How Secure Is Your iPhone?
Our iPhones house all sorts of personal information, but is this something to worry about?
We all spend more time than we care to admit staring at our iPhone screens and mindlessly typing away. Everything from contacts to messages and images are things we would rather not have the world see.
The iPhone is designed with security in mind, starting as early as the boot process. Securing the boot process ensures that you’re booting an official version of iOS that hasn’t been tampered with in any way. The method Apple uses is pretty much bulletproof:
When an iOS device is turned on, its application processor immediately executes code from…Boot ROM. This immutable code…is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the iBoot bootloader is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. When the iBoot finishes its tasks, it verifies and runs the iOS kernel.
Put simply, everything starts with running code stored on the Boot ROM, which is Read Only Memory. This ensures that you’re running the code Apple programmed into the chip during manufacturing, and as it’s read only, it cannot be modified in any way once it leaves the factory. The Boot ROM also holds Apple’s Root CA public key, which can be used to verify the integrity of the bootloader. In order for the bootloader to be verified, Apple must sign it using their private key, which only they hold. It is near impossible for this key to cracked, and the public key (the only part of the key we know) can only be used to verify code, not sign it. Assuming the iBoot bootloader can be successfully verified, meaning that it is intact and has not been tampered with, it will then attempt to verify the iOS kernel. Once the iOS kernel has been verified as authentic, it is finally executed.
If any step of the boot process fails to verify, your iPhone will enter either DFU or recovery mode. So, if your iPhone boots at all, you know your iPhone’s software has not been modified in any way.
Touch ID and Face ID
Touch ID and Face ID are very useful features that allow unlocking your iPhone without entering your password in every time. This not only saves you time and makes your login process easier, but makes it less painful to have a longer password as you’ll need to enter it much less often. However, that does come with a small cost, at least for Touch ID.
One thing that Apple warns about is the possibility that a random person can unlock your iPhone:
The probability that a random person…could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).
The most alarming statistic is for Touch ID. Even with just one fingerprint enrolled, the 1 in 50,000 chance of a person being able to unlock your phone is lower than the possible combinations of a six digit PIN, which is 1,000,000. To be fair, even Touch ID being with five fingerprints enrolled matches the possible combinations of a four digit PIN, which for earlier versions of iOS was the default PIN length. Face ID is significantly better, and matches the possible combinations of a six digit PIN. After five failed Touch ID or Face ID authentication attempts, your iPhone will require a password, which somewhat mitigates the security risks by simply reducing the attempts someone has to fool Touch ID or Face ID. Additionally, upon rebooting your iPhone and/or after 48 hours without being unlocked, a password will be required to unlock the device.
Having a strong password is important, but may not be practical for a device that must be unlocked so many times throughout the day. Although Touch ID and Face ID make it easier to have a longer and more secure password, these solutions are not perfect. The default password setting when configuring a new device is a six digit PIN. As previously noted, this provides only 1,000,000 possible combinations. While manually trying a million passwords isn’t feasible in a short period of time, computers are great at counting and can do so extremely quickly. Going through all of the possible password combinations is commonly known as a brute force attack.
Luckily, Apple put protections in place to prevent brute force attacks from successfully executing on your iPhone. A big one is requiring that any sort of brute force attack occur on the device itself. This is accomplished by requiring the password be combined with the device’s UID to unlock the device. Additionally, the more incorrect password attempts there are, the longer you must wait in between password attempts. You may have even run into this yourself if you’ve ever mistyped your password more than a few times. For even more security, your device can be configured to delete itself after ten failed password attempts, making any sort of brute force attack a lottery as to whether or not your phone will simply wipe itself before any damage can be done. Also, your iPhone uses an “iteration count..so that [each] attempt takes approximately 80 milliseconds” to execute. This means that, in the worst case possible (in which the waiting period is somehow bypassed), it would take around a day to go through all possible combinations of a six digit PIN. Adding a few more digits, or ideally letters and other characters, would significantly increase the time needed to perform a brute force attack.
Your iPhone would be pretty much useless as a smartphone if it couldn’t run apps. But, running apps comes with the risk that a developer could potentially add some unwanted software to your device. Luckily, Apple largely mitigates this risk by requiring that all apps be verified and signed by them before making their way onto the app store.
Before developers can even submit their apps to Apple, they must join the Apple Developer Program. Before allowing developers to enter the program, Apple verifies the identities of those that apply. The general idea is that since Apple knows the true identity of the developers that publish apps, they won’t add anything malicious as they’ll be held accountable. Even if that is not a sufficient deterrent, Apple reviews all apps before allowing them to be put on the App Store.
So, Is Your iPhone Secure?
Yes, and there’s a pretty good chance it’s the most secure device you have. It’s near impossible to modify iOS without detection, all apps on the App Store have been reviewed by Apple, and unlocking the device without a password would take an extraordinary amount of time.
All quotes, and information in general have been sourced from https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf