Hello readers, today we shall be looking at iPhone security.
Today I’m thinking about keeping it short. The topic of security can get really technical and I do not want to bore you with all the details. But if you want a more in-depth look at this topic, visit Malwarebytes.
Ever since the court case between Apple and the FBI, Apple has been in the spotlight, all things concerning their iPhone security. After a long stint in court, the FBI was finally able to unlock Rizwan Farook’s iPhone. How did they unlock the encrypted phone without Apple’s go ahead you ask? Through Cellebrite. This is a company that specializes in data extraction and analysis from cellular devices. Their flagship, Graykey, is said to be able to bypass the iPhone lock screen and grant access to the user. The only caveat is that the device costs $5,000.🙆♂️
Why should this bother you?
As a Kenyan resident, it is almost impossible to track down a lost phone with the police unless you have the right connections. Even iPhones said to be almost uncrackable are now hot cakes among the Nairobi thugs. Over the last 2 months, three of my close friends have actually lost their phones. Even with Find My iPhone, their devices are still missing, posing the question, are you really safe?
With the recent iOS (11.4.1) update, Apple engineers introduced a new feature, USB Restricted Mode. This mode automatically kicks in an hour after the last unlock. This feature disables all data transfers through the Lightning port (clearly in response to Cellebrite) until it is unlocked by either a user or a trusted device. It turns out that there is a $39 device that can defeat this mode, according to Elcomsoft Blog. The strange thing is that it is an Apple manufactured device, their Camera Adapter. It turns out that once you insert this adapter, it pauses the countdown, and only resumes once the adapter is disconnected.
Some of you may be wondering why I brought this to your attention. It is simply to show you that no device is completely safe, new security threats keep popping up and as a tech enthusiast, it is my role to inform you. Seeing that there are a couple of these loopholes in the system, there is no telling what other methods exist.
Tip: In case you have an MPESA account, avoid using the same password as that on your lock screen. Prying eyes may follow the pattern of button presses. On top of that, once the thief logs into your phone having your Mail account logged in allows them to switch off Find My iPhone, as they have access to the verification.
Let this post encourage a dialogue down in the Comments section below. All thoughts are welcome.
Until next time, goodbye from the Mark & Ryse team.