What if your iPhone is stolen?

Your iPhone (and iPad, for that matter) is vulnerable to a six-minute attack in the event that someone gets hold of your phone. The phone has built-in encryption, but the 'key chain' that Apple employs to keep passwords and data safe is breakable. Any password or access code you have told your phone to remember will be discoverable.

The important thing to learn from this is that you should treat your phone like your wallet: keep as little sensitive information on it as possible, and know what sensitive information you do have! You should keep a list (on paper, filed away) of accounts that you access through your iphone, so that when your phone is stolen you have a definitive list of places to contact and take evasive action.

Ideally there would be a utility to show you all the 'secret stuff' that is stored on your keychain, but as far as I'm aware there is no such tool. If you know how to list - and export - the iOS keychain, please let me know so we can all learn better security!


Comments

by Barry on 03 August 2011 Reply
I use an App called SplashID to encrypt a lot of sensitive data (SSNs, Account numbers, etc.). My password consists of 16 seemingly random alpha and numeric characters and the App purports to use "Unbreakable AES and 256-bit Blowfish encryption". I wonder if this password is also discoverable or if the data is as secure as I think it really is?

Add your comment