Every law firm seems to have its share of Apple super-fans who evangelize about the endless virtues of every product that Apple unveils. But it’s time to slow it down and think hard about lawyers’ migration to the iPhone—especially from the all-important stance of data security.
However, the business market—including lawyers and their firms—is, or should be, different. Despite the user-friendliness and sex appeal of devices like Apple’s iPhone, they need to put the requirements of their businesses and their clients first before rushing to purchase any technology tool—but particularly one that will store and transmit sensitive data. In that light, there are some serious issues with the iPhone. As Joan Rivers might say, “Let’s talk.”
Nice Browser—But What About Those Encryption Functions?
First, to be clear, our initial complaints about the iPhone in terms of its main features have mostly vanished, and it now has the requisite software applications that most lawyers use. Of course, you’re still stuck with the pricey AT&T network, but the phone itself works well and lawyers tend to love its “smart” functions, which include great Web browsing, a wonderful e-mail interface, excellent audio for conference calls, integration with Microsoft Exchange servers and more. So why would you forgo a device that offers lawyers all of this?
It’s simple. Lawyers are ethically compelled to keep their confidential data secure—and we have a lot of it these days on our smartphones. So whatever smartphone is implemented in our law practices, we sure as shootin’ better know something about its security features. And unfortunately, at least at this point, the words iPhone and security do not belong in the same sentence.
Let’s dig into the problems both from the vantage point of legal technology and computer forensics, dispelling some things you might otherwise think from the Apple marketing blitz. The chief issues here are two of the advertised features of the iPhone 3GS: the inclusion of hardware encryption and remote-wipe functions.
As most folks know, encryption is a fine way to protect your data and a killer for computer forensics examiners. But encryption appears to have been an afterthought in the iPhone, versus being inherent in the design. The result is that it ultimately doesn’t do a heck of a lot to keep data safe from hackers and other wrongdoers.
Forensics expert Jonathan Zdziarski, author of the book iPhone Forensics: Recovering Evidence, Personal Data and Corporate Assets, has demonstrated how easy it is to gain access to a supposedly secure iPhone 3GS. (You can find the video at www.youtube.com/watch?v=kHdNoKIZUCw.) The key to gaining access to the data is to extract a disk image from the device. First off, you “jailbreak” the phone by placing it into Recovery mode and installing a custom RAM disk to the iPhone. While Zdziarski mentions that the tools for this are only available to law enforcement, he also acknowledges that it is fairly simple to develop your own. In fact, several products, like Red Sn0w and Purple Ra1n, are freely available to “jailbreak” the phone. You then install a Secure Shell (SSH) client to port the raw disk image onto your computer.
Those in the forensics community know that sucking a disk image from an encrypted drive to a destination drive just gets you another encrypted image, which is of no earthly good to you. So what makes the iPhone 3GS any different? It’s this: Even though the data on the iPhone disk is stored in an encrypted form, the iPhone actually decrypts the data as it feeds the zeros and ones through the SSH connection.
The Problem with PINs and Password-Protection
Just as Billy Mays would say, “But wait…it gets even better.” To secure their iPhones, users are advised to configure an Unlock code. Then again (tsk, tsk), perhaps you shouldn’t waste your time. Zdziarski has done another demonstration in which he replaces the passcode file with one that contains a blank password, effectively removing the Unlock code. How is this possible? Just as in the previous explanation, putting the iPhone into Recovery mode doesn’t require the passcode PIN. You call that security? As we said before, security appears to have been a complete afterthought to the developers.
So let’s summarize here. The iPhone’s encryption is a non-starter and accessing the data is child’s play even if it is password-protected. Now, granted, in both cases a wrongdoer has to have physical access to the device. And no one ever loses their phone, right? Wrong.
Apple, however, says that losing your iPhone is not a problem, as you just use the remote-wipe feature to “kill” all the personal data on the device so no one else can access it. Alas and alack, there’s a problem with that, too. Apparently, the remote-wipe feature requires that the iPhone be connected to the cellular network. Oh, my. The last time we checked, simply removing the SIM card or placing the phone in a Faraday box would solve the network connection problem. Take the phone off the cellular network and you can take all day to retrieve the disk image (in an unencrypted form) from the iPhone 3GS.
Even Microsoft (and yes, it hurts to say something nice about Microsoft) has a secure remote-wipe function with Windows Mobile that actually works. When you establish a security policy for Windows Mobile, the device does not have to be on the network to destroy the data. Define the number of invalid PIN attempts before the wiping begins and the personal data is gone, network or no network. You can’t access the data on a Windows Mobile or BlackBerry without the proper PIN, which itself can’t be bypassed. What a novel concept.
Are You Hanging Yourself Out to Dry?
Again, the iPhone is feature rich and has lots of consumer appeal—but secure? Nope. The “S” in 3GS is for “speed” and not “security.” This is clearly a consumer phone and not an enterprise phone as currently designed. So, in a world where data breaches owing to lost or stolen laptops and smartphones scream at us from newspaper headlines, do you want a smartphone whose insecurity is well documented? In our judgment, no.