How do you evaluate the potential risk of using an iPhone with an older iOS

[Junichi]

I have an iPhone 5 and I'm worried because Apple may be going to drop it with iOS 11.
The iPhone 5 is not so gorgeous anymore and it's slow, but it works fine so far and if I can continue using it safely next year I'll be happy to do so.
I think the biggest problem with using an older phone is the security risk. Obviously Apple doesn't give fixes to older phones when they say they don't support it on the latest iOS, though I see many people still use their iPhone 4s.
How risky is it? What's your opinion on using an old iPhone with an old iOS?

 

[Mrbobb]

I think you are being paranoid. Apple encrypted before the 5 if I recall correctly, even the FBI was begging Apple, and if you happen to travel to third world countries/Russia, considered yourself hacked, ANY phone, don't do financial transactions.

 

[Applejuiced]

You will be fine.
It's not like a windows computer that can get tons of spyware and viruses.

 

[Retired Cat]

I think the biggest problem with using an older phone is the security risk. Obviously Apple doesn't give fixes to older phones when they say they don't support it on the latest iOS, though I see many people still use their iPhone 4s.
How risky is it? What's your opinion on using an old iPhone with an old iOS?

I start from the perspective that any computing device today carries some security risk. There are always 0-day exploits floating around, and it takes some amount of time to fix them. If I am using my phone for financial transactions (banking, credit card payments, etc), the best, last line of defense is constant monitoring of accounts for suspicious activity.

Risk at its most basic depends on 2 factors: the amount of damage that can be done, and the likelihood of the occurrence of such damage.

If someone is using an EOL'd (End of Life for software support) device like iPhone 4s, but only using voice and SMS, I'd say the risk is low. No online banking, no email, and no social media means there is both very little to steal on a device used like this. The attack surface is also very small as there are few outside services used via web or apps.

Conversely, I would not use an EOL'd device for anything potentially sensitive like banking or trip planning. Too much to lose, combined with higher probability of successful attack.

Bottom line: if you don't rely on your phone for anything important, it probably won't matter. If you are entrusting your phone with valuable info or access to resources, using an unsupported device is not prudent, and it's time for an upgrade to a supported device.

 

[Junichi]

Thank you.
It's not difficult to avoid using my iPhone for online banking, but all the passwords and contacts and pretty much everything I save are stored and synced via iCloud anyway.
If I have to turn off iCloud to get it separate from my other Apple devices, it's almost a deal breaker...

 

[addamas]

All iOS 10 partitions are now unencrypted so you get the answer - iOS 9.3.5 is better for now .

 

[chrfr]

All iOS 10 partitions are now unencrypted

This is absolutely not true. The iOS 10 kernel is unencrypted, but the data on the phone, and the filesystems are encrypted.
The lack of encryption on the kernel does not affect the security of your data in iOS 10.

 

[addamas]

Ok, tkanks for marking my mistake <up>

 

[Junichi]

How is encryption useful? I mean I know what encryption does, but your phone could still be hacked once you booted it and entered the passcode. And there are always some bugs that allows you to pass through the lock screen.
I believe the reason why FBI could not hack the phone was because it was turned off. If it was on and the suspect had entered the passcode since the phone had been turned on there should have been some ways to pass through the lock screen. Is that correct?

 

[Applejuiced]

How is encryption useful? I mean I know what encryption does, but your phone could still be hacked once you booted it and entered the passcode. And there are always some bugs that allows you to pass through the lock screen.
I believe the reason why FBI could not hack the phone was because it was turned off. If it was on and the suspect had entered the passcode since the phone had been turned on there should have been some ways to pass through the lock screen. Is that correct?

No, the particular iphone 5C was password protected and if you enter the wrong passcode too many times the phone locks you out and needs a restore.
The US paid lots of money to an Israeli security firm to crack the 4 digit pass code without disabling it so they can gain access to the contents of the device.

 

[C DM]

How is encryption useful? I mean I know what encryption does, but your phone could still be hacked once you booted it and entered the passcode. And there are always some bugs that allows you to pass through the lock screen.
I believe the reason why FBI could not hack the phone was because it was turned off. If it was on and the suspect had entered the passcode since the phone had been turned on there should have been some ways to pass through the lock screen. Is that correct?

There aren't always bugs to allow bypass of the lock screen, not by a long shot.
[doublepost=1480013217][/doublepost]

No, the particular iphone 5C was password protected and if you enter the wrong passcode too many times the phone locks you out and needs a restore.
The US paid lots of money to an Israeli security firm to crack the 4 digit pass code without disabling it so they can gain access to the contents of the device.

And even that hack wouldn't work on devices newer than a fairly old (at this point) 5c.

 

[Junichi]

What about this?
http://thehackernews.com/2016/11/iphone-hacking.html?m=1

 

[willmtaylor]

It doesn't run Flash or Java, so you're security risks are minimal.