Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Understanding iOS passcode security

Marco Tabini | March 8, 2013
Ah, the eternal question: Should you protect your iOS device with a passcode? On one hand, the knowledge that your data is presumably safe from prying eyes makes carrying around your phone and tablet less worrying; on the other, having to tap in a code every time you want to check your email or make a phone call can quickly become annoying.

Subsequently, every file that is created on the device is encrypted with a separate key derived in part from the master; because iOS devices support encryption directly in the hardware, this process is typically fast and transparent to the user, and results in files that are unintelligible without the master key.

Should you ever need to completely wipe out a device--say, because it's been stolen, because you're selling it to someone else, or just because you're reinstalling iOS--all that the operating system needs to do is erase the effaceable storage, and voilà: All the data stored on the device's disk becomes unusable, even though it's technically still there. When you install a new copy of the operating system, a new master key is generated, and the process starts over again.

This storage-based approach is important for two reasons: First, it's relatively quick and efficient--that can save time at a critical juncture if, for example, there's only a small window of opportunity to erase the device's contents when a thief turns it on to see if it works. Second, it helps to extend the life of the device's flash memory, which can only be written to so many times before it starts to fail.

Enter the passcode

Useful though this security scheme may be when a quick wipe is called for, it does not protect your data from prying eyes, because the key used to decrypt the data is stored right on the device, where a skilled hacker could easily retrieve it.

This is where the passcode comes into play: When you turn the passcode lock on, a technology called Data Protection kicks in, causing a new encryption key to be generated; it's used to encode certain files that have been marked as critically important by the operating system--like your Keychain--as well as by individual apps.

Crucially, the passcode itself is used as part of the encryption key, and then discarded when the device later locks. This way, iOS becomes physically unable to decrypt the data until the user re-inputs the passcode.

Because the passcode is not stored anywhere on the device, the only way to decrypt the data without it is to use a brute-force approach: that is, to try all the possible codes until you find the right one.

The fact that the passcode isn't stored on your device is, incidentally, the reason why Apple can't help you if you've lost your passcode, and why iOS can't automatically turn off passcodes when you're inside your home: The unlocking code you pick is physically required to encrypt the data, and it is never stored on the device. Any arrangement to the contrary, even in the name of convenience, would introduce a massive security vulnerability and effectively undo any advantage such encryption offers in the first place.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.