There’s been a big flap recently about people taking advantage of an iOS 4.1 security flaw to bypass the Passcode Lock security on an iPhone and gain access to the owner’s phone service and email accounts. This seems like a good time to write a bit about basic iPhone security. Let’s take a look at the three types of iPhone theft that can occur, and what you can (and can’t) do about them:
1. Theft of the iPhone
In most cases, people steal iPhones to get at the iPhones themselves, because as phones, cameras, and game platforms, the devices are valuable. These people don’t usually care about the data on your SIMM card; most likely, they’ll just pull the SIMM card out and put in a new one.
Protect the phone itself by carrying your iPhone with you. Don’t leave your iPhone in your car or on tables at restaurants — and the same goes for a purse or backpack with your iPhone in it. An iPhone is as appealing as a wallet, and has the same chances of being stolen. (And Apple is no more likely to help you find a lost iPhone than Coach is to help you find a lost $400 briefcase.)
2. Theft of iPhone phone and data services (including email)
There are many reports of people grabbing an iPhone and using it to make phone calls and send email (under the owner’s name). To prevent this type of access to your iPhone services, you need to disable access to phone and email accounts.
There are two ways to do this; one involves remotely wiping your stolen iPhone of all data and apps, and the other involves canceling your phone service and disabling the stolen device’s access to your data services.
A service such as Apple’s MobileMe will enable you to find and remotely wipe your iPhone (or iPad) if it has been stolen. Mobile Me has a Find My iPhone feature. If you subscribe to MobileMe, and want this protection, you must remember to activate the Find My iPhone feature on your phone. It’s easy:
Go to Settings > Mail, Contact, Calendars and select your .Mac/MobileMe account. Then set Find My iPhone to “ON.”
If the day comes when you can’t find the iPhone and suspect it may be stolen, don’t panic and wipe it immediately: Before using Find My iPhone to remotely wipe a stolen iPhone, use it to display the iPhone’s location on a map. Quite a few “stolen” iPhones turn out to have been mislaid by owners who left them at the office or at a friend’s house.
Unfortunately, if your phone is not Passcode Locked (see below), it is possible for a thief to simply go into the iPhone’s settings and disable Find My iPhone.
If you don’t have a service like MobileMe, or if you didn’t use it quickly enough after the theft, you will want to call AT&T (or, in other parts of the world, your iPhone cell service provider) to cancel your service. Then, log in to any email accounts you check from your iPhone to change your passwords (unless the thief has already changed them, in which case you’ll need to cancel the account). These actions will prevent the iPhone, in someone else’s hands, from accessing the accounts you pay for.
3. Theft (or unauthorized use) of your data, on or through your iPhone
This category covers the actions of a prankster, an angry ex, or an unscrupulous co-worker or roommate who can get access to your phone when you may think it’s perfectly secure. Here’s how to protect yourself:
• Password-protect your online data. If you use your iPhone to access your bank, financial sites, or social networking sites, make sure you have strong passwords for those sites and make yourself use passwords to log in from a mobile device. This way, no one can empty your bank account or post something awful under your name on Facebook.
• Download iOS 4.2 when it comes out in November and Passcode-Lock your iPhone. This won’t deter someone who is stealing your phone for resale, but it will deter snoopers trying to get a peak at what you keep on your phone. You can still receive calls and see text messages when your phone is locked. Note: Passcode Lock is flawed in iOS 4.1 — there is a way to break into an iPhone that the owner has Passcode Locked. Apple has announced the security flaw will be fixed in iOS 4.2 in November.
To set Passcode Lock, go to Settings > General > Passcode Lock. Explore the options before you tap Passcode On. Be sure to record the Passcode you choose in a application on our computer such as Yojimbo.