UDC 004.056.53

IPHONE DATA PROTECTION

Askerova Leyla Fatullaevna
Bauman Moscow State Technical University
4nd year student, «Jurisprudence, intellectual property and forensic examination»

Abstract
The article describes ensuring the security of confidential information on mobile devices running the iOS operating system. Various ways of protecting data from unauthorized access are considered, such as data encryption, the use of Touch ID or remote wipe of data.

Keywords: confidential information, data protection, information technology, protection from unauthorized access


Article reference:
Askerova L.F. iPhone data protection // Modern technics and technologies. 2017. № 6 [Electronic journal]. URL: https://technology.snauka.ru/en/2017/06/13677

View this article in Russian

The demand for mobile forensics has grown tremendously with the release of smart phones, because hackers are interested in the data that is stored and can be recovered from these devices. Communication on these devices is now documented because people are no longer using their phones for just talking. Today people use their iOS devices to send text messages, check their personal and work e-mail, browse the Internet, manage their finances, or even take photos and videos. The using of smart phone devices in corporations can greatly benefit both the business and the employees. So corporations have to make a difficult choice when deciding which of the available mobile devices is the most secure and will protect internal business information from external invasion.

With the increased popularity of iPhone devices the use of smart phones is continually increasing. These devices have the capability to connect with e-mail services and provide the option of synchronizing corporate e-mail, contacts, and calendar events. But users do not know or do not realize that this data is being stored not only on their devices. When they delete a piece of information, it is expected that data is gone forever. But cloud services provide the safety of this data, which make it possible to recover information, as well as steal.

Both corporate and individual mobile device users have a high expectation that their personal information is secure. But mobile phones are drastically different from traditional computers and represent a new and unique threat to customer data. With the wide range of tools available on the device, including banking and other financial applications, a significant amount of sensitive information is being stored and transmitted. It is assumed that customized mobile applications are secure and avoid exposure of confidential user data and credentials, but that is not always the case. It is important for consumers to understand the risks involved in using these applications, especially when sensitive data is involved, such as with financial applications.

Various iPhone settings allow the users to protect unauthorized access to their device and data. Some of these configurations are not set by default. Additionally, certain functions or custom applications are not as secure as they might appear, leading the user to have a false sense of security.

iPhone users have the option to set a PIN on their device in order to prevent unauthorized access. Abbreviation «PIN» means Personal Identification Number. By default, it is a four-digit, numeric code, but by modifying the «Simple Passcode», setting can be set to a variable length. Upon entering the passcode incorrectly 10 times, the user also has the option to set the device to automatically erase all content.

On certain devices running iOS version 4.0 or higher, hardware encryption is also possible through a feature referred to as «Data Protection». When a passcode is set, the device settings will show «Data Protection is Enabled». Enabling this feature creates an encryption key, activating an added layer of security for e-mail messages and attachments. This encryption makes forensic recovery of these devices much more complex.

Another optional configuration is to set the device to automatically lock after a set amount of time. A user might consider this option as an effort to prevent unauthorized access to the device if it is left unattended. Upon seizing an iOS device, if it is not already «locked», a best practice might be to immediately go into the device settings and set the auto-lock to «Never». This will prevent the device from locking out and require the examiner to enter a passcode to access the device.

Finally, restrictions on various applications can be enabled, which allows the user to control access to particular apps. A passcode can be set to prevent unauthorized access to Safari, YouTube, iTunes, and other applications on the phone. This feature is ideal for parents who may want to restrict their child’s access to certain functions on the iPhone.

There are several ways in which an iPhone can be wiped. Within the device itself is the option to either «Reset All Settings» or «Erase All Content and Settings». The latter is a full secure erase and, depending on the amount of data on the phone, can take anywhere from a few minutes to over an hour to complete. Testing has proven that this method truly wipes the device, leaving no valuable data to be recovered.

Another option is to perform a remote wipe. This method can be completed through an e-mail account synchronized with the device or through a downloaded application. A remote wipe would come in handy in the event that the device was lost or stolen and the owner wanted to prevent access to their data.

Finally, Touch ID is the most interesting and reliable way to data protection. It means use fingerprint as a passcode. Fingerprint is one of the best passcodes in the world. It’s always with you, and no two are exactly alike. With just a touch of device’s Home button, the Touch ID sensor quickly reads fingerprint and automatically unlocks iPhone. User can even use it to authorize purchases. The technology within Touch ID is some of the most advanced hardware and software. The button is made from sapphire crystal — one of the clearest, hardest materials available; this protects the sensor and acts as a lens to precisely focus it on finger.

Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger. This is much better than the 1 in 10,000 odds of guessing a typical 4-digit passcode. Although some passcodes, like «1234», may be more easily guessed, there is no such thing as an easily guessable fingerprint pattern. But Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you can’t proceed until doing so.

Touch ID doesn’t store any images of fingerprints, but it stores only a mathematical representation. It isn’t possible for someone to reverse engineer actual fingerprint image from this mathematical representation. Fingerprint data is encrypted and protected with a special key.

While Apple hasn’t yet enabled any fully functional antivirus apps for the iPhone, there are even more steps every iPhone user should take to make their device as secure as possible.

The market overflows with tons of security apps built specifically for the iPhone. These applications allow to store various files and documents, access to which can be received after input of the password.

Some applications can be even externally disguised under others: for example, you load the calculator ordinary by sight, but at input of a combination from 4 figures and a sign «%» it turns into storage of confidential data.

There is an application which can help to find the iPhone if it was stolen – for example, you will be able to use its camera to try to make a photo of the thief. Besides, it gives the chance to see position of phone on a certain time point, thereby allowing to track all way.

Additional applications are available to help prevent the device from being stolen. Specifically, one application will set off an alarm if an attempt is made to steal the device. Other applications might track the GPS location of the device and send e-mail notifications on the steps taken.

For example, if a certain website was visited, this information would be sent to the owner’s e-mail address. Finally, some applications will go so far as to encrypt all data on the device. However, in order to guarantee that these applications are actually doing what they are set out to do, the device would need to be examined by an individual with sufficient technical knowledge.

Uses of such applications are additional methods for protection of the device, having made theft of personal data almost impossible. However, these applications have also a shortcoming ­­– the majority of them are paid.

iCloud is a cloud storage and cloud computing service from Apple Inc. The service provides its users with means to store data such as documents, photos, music, email, contacts, notes and to-do lists on remote servers for download to iOS, Macintosh or Windows devices, to share and send data to other users, and to manage their Apple devices if lost or stolen. The service provides convenient opportunity to recover this information from a cloud, but it can become unsafe if somebody gets access to cloud storage. Unlike physical theft of the device with data, penetration into cloudy storage doesn’t demand real presence near the victim and can be carried out at any time. In addition, the victim learns about penetration only after commission. Therefore the most reliable data protection in cloud storage is necessary. iCloud secures data by encrypting it when is sent over the Internet, storing it in an encrypted format when kept on server, and using secure tokens for authentication. A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a PIN, which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in. The identification number for each user is changed frequently, usually every five minutes. This means that data is protected from unauthorized access both while it is being transmitted to devices and when it is stored in the cloud.

It is possible to get access to iСloud using Apple ID. Apple IDs contain user personal information and settings. When an Apple ID is used to log in to an Apple device, such as Apple iPhone or Apple iPod Touch, the device will automatically roam the user’s settings associated to the Apple ID. As every day cybercriminals are inventing new ways to trick users into disclose their Apple ID, Apple policy requires users set strong passwords with their Apple ID. Password must have 8 or more characters and include upper and lowercase letters, and at least one number. In addition it is possible to use extra characters and punctuation marks to make password even stronger. Apple also uses security questions to provide a secondary method to identify online or contacting Apple Support. Security questions are designed to be memorable to user but hard for anyone else to guess.

Both corporate and individual users need a way to determine whether an application is secure prior to installing it on their device, and, more importantly, placing personal or company-sensitive information within the app. Every time people use their mobile devices to check bank accounts, update their status on social networking sites, or do online shopping or other online activities, there is a chance that personal information is saved to the mobile device. Users typically carry their mobile devices with them, which puts the device and its personal information at greater risk of loss or theft. In general, developers want to provide secure applications; however, the rapid development and release of mobile applications in response to consumer demand has resulted in less rigorous security testing.



All articles of author «Аскерова Лейла Фатуллаевна»


© If you have found a violation of copyrights please notify us immediately by e-mail or feedback form.

Contact author (comments/reviews)

Write comment

You must authorise to write a comment.

Если Вы еще не зарегистрированы на сайте, то Вам необходимо зарегистрироваться: