Here’s how to keep the FBI out of your iPhone

Here’s how to keep the FBI out of your iPhone

As most of us know by now, law enforcement wants Apple to unlock the iPhone that was used by the San Bernardino shooter.

Since then, the war has bounced back and forth from both sides, Apple winning a victory in New York,law enforcement warning that they could force Apple to hand over the source code, and now John Oliver has chimed in. Just about every major technology company has supported Apple while most US politicians have supported law enforcement.

It’s been a gruesome battle and we are still no closer to knowing which side will be victorious.

What law enforcement is asking of Apple

At various points in this article, I will refer to a “back door”. Of course, there’s no protecting yourself from a true back door, but law enforcement is asking something different of Apple.

If you have the setting turned on on your iPhone, 10 wrong passcode attempts will completely wipe the data from your phone. This is preventing law enforcement from using all possible PIN combinations, or “brute forcing” the device.

Law enforcement has called on Apple to create a custom version of iOS that would allow them to enter as many possible PINs as they need without the device erasing itself. They’ve also asked the firm to remove delays between attempts in this custom version of the OS.

Of course, law enforcement doesn’t actually need this back door. They could simply create an image of the encrypted iPhone, make their 10 tries, restore from that image, try again, and repeat.

Why it’s important to take security precautions

Assuming that the courts mandate that Apple build this back door, it’s important that users know how to protect themselves. You might be thinking, “I don’t mind. I’m not a criminal.” You’ll mind if this tool gets into the hands of actual criminals.

You might also mind if this tool gets into the hands of other governments. After all, Apple can’t play favorites with the US government. If Russia and China order the same thing, Apple would then have to comply.

This guide isn’t just for keeping the FBI out of your iPhone. It’s for keeping anyone that might getstheir hands on this potential back door out of your iPhone.

Besides, no one needs a valid reason to be able to exercise a right. No one needs a reason to exercise proper security precautions if they so wish. In other words, protecting your personal data isn’t just for criminals.

How to protect yourself

If your device is on iOS 8 or was upgraded to iOS 9, it’s likely that you have a four digit PIN. If the device you purchased shipped with iOS 9, or you set a new PIN while running iOS 9, it’s most likely a six digit PIN.

A four digit PIN has 10,000 different possibilities. Six digit PINs will have 1,000,000. A six digit PIN is going to take longer to brute force; however, with modern computing power, it won’t take that long.

Step 1one: Go to Settings -> Touch ID & Passcode -> Change Passcode.

Step 2two: choose “Passcode Options”.

As you can see, you have a number of choices. iOS 9 suggests that you use a six digit PIN; however, you do still have the option for four digits. You can also choose a custom numeric code, allowing the user to choose more or fewerless numbers in their PIN.

Step 3three: choose “Custom Alphanumeric Code”.

Step 4four: choose a secure password. A secure password is a combination of different types of characters, such as uppercase letters, lowercase letters, numbers, and symbols. The longer, the better.

Next, you’re going to see an option to use the same code as your iCloud security code. The most secure option is to use the same secure password.

Obviously, a secure password is going to become very tedious to type every time you unlock your iPhone. That brings us to step 5.

Step 5five: if you’ve got an iPhone or iPad that supports Touch ID, turn it on.

With a secure password that contains over ten characters, including capital letters, lowercase letters, numbers, and symbols, the amount of possible passwords goes from 1,000,000 with a six digit PIN to, well, let’s just say it won’t be easily brute forced. With Touch ID, that secure password won’t even make it any harder to unlock your iPhone.

iCloud

Knowing the PIN isn’t the only way to get the data from your iPhone. Someone can also take an iPhone and restore it with one of your iCloud backups. In fact, one could say that iCloud is the Achilles’ heel of the near perfect iPhone security.

There are a few things that you can do to combat this. One of them is to simply have a secure password for your iCloud account. Secure passwords are always the first step in fending off potential data breaches.

Once the user has your Apple ID and password, he has the ability to restore from an iCloud backup. It would also help to have two factor authentication turned on.

Two factor authentication will ask the person attempting to sign in for a six digit PIN. That PIN can be sent to another Apple device that’s signed into the account or a trusted phone number. If the phone number is the same as the iPhone that’s being signed into, once the SMS message is received, the phone will sign in.

At this point, it also makes sense to make sure that the trusted phone number is not the same as the iPhone’s phone number. Not all of us have multiple phone numbers that can receive texts, so it might make sense to set up a free Google Voice account.

You also have the option of simply turning off iCloud. Yes, I know. You like how you can take a photo on your iPhone and it shows up on your iPad, Mac, and Apple TV.

Apple allows for fairly granular controls over what iCloud backs up. Assume that the worst of the worst happens. You did everything right, you have secure passwords, and you turned on two factor authentication.

Somehow, they still got in. What are you worried about the bad guys seeing?

Apple allows the user to turn off iCloud backup for iCloud Drive, Photos, Mail, Contacts, Calendars, Reminders, Safari, Notes, News, Wallet, and Keychain. Is the iPhone your only Apple device? Good, the only reason that you would need iCloud is for backup (and not syncing across devices).

If iCloud is only serving as a backup for you, perhaps it’s best to turn it off completely and manually back up through iTunes. You can back up your photos to a PC or you can use other cloud storage solutions. Most of them are cheaper too.

TouchID

Throughout this guide, I’d suggested TouchID as a means of convenience in using a strong password for your phone. It’s important to note here that while law enforcement can’t force you to provide your password, it can force you to provide your fingerprint.

This presents a tricky situation. As with everything else, it comes down to the security that you care about. Remember, my job is not to tell you the kind of security that you should use. My job is to show you what your options are.

One option could be to use TouchID, but turn it off any time you might be forced to unlock your device, such as at the airport. Another option, the obvious option, is to turn off the feature altogether; however, turning off TouchID would make typing a strong password extremely tedious.

Of course, the concept of this article was based on the case against the San Bernardino shooter. It’s based on the idea of Apple creating the back door that law enforcement is asking them to make and that your phone could end up in the hands of someone who has obtained that back door.

Security and convenience is always a trade-off, and only you can choose where you want to sit on the spectrum.

In conclusion…

It’s all up to you. How much security is important to you? Assuming that the worst happens, what do you want to make sure that the attackers don’t get?

Apple has done a fantastic job of allowing their customers to have secure devices. With Touch ID, you can set secure passwords and not have to worry about typing them, unless you restart your device.

Of course, the iOS back door isn’t something to worry about just yet. Apple will fight this until the highest court that they can take it to tells them that they have to build it.

But why wait to find out if your iPhone is suddenly less secure than it was yesterday? Secure passwords aren’t that much of a hassle, especially if you have TouchID, and your iOS device will be more secure.

About the author
Rich Woods

Being a computer programmer wasn't enough to fulfill his love of technology. In 2013, Rich founded For the Love of Tech and has been writing about his love of tech ever since.