorance or just extraordinary naivety. I gather that even in USA the innocent sometimes do have something to fear.
However, I have seen that beta test versions of the new iTunes release have reinstated this. So fingers crossed and, if true in the customer release, glad that Apple does react to customers' remarks, eventually.
So, as far as the "cloud" network storage goes, just disable it. If you really need it, choose one of the new services from Germany or, less handy for most people, install one on your own laptop and continue to sync locally. But this was foolish of Apple, both in terms of security and reality (strangely, outside American coffee shop chains, large parts of the world, even in the most advanced "1st world" countries, are not on free wifi networks away from home, or even mobile telephone networks. Yet one may still want to back up the device to a mobile computer that is with you (or a tablet, is that possible? No idea, no tablet).
"Correct, certainly after Apple quietly removed the ability to just sync between laptop and iDevices from iTunes (a couple of months back)."
Errm... I just checked. I can back up my 5s to my system. Indeed, the system shows a backup made on 6 April 2014. I just connected the device to my system and am starting a new backup. (Thanks for reminding me to back up...)
When did you say that Apple removed this feature, and when did they put it back, 'cause I never missed not having it and I have the latest version of iTunes (11.1b5, if you must know.)
Since Apple can just push a new firmware to every user... which can simply read out all the data and transmit it everywhere you want.
Encryption is fairly useless unless you have control over the hardware that encrypts. If you control that hardware you can just bypass the encryption or read out the secret keys.
>Encryption is fairly useless unless you have control over the hardware that encrypts.
Useless to the common user? No it isn't. Most users aren't in fear of well funded agencies. What is a threat to them is losing their phone and have a criminal access their on-line accounts, or else a mate access their nudey pictures.
This post has been deleted by its author
I keep reading they can do this in the US too - but that just doesn't compute that you can just throw the 5th Amendment out the window without a Supreme Court battle. It may even be a 4th and 10th Amendment issue as well when looking at the whole of it. Perhaps no one has fought it because of the preponderance of the evidence other than what is encrypted made the revelation of it unnecessary? Hmm?! Of course these have been border crossing cases, and maybe they think even US Citizens rights end at the border?
Someones bought a time machine!
http://www.pcpro.co.uk/news/361693/teenager-jailed-for-refusing-to-reveal-encryption-keys
Under the Regulation of Investigatory Powers Act 2000, Part III, it is an offence to withhold passwords and the teenager was convicted last month of failing to disclose his key.
Read more: Teenager jailed for refusing to reveal encryption keys | News | PC Pro
"Hehe. With the 5s, despite all the encryption tech, it's actually easier for the cops to unlock an iPhone than ever before: They merely have to hold your finger over the home button."
Won't do 'em much good if 'Touch ID' is turned off, as it is on my 5s. And, oh, I've changed the silly 4-digit, numbers only, passcode to the alphanumeric multi-character passphrase. the poor lads will have to put some effort into breaking in.
Not an electron microscope, but a magnetic head with greater resolution than that which normaly lives in the drive. The drive is dismantled into individual platters before hand.
Which is why you don't use zeroes. Instead you use randomn data, and several passes at that. Nuke n Boot does this, and OSX has an option to do the same to user-erased data on the fly. Of course this incurs a performance penalty.
I'm sure there have been some papers published on recovering data from solid state storage.
Hmm so do I trust Apple who control the device hardware / software / cloud end-to-end and specifically build in security enhancements like fingerprint readers / encryption chips or Samsung / others plus Google (who make their profits specifically mining your data / selling ads on the back of it).
Think it's a win for Apple.
If the phones been wiped there'd be no association between the phone and the iCloud account so how exactly would you propose you get at the cloud stored data?? You'd have to know their user id or some other kind of identifiers which if all you have is a blank phone isn't much help. Sure if the "hackers" are the CIA, know who are and could demand Apple hand over the info for person X then they could get at it, fail to see how anyone else could.
You Reg. You are a card. Apple is too lax on security - bad Apple, naughty Apple. Apple is too tough on security - bad Apple, naughty Apple. And yet you still manage to make a nasty mess of love custard in your pants whenever a new bit of fondleable hardware gets shovelled out of Cupertino.
It's an object lesson in having your cake and eating it. Or, at least, trying to.
It is possible to encrypt your data on almost all of the platforms, the difference here is that apple are implementing it by design for everyone with an iPhone. Most people with droid phones simply wouldn't know how or care to encrypt making the lives of people who want your data easier.
Assuming that (insert TLA here) has a quantum computer then it is entirely possible to reverse Apple's whole device encryption so the problem becomes "how wiped is wiped?"
I've done some experimentation with fried Ipod Touch's which use the same Tosh!ba chips and the data is still assuredly there even after a factory reset until overwritten by the next sync.
Can be retrieved using power extremes, supercooling or reading the memory back in a strong multi-Tesla magnetic field (!)
Also the key is backed up in the same chip that stores the uSSID, MAC address and device ID along with the unique code(s) Apple assign to the device to allow Itunes to sync.
One reason why to avoid "Icloud locked" boards like the Plague, they are totally worthless for spares.