Skip to main content

If the FBI can unlock my iPhone, who else can?

A few months ago, an Israeli agency claimed that they had successfully helped the FBI unlock an iPhone without any help from Apple. The news sent shock waves throughout the tech world, but the news didn’t just have repercussions for the technology industry, it also made many regular smartphone users question the safety of the data stored on their smartphone.

Apple recently announced released some updates for Apple File System, or APFS, which should improve things. However, if you are still worried about your data, here are some easy things you can do to ensure your phone and the data stored on it remains safe.

Don’t panic

The key thing to remember is that your data is actually very secure. The Israeli agency, who made the news last month, employs some of the leading data scientists and security experts in the world. The standard process for accessing an iPhone is to enter the correct home screen password. If you enter an incorrect password too many times, the device locks and prevents any further attempts to unlock it.

What you might not know is that, as well as locking the phone, this process triggers an Apple security protocol, which adds a layer of encryption to all of the data inside. This encryption is extremely advanced and impossible for even the FBI’s computers to crack. Apple’s encryption technology is hugely advanced, very complicated, and requires extensive calculations to decrypt. Even if you are using the most powerful computing power in existence today, it would take more than a lifetime to calculate the decryption.

So if the FBI did not hack into the iPhone by decrypting its security processes, how did they get in? Is the data stored on your smartphone really safe? So what does that mean? In short, you don’t have to worry too much, because accessing your data via encryption/decryption is next to impossible, however it also suggests that there must be other ways for a device’s data to be accessed. Here is a run-through of how iPhone owners can safeguard themselves from getting hacked.

Operating System (OS) vulnerability

Normally when a wrong password is entered too many times, an iPhone will lock itself. However, this process can be bypassed in earlier version of iOS (7.0 - 8.1.3) by using an external 'IP Box' or 'UFED Box'. With early versions of iOS 8 the password attempt restriction can even be bypassed by resetting the power. Either way this allows the hacker to use brute force to break into the phone by trying all password permutations (which is easily done using a computer).

The best way of ensuring that this doesn’t happen is by keeping your phone up to date with the latest version of iOS. Many of the vulnerabilities highlighted above were addressed with the introduction of iOS 9. It’s also worth setting the screen password to six digits instead of four as this increases the number of password permutations a hacker would need to try to hack into it.

Siri vulnerability

Many people might not know it, but Siri, the voice activation system on the iPhone, makes it easy to access many of the phone’s features without unlocking it, which also creates a potential entry point for hackers. A variety of methods exist in different iOS versions that allow hackers to retrieve personal information such as photos and contact information using Siri. Again, the best way of protecting an iPhone is to keep it updated to the latest iOS version, as many of the vulnerabilities were addressed after iOS 9. Also, users can disable Siri, if they don’t use it very much.

DNS vulnerability

It might sound a bit technical, but Domain Name System (DNS) Servers are used by smartphones to track different IP addresses on the Internet. Hackers exploit this by modifying the DNS settings so that they can access applications without triggering any authentication systems.

The best way to make sure an iPhone is password protected is to make sure the user keeps it on their person at all times. Protecting the phone from strangers means that nobody can tamper with it as the DNS settings can be easily modified without the owner’s knowledge by someone who knows what they are doing.

Hardware vulnerability

They have to be very experienced, but some hackers have a background working with hardware and know how to look for vulnerabilities in Apple’s processor chips. For earlier A4 processors (up to iPhone 4), hackers can use a combination of viruses and hardware resetting to bypass an iPhone’s device’s system authentication. As processor chips evolve, however, such vulnerabilities are less prominent. Earlier models of iPhone are more vulnerable than others, so for someone that owns an iPhone 4 or an earlier model, they might want to consider upgrading to a newer phone.

iCloud vulnerability

Besides hacking into the iPhone phone, hackers may target users’ data in iCloud. Here are a few common ways in which an iCloud account can become compromised:

  • Hackers can steal email addresses and passwords from a low security website and use them to access an iCloud account. Many people use the same login information in multiple places
  • Hackers can simulate fake Apple emailers and ask for iCloud login information directly. Many celebrities have fallen victim to this method
  • Hackers can attempt easy password combinations from basic information such as birthdays, etc. Many celebrities have also fallen victim to this method
  • Network vulnerabilities such as WiFi fishing or Trojan viruses
  • ISP vulnerabilities, such as database leaking

The best way of safeguarding against these vulnerabilities is to use different login passwords and security information for different accounts. Avoid using easy password combinations such as birthdays, etc. where hackers can have easy access to. Remember that Apple would NEVER ask for a consumer for personal login information via email. iPhone owners should also consider installing a firewall and an antivirus program to protect their network.

No one knows exactly which method the FBI used to access that iPhone. But we do know that security is a balance between understanding vulnerabilities and safeguarding the device. As technology evolves, old security flaws are addressed and new vulnerabilities appear.

Pete Yang, Dr.Fone Product Marketing Manager and Data Security Expert at Wondershare

Photo Credit: Shutterstock/ymgerman