Iphone 5: A dangerous security risk.

Iphone 5 black.

Iphone 5.

Gross data insecurity in iPhone.

And you thought your expensive iPhone is secured?

You were entirely wrong. What is secured is the operating system but not the data or at least not the entire data.

Here it was. A sleek black iPhone 5 with OS 6.1.3 gifted to me by a friend who had fallen in love with her iPhone due to its simplicity and ease in use. With usual scepticism for all expensive gadgets I started using it and the smoothness of operations even with all apps running, was most impressive. There was no lag in the camera shutter. Pictures had far more depth and details than expected. Most apps similar to Android were available and certainly far more than Blackberry. Fonts are sharp, even if smaller. No usual ruggedness of Android. But that was end of it.

iPhone data especially camera pictures vulnerable:

While iPhone security system proclaims that this phone can not be stolen. With location sharing on, the phone can be located anywhere but is that good enough?
I plugged in the iPhone connected to its USB cable into my computer, expecting to charge. Voila, two windows opened without even asking. The computer running on LinuxMint Petra mounted two partitions automatically. One with the title ‘Documents’ and another with the ‘sb-iphone’. The last one is the name given to the device by me. Both the partitions had all the data. Documents, pictures, iTunes data, everything. It was a shocking exposure. When I looked behind to see where these were mounted, I found no clue. But I could copy the pictures to my desktop without any problem.

iPhone’s bizarre vulnerability:

With the data partitions, mounted, any file could be easily copied on to computer and in fact whole data on partition could be copied easily. The copying was possible both ways. It was also possible to copy files to these partitions from the computer. I did copied few music and pdf files but even after removing the USB cable, iPhone neither noticed anything nor read or acknowledged the copied files. On re-connection with USB, I deleted these files, which I had copies earlier but apathetic iPhone apparently was clueless about all the activity in its backyard. I wonder what will happen if an executable file is placed there.

Position however is different with Passcode lock and Restrictions enabled. By default these features are off. Do turn these on from Settings>General.

iPhone on Window and Mac systems:

When I discussed the above development with another friend using Mac and Windows, he told me that both the computers did not detect or mount the partitions the way the Linux did. It appears that windows and Mac extend same courtesy to iPhone which they extend to each other. Exactly the way one shark ignores another. And this creates the illusion of security.

Iphone data can be hacked by Android phone:

Android ICS and later support OTG port. It means that we can use the micro USB port not only to for physical keyboard but also as a regular usb port to access a pendrive etc. When iPhone was attached through its USB cable to OTG port of Android, it also detected the pictures but the Gallery was taking unduly long to open the folder. I left it there. It is apparent that with right configuration, an Android phone can copy data from iPhone.

Conclusion about iPhone security:

The iPhone pictures are certainly not safe without activating passcode lock and enabling the restrictions from Settings>General>Restrictions. Therefore auto lock on the device is irrelevant. Again if at the time of plugging in USB phone is not passcode locked, subsequent locking will not unmount the partitions already mounted. Yet again LinuxMint 15 Olivia bestowed no respect to passcode lock at all. It appears that iphone  does have this security issue.

The only advice can be to use Android for safety which can not be mounted automatically whether locked or unlocked. If iPhone is to be used, do not leave it unattended merely on autolock. Further upload the pictures with Google plus, which is automatic and delete the pictures from phone. It appears iCloud maintains a regular sync and therefore deletes every picture deleted from the device.

While this may be a glitch or hack, it is due to the efforts of Linux Community to enable sync between iPhone and Linux. Read more about syncing with iPhone here.

More light on the subject is welcome.

All the best.

About Sandeep Bhalla

A lawyer, thinker, author, Linux/Ubuntu power user and sometime an economist or gardener or philosopher or cook or photographer depending upon the current thought and environment. View all posts by Sandeep Bhalla

6 responses to “Iphone 5: A dangerous security risk.

  • Nikhil

    I have tried and tested it on windows and mac(not a Linux user). But you need to test it. iPhone never used to ask “if you want to trust the connected computer” even on windows or mac prior to my update to ios7. So you will have to update to ios7 and test it on Linux to know the answer. Apple added many features in ios7. If you run google search, you will realize that ios7 is the biggest update to ios itself since iPhone was introduced and apple has added many functionalities and security feature in ios7.

    Like

  • Nikhil

    Update the iPhone to ios7. iPhone asks if you want to trust the computer when specific computer is connected to it.(at-least on windows and on mac) but this feature is added only in ios7.

    Like

  • David Bennett

    Did I understand you correctly? When you connected the USB the phone was still passcode locked?

    Like

    • Sandeep Bhalla

      No. It was on auto lock and restrictions were not in place by default. I have made it clear in the above article. Most people do not tinker with these settings. They must so so to secure the phone.
      Thanks for pointing out.

      Like