Of screen doors and submarines – locking down your iPhone

It’s about as useless as
A screen door on a submarine
Faith without works baby
It just ain’t happenin’
From Screen Door by Rich Mullins

In a recent post, to the extent that any post here is recent, I wrote about the threat to personal privacy – yea even freedom posed by smart phones. Actually the threat was not so much from the smart phones themselves but the potential of exploitation of them by law enforcement contrary to your best interests. The obvious answer to this problem, as every portable computer using reader of this blog surely knows, is to fully encrypt the device. Locking that bad boy down tight will blow those law enforcement fishing expeditions out of the water. But alas, this is not a realistic option with most smart phones. There are several notable exceptions to this including the RIM Blackberry, mentioned in the earlier post,  which can be configured to be secure and some Linux-based smart phones such as the Nokia N900 described in this comment to that post by reader Gino.

There actually is a solution for full phone (filesystem) encryption: the Nokia N900, a Linux phone that supports Crypto LUKS. I know this for fact as I am typing this with one that has it 

Albeit there is quite a bit of legwork needed and a fairly good bit of Linux knowledge required to set it up initially, it’s well worth the effort.

Unfortunately that excludes the many smart phone users, including myself, with iPhones. I did find some information in this article in Lifehacker entitled Common Sense Security for Your iPhone about locking down iPhones. To the extent that they can actually be “locked down”. Here are the high points.

Lock Your Phone
The most basic security precaution you can take is to make sure that your iPhone is using a passcode lock—and that the passcode lock will automatically engage after a brief period of inactivity.
Choose a Hard-to-Guess Passcode
On newer versions of iOS, you’ll have an additional option in the Passcode Lock settings labeled “Simple Passcode”. By default, “Simple Passcode” is on—and it essentially means that your passcode will need to be a 4 digit number that you’ll type when unlocking the phone. You can, and should, turn this setting off and enter a passcode that is more difficult to guess than the simple 4 digit pin.
Limit the Maximum Number of Unlock Attempts
To prevent someone from trying to break in to your phone if it’s stolen, take advantage of the setting at the bottom of the “Passcode Lock” settings page, labeled “Erase Data”. By default, this is set to off. Turning it on tells the iPhone to completely wipe the content of the device if 10 failed attempts to unlock the iPhone are recorded.
Take Advantage of the Free “Find My iPhone” App and Remote Data Wipe
Apple provides a great service called “Find My iPhone” that is available for free to any iOS device owner using their Apple ID (the same email address and password you use to purchase apps in the App Store). Complete instructions for setting up Find My iPhone are available on Apple’s Web Site. By default, the free Find My iPhone is only for 2010+ devices, but anyone can enable and use Find My iPhone on the 3GS and other pre-2010 devices. Here’s how.

While these are certainly valuable steps to take towards basic iPhone privacy, the efficacy vis-a-vis keeping out determined and well equipped snoopers is akin to locking the screen door on a submarine. This article by the oft-quoted [in this blog] Sharon Nelson of {ride the lightning} for the American Bar Association’s Law Practice Magazine entitled Why Lawyers Shouldn’t Use The IPhone: A Security Nightmare explains thusly.

The words iPhone and security do not belong in the same sentence, although you would never know it from the Apple marketing blitz. Some of the advertised features of the iPhone 3GS are the inclusion of encryption and remote wipe functions. As most folks know, encryption is a killer for computer forensic examiners and a fine way to protect your data. So what does encryption do for the 3GS? Not a heck of a lot. From my foxhole, it appears that encryption was an afterthought and not inherent in the iPhone design.

Jonathan Zdziarski has demonstrated how easy it is to gain access to a supposedly secure iPhone 3GS. Should we believe him? I certainly do, especially since I own his book on iPhone forensics and have personally seen the mountains and mountains of electronic evidence that is stored on an iPhone. The key to gaining access to the data is to extract a disk image from the device. First off you “jailbreak” the phone by placing it into recovery mode and installing a custom RAM disk to the iPhone. Jonathan mentions that the tools are only available to law enforcement (nice thought, but not so), but also acknowledges that it is fairly simple to develop your own. Several products like Red Sn0w and Purple Ra1n are freely available to “jailbreak” the phone. You then install a Secure Shell (SSH) client to port the raw disk image onto your computer.

Those of us in the forensic community know that sucking a disk image from an encrypted drive to a destination drive just gets you another encrypted image which is no earthly good to you. What makes the iPhone 3GS any different? This is the part where Apple is so very, very helpful. Even though the data on the iPhone disk is stored in an encrypted form, the iPhone actually decrypts the data as it feeds the zeros and ones through the SSH connection.

In order to secure your iPhone, make sure you configure an unlock code. Then again, perhaps you shouldn’t waste your time. Jonathan has another demo where he replaces the passcode file with one that contains a blank password, effectively removing the unlock code. How is this possible? Just like the previous explanation, putting the iPhone into recovery mode doesn’t require the passcode PIN.

Apple says losing your phone is not a problem, you just use the remote wipe feature to “kill” all of the personal data. There’s a problem with that too. The remote wipe feature requires that the iPhone be connected to the cellular network and removing the SIM card or placing the phone in a Faraday box would solve the network connection problem. Take the phone off the cellular network and you can take all day to retrieve the disk image (in an unencrypted form) from the iPhone.

Yep. Screen door on a submarine. In a follow up entry on {ride the lightning} Sharon finds even more reasons to declare “iPhone security” an oxymoron.

Most users are not aware that the iPhone conveniently creates a screenshot and saves it as a temporary file on the phone. Wired has an article that explains the how and why and is available at http://www.wired.com/gadgetlab/2008/09/hacker-says-sec/. The end result is that there is a very complete “audit trail” of activity that is done on an iPhone, even if the user doesn’t save any data. As an example, you can open a message that contains personally identifiable information and then immediately delete it. Guess what? All of that private data is on the phone until it is overwritten, which could be some time. As we mentioned in the article, the iPhone is an “evidence rich” device. These recoverable screenshots are one reason why and we’ve verified the existence of them through a ton of real world investigations. We’ve never seen this type of activity on any other phone.

Does all of this mean that the iPhone is the ONLY insecure cellular phone on the market? Obviously not, but it is at the top of our list, especially considering the hundreds of phones we get each year for evidence analysis. Any smartphone with a browser is subject to the same attacks and infection as any Internet user. We know many iPhone users are saying that security is the issue and is not unique to the iPhone. Perhaps the truth hurts. Security is a major issue for any law firm, but using a device that does not enforce PIN integrity is a little crazy in my book. I wouldn’t want to make that argument to a malpractice carrier.

Well so much for the delusions of privacy and security on the iPhone. I guess now we’re back to putting it in a bag in the trunk when we travel. At least in California. Or switching to Blackberry or N900 if we’re lawyers.