Apple + Security & Privacy

An article in TidBITs takes a look at the security features in the iPhone 3GS. According to the author, Rich Mogull, the new version of Apple’s top-selling phone has a number of advantages that make it more secure than before:

• A hardware encryption chip. All data on the phone is encrypted by default using an AES 256 chip, as opposed to software encryption. This allows you to wipe your phone if you lose it or if it’s stolen, and protects against data access when you’re not logged in. However, Mogull says, “This doesn’t protect you from all attacks. As with any other encrypted computer, if the bad guy hacks the device while you are logged in, he can still access your unencrypted data.”
• Passcode locking. “On any iPhone, you can choose the amount of time your phone sits idle before it requires the passcode again.” This ensures that your iPhone is locked when you’re not using it. “One additional feature sets the passcode lock on the iPhone apart from many other phones on the market. If you select the option to “Erase Data,” the iPhone allows just 10 failed attempts at entry.” Mogull says this feature is not seen on other consumer cellphones.
• Remote wipe. As mentioned above, you can remotely wipe your phone when it’s lost or stolen. “Remote Wipe on the iPhone 3GS works just like a passcode wipe; the encryption key is deleted, making it a fast and effective process.”

Mogull goes on to mention other reasons why the iPhone is as “secure as can reasonably be”, but points out that, “the iPhone has experienced many software vulnerabilities, some of which could allow an attacker to take control of your phone by having you visit a malicious Web page. One security researcher recently discovered a way to hack iPhones remotely with little more than SMS text messages.”