While Apple vehemently opposed access to its iPhone data, FBI found a third-party, who cracked the security function on the phone. Is your mobile phone and data secure anymore
After successfully hacking into the encrypted Apple iPhone of one of the terrorists in San Bernardino shooting, the US Department of Justice has withdrawn legal action against the tech giant. A third-party helped the Federal Bureau of Investigation (FBI) to crack the security function without erasing contents of the iPhone used by Syed Farook who, along with his wife, killed 14 people in December 2015.
Apple has strongly defended its position—of not revealing or sharing software that would bypass its security features. iPhone has a feature that erases data after 10 unsuccessful unlocking attempts. A similar feature is available for other mobile phones, albeit it is not as secure as that of an iPhone. This makes you wonder whether your mobile phone, or all your data on the handset, is really secure. Can a third-party gain access to your important data easily?
Well, this is a grey area. There is nothing like 100% security or lack of security. Higher security level just takes more time to crack. That’s it. There are some basic security features available on a handset; but not everybody is aware of, or knows about, it. In addition, most handsets provide software-based encryption and not hardware-backed one. All Apple products carry the encryption feature. Also, almost every Android-based handset has an encryption feature, but not many know or use it.
So What Is this ‘Encrypt Phone’ Facility?
Using the ‘encrypt phone’ facility, you can encrypt your accounts, settings, downloaded apps and their data, media and other files. After you encrypt your phone, assuming you have set up a screen lock (that is a pattern or numeric PIN or password), you will need to unlock the screen to decrypt the phone every time you power it on. The only other way to decrypt is to perform a factory data reset, erasing all your data. This means that only with the unlock key, you, or someone with that knowledge, can gain access. Encryption takes an hour. If you interrupt the process, you will lose some or all of your data. Another feature you may want to check is the auto-wipe which automatically erases all data and reset it to factory settings on the phone after certain unsuccessful attempts to unlock the device. But, before using this feature, make sure to back up all your data regularly.
Is Your Data Secure?
What happens with stolen mobile phones? Thieves will either switch off your phone or throw away the SIM card. If there is no phone lock, it’s a cakewalk for them to sell it. If the handset is locked, it is sold at a cheaper price or taken to another regular ‘techie’. This techie will unlock the device and reset it to factory setting after which it gets sold. In short, people who get access to your device will be in a hurry to sell it off and will not be interested in the data. They may use some data on micro SD card, though. The techie may access the data and, if he finds something of interest, he may use it or sell it to others for a fee. What you can do is either use in-built encryption facility or wipe out the data remotely.
On Android, there is one such facility; but you will have to download it from Play Store. It is called Android Device Manager. This helps you to find the approximate location of your phone on a map and when it was last used. However, it requires the device’s location access feature to be enabled and the mobile data or Wi-Fi connection active. If these features are turned off, Android Device Manager cannot provide any information. Once you locate your device, you can remotely ring, lock, or erase all the data using Android Device Manager. However, I wonder how many Android users in India keep the location feature on; if not, this facility is unusable.
So what is your best bet to keep your mobile phone data secure? For Android devices, the encrypt phone feature is the best bet, at present. While it will give you peace of mind as long as the handset is in your possession, it will make it difficult for thieves to access the data.