Post
by marksmithhfx » Fri Jan 04, 2013 1:49 am
A quick update on iOS security. Over the holiday I had the opportunity to test my iPad against a computer that had never seen it before. The good news: the iPad passcode seems to be the key to associating your iPad with another device. Without my passcode neither iTunes nor iExplorer could read anything on the device. Thats the good news. Now the bad. A passcode, unless it is carefully chosen, provides little real protection. While I've not actually tried it I am told that you can easily obtain a piece of software that can "discover" a simple 4 digit numeric passcode in 20 mins or less (using brute force attempts). So, at the very least, if you are interested in securing data on your iDevice, choose a complex passcode.
So, pretending that the potential thief had discovered my simple 4 digit numeric passcode, I entered it into iTunes when prompted. At this point it was possible to backup my device onto the new device and it became possible for iExplorer to "browse" many of the files and directories. I'm storing (fake) patient data in the documents directory of my applications sandbox. Without anything more than my passcode, iExplorer was easily able to copy the sql file to the desktop, where it would have been readable (except I had taken the extra precaution of encrypting the file using Monte Goldings mergAES add-on).
In short, if your passcode is secure your data should be. If your passcode is compromised somehow, you will need additional levels of protection in order to secure data you think is valuable and important.
Cheers, and Happy New Year
-- Mark
macOS 12.6.5 (Monterey), Xcode 14.2, LC 10.0.0, iOS 15.6.1
Targets: Mac, iOS