View Points >> Viewpoints

Dimitri Fousekis, Telspace SystemsDimitri Fousekis, Telspace Systems

Recent local events have dramatically highlighted security issues among users of the iPhone. There have been reports of hi-tech equipment used to recover data and crack phone encryption – as well as obtaining login details of Web sites used to manage the phone – and these have raised concerns that personal data is simply not safe.

The fancy tools available to extract data from iPhones rely on well-known exploits, default configurations or other entry points into the phone. Some can try to brute-force passwords on the phone using methods that do not trigger the built-in protection, or that simply cater for such. Law enforcement officials also rely on simple user mistakes or inexperience to gain access. With regards to data encryption on the iPhone, keep in mind that not all data is encrypted. This is largely due to access required by certain applications, as well as the various programs that implement their own encryption.

Should we be worried then? Yes and no. Apple has put a lot of work and research into and the iPhone itself. Compared to other operating systems, also maintains a relatively good stance on and lacks critical flaws. The phone’s strict requirements and conservative application function exposure also keeps the phone better protected against sitting on the app store.

However, there will always be a way around something, and given enough time and resources, someone will find vulnerabilities, a flaw, or an “undocumented feature”.

Switching to Android, BlackBerry OS or Windows will not make you any more secure against law enforcement officials, or highly skilled malicious users.

There are, however, some steps you can take to make it
more difficult: 1.Set a random, and strong, PIN; 2.Set your iPhone to auto-lock after a reasonably short time; 3.Activate the find-my-iPhone feature on the device; 4. If your phone ends up in the wrong hands, immediately change any e-mail, Facebook, and other passwords on the applicable Web sites; and 5.Finally, be careful what you say via text or e-mail. That not only applies to legal implications, but to general circumstances. Remember, you can’t take back what you type.

About the author: is the analyst/ team lead, Telspace Systems. Telspace is a display sponsor of the upcoming Security Summit taking place at the Sandton Convention Centre from 27-29 May. Follow #itwebsec