Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone Risk of unencrypted data

E

expergo

macrumors regular
Original poster
Nov 21, 2004
213
0
Hello,

I'm doing some research on MDM solutions and wanted to identify the risk of unencrypted data on iOS 7.

I know that the data on the iPhone is encrypted with a passcode (e.g. mail). But if you open a mail attachment into a 3rd party app (e.g. dropbox or quickoffice), that file then becomes unencrypted.

So if a phone is stolen, is it as simple as someone plugging the device into their computer, running some simple hack software, and it'll give them access to all unencrypted data (i.e. the email attachment)?

Any help appreciated. Can't seem to find that much on the net and the question of not just whether it's possible to get that data, but how easy it is to get, is not easy to answer. The ease of retrieving that data determines the level of risk of having that unencrypted data.

Thanks!
 
If its not easy to find out how from the internet, you won't have to worry for the most part as its not common knowledge
 
darricksailo said:
If its not easy to find out how from the internet, you won't have to worry for the most part as its not common knowledge
Click to expand...

In a way, you're right. But I just wanted something more substantive to provide to management. If I knew the level of difficulty, at least there's a use case to say it takes x amount of work to access that data as opposed to "I couldn't seem to find instructions so it's probably not that easy".

Applejuiced said:
What unencrypted data?
If you don't have a passcode setup then anyone can view everything that's on your phone.
They don't need to go to your mail app and open any attachments.
Click to expand...

If you set a passcode it encrypts some of your data (e.g. your mail). So if you lost the phone, even if someone could take the data off the phone, they wouldn't be able to read it. BUT the data in 3rd party apps isn't encrypted, so I'm wondering how easy it is for someone to access that data (or grab it off the phone).
 
expergo said:
In a way, you're right. But I just wanted something more substantive to provide to management. If I knew the level of difficulty, at least there's a use case to say it takes x amount of work to access that data as opposed to "I couldn't seem to find instructions so it's probably not that easy".



If you set a passcode it encrypts some of your data (e.g. your mail). So if you lost the phone, even if someone could take the data off the phone, they wouldn't be able to read it. BUT the data in 3rd party apps isn't encrypted, so I'm wondering how easy it is for someone to access that data (or grab it off the phone).
Click to expand...

for the x amount of work required to access the data, you might fair better by actually asking hackers, who have experience with breaking security?
 
All data stored on an iOS device is encrypted and cannot be decrypted without decryption keys. Those keys are very hard, and in cases of non-jailbroken devices newer than the iPhone 4, impossible (as far as anyone knows) to get.

Elcomsoft sells software, for $1495 US, that can aid in decrypting some iOS devices. According to their own website, they cannot decrypt non-jailbroken iPhones newer than the iPhone 4:
(*) Devices running iOS versions before 3.0 do not have Data Protection enabled and user partition is not encrypted.

(**) Devices originally shipped with iOS 3.x, including those running iOS 4/5 that were upgraded from iOS 3.x without performing “erase install” (i.e. using ‘Update’ option in iTunes as opposed to ‘Restore’), do not have Data Protection enabled, and user partitions are not encrypted. Therefore, the decryption is not required.

(***) iPhone 4S, iPhone 5, iPad 2+, iPad Mini and iPod Touch 5th gen support is limited to jailbroken devices only (iOS 5 and 6).
Click to expand...
 
tateu said:
All data stored on an iOS device is encrypted and cannot be decrypted without decryption keys. Those keys are very hard, and in cases of non-jailbroken devices newer than the iPhone 4, impossible (as far as anyone knows) to get.

Elcomsoft sells software, for $1495 US, that can aid in decrypting some iOS devices. According to their own website, they cannot decrypt non-jailbroken iPhones newer than the iPhone 4:
Click to expand...

Hi Tateu,

I've read that only the Apple apps are encrypted (and not ALL data). There's an API that 3rd party apps can use to encrypt their data (e.g. Goodreader does it and you can enable this), but most do not. So if I opened an email attachment in a 3rd party app like Dropbox or Quickoffice, that file in that app is not encrypted. That's my understanding of it but I could be wrong.
 
expergo said:
I've read that only the Apple apps are encrypted (and not ALL data).
Click to expand...
That is incorrect. Everything written to the drive is encrypted but there are different levels, based on whether or not the app developer implements specific iOS encryption APIs. Those levels are described in the following document from Apple, page 10:
(NSFileProtectionNone): This class key is protected only with the UID, and is kept in Effaceable Storage. This is the default class for all files not otherwise assigned to a Data Protection class. Since all the keys needed to decrypt files in this class are stored on the device, the encryption only affords the benefit of fast remote wipe. If a file is not assigned a Data Protection class, it is still stored in encrypted form (as is all data on an iOS device).
Click to expand...

When you plug a locked iOS device into a computer that it has never been connected to before, you cannot access any data on the device unless you unlock the device by typing in the passcode.

And according to Elcomsoft, they cannot get any data from an iPhone 4s or newer unless it is jailbroken.

----------
expergo said:
Actually, I'm now reading that iOS 7 does automatically encrypt 3rd party apps by default. http://www.apple.com/ios/business/
Click to expand...
That was true in iOS 6, too. I'm not sure about iOS 5, though, but I think it was true then, too.
 
tateu said:
That is incorrect. Everything written to the drive is encrypted but there are different levels, based on whether or not the app developer implements specific iOS encryption APIs. Those levels are described in the following document from Apple, page 10:


When you plug a locked iOS device into a computer that it has never been connected to before, you cannot access any data on the device unless you unlock the device by typing in the passcode.

And according to Elcomsoft, they cannot get any data from an iPhone 4s or newer unless it is jailbroken.

----------


That was true in iOS 6, too. I'm not sure about iOS 5, though, but I think it was true then, too.
Click to expand...

The only exception is photos in the camera roll. You'll be able to access that the second you connect it to a computer via USB
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back