Did you know that it (arguably) only takes a few minutes to crack through the average user's iPhone's passcode screen? There are at least two pieces of software that can accomplish this feat, one of which is free. Don't be too alarmed, however. There are some steps you can take to make your phone even more secure.
The Swedish XRY cracking program is sold to law enforcement. It uses jailbreaking and brute force to obtain the passcode. Jailbreaking essentially unlocks iOS and allows the installation of software not approved by Apple. This can include visual tweaks to iOS, pirated software, or in this case, security exploits. Brute force simply slams the phone with every possible passcode combination available. The program reportedly works on both iPhones and Android devices and can strip all sorts of data -- from keystrokes to contacts.
The second free program, which is easy to obtain, is called the Gecko iPhone Tookit. It does less than XRY, as it only reads the lockscreen password and bypassed the "iPhone disabled" security feature. That should be enough, however, to get access to everything on the phone.
We all know about the duty of confidentiality and our responsibility to take reasonable security measures to protect sensitive data. Given that our phones and tablets are becoming increasingly important to our legal practices, more security than a four digit passcode is probably called for. That doesn't mean you need these guys guarding your phone. Here are a few less excessive measures to pursue:
Yeah, it's a pain to unlock your phone while driving. Hitting the four digit passcode is bad enough. A longer password, especially an alphanumeric password, means you're far more likely to run over a pedestrian. It's cool. You're a lawyer. Sue them for denting your car.
Seriously though, the thing is, many exploits run on brute force tactics. That's why many websites and computer systems require those annoyingly complex passwords, like p@$tAta$t3$g00d! If a four digit numeric pin can be broken in minutes, something like this will take months.
Android has had built in data encryption since 3.0. It's now 4.2. Get with it. Otherwise, getting access to your data might be as simple as plugging your phone into the computer, hitting a few keystrokes, and boom -- client data!
iOS has encryption as well, but it is on an application-by-application basis, according to LifeHacker. That means some programs encrypt, and some don't.
Apple has Find My iPhone. It allows you to, you guessed it, find your iPhone if it is lost or stolen. It also allows you to remotely wipe all of the data from the phone. Android has similar features, though they are a bit more complex to set up. MakeTechEasier.com has the scoop on a few other third-party apps that should do the trick.
- iPhone Security Glitch Allows Bypass of Lock Screen (FindLaw's Technologist)
- Passenger Tracked Stolen iPad to Flight Attendant's Home (FindLaw's Technologist)
- Evernote Had a Security Breach. Oh Yeah, That. Whatevs. (FindLaw's Technologist)