Every technology manufacturer approaches encryption in a different way. They all have their own methods and algorithms for encrypting data on their devices. One of the most reputable companies for encrypted data is Apple. In recent news, Apple has been ordered by the government to develop new tools to disable security features to allow the government to have access to the iPhone from one of the San Bernardino shooters. We are here not to weigh-in on the legal or ethical implications of the request or Apple’s refusal to do, but instead to explore the technical aspects which are under debate.
Starting with the iPhone 4S, Apple beefed up their encryption method making it highly secure. With this new method of encryption, you only have 10 attempts at entering your password before the phone permanently erases your data if the auto-erase feature is enabled.
When using an iOS 9 (current operating system of the iPhone 6) device, the specific process if you forget your password is slightly more forgiving, but equally as effective. First, you have 6 attempts to enter the password. After your 6th attempt, you will receive a prompt stating that your phone is disabled for one minute and you cannot attempt another password until that minute is up. After seven attempts, it is a 5 minute period, eight attempts is a 15 minute waiting period and nine is one hour.
You might ask: “Why the waiting periods?” Well, anyone with a small child has probably had the experience of them picking up a cell phone while mom or dad wasn’t looking and trying to unlock it. Those waiting periods are, hopefully, enough time for the child to realize the phone isn’t working for them anymore. Also, I know if I forget my password, I sometimes lose count of how many different ones I have entered, so it is a nice warning feature for anyone struggling to get into their own phone.
If you fail to enter your correct password after 10 attempts, iOS 9 permanently wipes your data and not even Apple can retrieve it.
Today’s mobile security
In today’s world, all manufacturers of mobile devices have security measures in place to assist in protecting their customer’s data. Whether it is the ability to lock the device with a password or a password-protected encryption, all mobile devices have their own variation of security. Corporations and individuals often take those security features into account when purchasing these types of devices.
Questions to ponder
Given the news and the technical information above, I will leave you with a few questions to ponder.
- Who should have access to your data?
- If the device is owned by a company, who owns the data on it?
- How far should a manufacturer of a mobile device go to protect your data?