Q: Now that the FBI was able to get into the San Bernardino shooter’s iPhone without Apple’s help, does this mean that all iPhones are vulnerable? If not, how do I FBI-proof my iPhone?
A: Since we don’t know who the third-party that helped the FBI is or what they did, it’s pretty difficult to pinpoint exactly what it might mean, just yet.
What we do know is that the shooter’s phone was an older and less sophisticated 5c model, so it lacked some of the security features of newer 5s, 6 and 6s models.
It’s doubtful that what was used to break the code on the 5c would be directly usable on newer model phones.
With the introduction of Touch ID on iPhones, Apple beefed up the security through something they call the “Secure Enclave,” which exponentially increases the complexity of gaining access to the device.
Without getting into a heavy technical explanation, this additional security feature renders many of the techniques that might be used to break into a 5c useless on any iPhone that has Touch ID.
For instance, the ability to install a modified OS on the 5c to bypass security features couldn’t be done on the 5s, 6 or 6s models without the user’s passcode.
As to the “FBI-proofing” question, while there are certainly things you can do that would severely limit what they could do, it may come at the expense of usability of your phone.
Turning on basic security features in the “Touch ID & Passcode” settings such as “Erase Data,” which will erase all the data after 10 failed passcode attempts, and turning off the “Simple Passcode” to extend the length of your passcode are a good start.
Also, make sure Siri is not accessible from the “lock screen” so she can’t be “interrogated” without your passcode.
If you really want to “FBI-proof” your iPhone, you need to turn off Touch ID because a Virginia Circuit Court judge back in 2014 ruled that law enforcement can compel you to provide your fingerprint as it’s considered a physical object (like a physical key or DNA sample).
Your Fifth Amendment rights protect you from having to give up your passcode because it’s something you know that might incriminate you, but your fingerprint isn’t.
If you really want to increase the security, you can create a really long custom numeric or alphanumeric code, but this is where you start to get into usability issues.
With Touch ID disabled and a 10- to 12-character passcode, you may keep the FBI at bay, but you’ve just made your phone a major pain to use on a daily basis.
If your iPhone is syncing with your iCloud account, law enforcement can use a court order to get Apple to provide the key to gain access to your encrypted iCloud data.
Apple currently stores a copy of your iCloud encryption key on their servers, but speculation is that it’s working on a process that would push all the keys to a user’s local device, making it impossible for them to decrypt data in the future.
Frankly speaking, many of the reasons to own an iPhone go right out the window if you’re that concerned about keeping the government out. Maybe you should consider a BlackPhone instead.
Editor’s note: Ken Colburn is founder and CEO of Data Doctors Computer Services.