Why You Should Not Rely Too Much on Your iPhone Passcode

Some days ago, I started thinking about actually putting a passcode on my iPhone. While I have a password on my laptop, I have never ever used a passcode for any iPhone I have had. For one reason or another, the thought of actually using one came to mind, and just when I was on the verge of doing it, I read how the iPhone passcode may NOT be as effective as we think.

iphone passcode

So, what’s the deal?

The iPhone passcode is there for a reason: to deter any unauthorized access to your phone and its contents. So for example, if your iPhone gets stolen, the thief cannot make use of your phone without knowing the passcode. Of course, we know that it is merely one layer of security. Determined thieves will have the tools necessary to bypass the code and get your data. Still, the passcode does provide that initial deterrent.

The problem is that someone discovered a flaw in the system.

Andreas Kurtz from independent security research firm NESO Labs released his findings late in April, highlighting what Apple missed fixing in iOS 7.1.1. He says that:

…email attachments within the iOS 7 MobileMail.app are not protected by Apple’s data protection mechanisms. Clearly, this is contrary to Apple’s claims that data protection “provides an additional layer of protection for (..) email messages attachments“.

Basically, the results of Kurtz’s tests are that if someone (who doesn’t have the passcode), he can access the phone’s files by restoring the phone with the latest version of iOS, put a new passcode, and then connect the phone to a computer. Using password-bypass software, the iPhone then is an open book to that person.

Kurtz says that he was able to do this using the following devices:

  • iPhone 4
  • iPhone 5s
  • iPad 2 running iOS 7.0.4

So yeah, while using a passcode is still a smart thing to do (yes, I should go ahead and do that), this is an issue that needs to be fixed, especially with all the iPhone thieves everywhere.

About Noemi Tasarra-Twigg

Freelance writer; digital hobo; professional nap-taker; wannabe beach bum; seeker. SHINY!

Comments

  1. Boltar says:

    Uh, you do know it’s just the email *attachments*, right? That would be the same attachments that are transmitted through email in the clear? Does anyone with any sense seriously transmit sensitive information via unencrypted email attachments?

Speak Your Mind

*