Is the iPhone secure? That question has been hotly debated in legal circles since its release. To date, the loudest replies have been by those shouting “No” (see here, here, and here) but does that make that answer true? Ben Stevens of The Mac Lawyer and Finis Price of TechnoEsq now enter the fray to try to set the record straight.
The anti-iPhone crowd makes the following three types of claims to support their position that the iPhone is the “the most insecure phone we’ve ever seen” and that “the words iPhone and security do not belong in the same sentence”: (1) it’s too easy to jailbreak; (2) there are encryption weaknesses; and (3) it stores screenshots.
Finis is both a practicing lawyer and computer forensics expert, and he recently participated in the Droid v. iPhone debate in the ABA Journal. With these impressive credentials, he responds to each of those allegations as follows:
- The fact is that many so called “smart”phones can be cracked and the data stolen. Of course, the same can be said of laptops, and how many lawyers have theirs encrypted? One key difference with the iPhone is that it allows you to remotely wipe the email in the event that is ever lost. Starting back with the iPhone 2.1, it is possible to have the iPhone wipe its data after ten invalid tries, with each attempt being longer and longer. How many attorneys can do that with their laptops? Further, if your corporate email is set up correctly, your mail disappears if your password expires. While this can be annoying, it is more secure than the BlackBerry, which stores the email on the device itself. Also, the iPhone holds only 150 emails at most, which while annoying is more secure than the BlackBerry, which stores much more. Therefore, even if you use POP email, you are only risking 150 emails.
- The allegation that the iPhone has encryption weaknesses rings hollow. There are about 100 security apps in the App Store which allow you to encrypt the iPhone to protect it in case it is lost or stolen. You will soon be able to add biometric security to the iPhone through apps if you so desire (learn more here). The fact is that since the 3G-S version was introduced two years ago, the iPhone has been as secure, if not more secure, than any laptop – period.
- I believe that the argument about storing screenshots is outright silly. Yes, the iPhone gives you the ability to store screenshots in your photo album, but you have to work a little by pressing a couple of buttons every time to make one. Despite the clamoring made by some, this is not done automatically. Moreover, the only way you would not know about this happening was if you never looked at your photos. I will acknowledge that I have accidentally done this on my home page, but I have never done in by accident within an app.
Is anything 100% secure? Of course not. Law offices are subject to being broken into and/or having wandering eyes (such as cleaning crews) access client information. Legal pads and paper files get lost or misplaced, and how secure is a briefcase to someone who wants to get inside of it? One could argue that even the information stored inside the lawyers’ brains is not secure. Give Jack Bauer ten minutes and I guarantee that he would get information out of the most ethical, security conscious attorney in the world.
All of this might make one wonder why iPhones are being targeted and unfairly branded as being “unsafe.” A skilled forensic expert gets physical access to a laptop computer, he can extract all sorts of information, even that which was thought to have been deleted. Yet we find it odd that we don’t hear anyone claiming that it is unethical for an attorney to use a laptop, as some have stated about the iPhone. One cannot help but wonder whether those are merely the ramblings of fear-mongering PC-centric dinosaurs or those interested in selling us something?
Addendum from Finis:
One of the comments below references a forensics white paper about the screenshot issue. In that paper, he actually had to use a method called "carving" to get those images. This entails using a program to search for the hexadecimal values for image files in the temporary memory of the device. This results in over 2,000 images – most of which are not screens, being reported. These are then widdled down to whichever screenshot haven’t been overwritten. This is not the same kind of screenshot we take with the iPhone, but rather a function of the transition effect the iPhone uses. However, it should be noted these files aren’t even stored in an image format, they are simply bits and pieces of temporary memory which can be retrieved using a forensics tool and a LOT of forensics training. Using a carving tool, a forensics examiner could retrieve ANY image displayed on ANY computer device which outputs to a display. So the terminology used of the iPhone just taking and saving screenshots is misleading. These are not screenshots in the ordinary sense users of the iPhone use or can access.
We invite your input using the Comments section below.