The FBI no longer requires Apple’s help to decrypt an iPhone. Thanks to an unnamed « outside source, » the agency dropped its case against Apple to help crack the San Bernardino shooter’s device. The source is believed to be Israeli firm Cellebrite, a mobile forensic software company.
We don’t know exactly how Cellebrite cracked the iPhone, but one prominent theory suggests that the company can copy the encrypted memory from the device to a backup drive. The FBI then attempts to brute force the password on the iPhone until the self-destruct sequence kicks in. After the iPhone self destructs, wiping its memory, Cellebrite can then restore the backup back onto the iPhone. Rinse and repeat until the FBI guesses the correct password. This is called NAND mirroring.
While Apple has done its best to protect its users from criminals and authorities alike, the Cellebrite scenario proves nothing is truly un-hackable. That being said, even the average person can make cracking their iPhone much more difficult and time-consuming.
Here are 10 ways to make your iPhone more FBI-proof:
Buy a newer iPhone
No, we don’t work for Apple an we’re not trying to make you spend more money. But the San Bernardino shooter’s iPhone was a 5C, which did not come equipped with TouchID. Newer iPhones with TouchID come with a feature called Secure Enclave. This, in very basic terms, is a separate computer inside the iPhone that provides the encryption keys for several of Apple’s security features.
Because Secure Enclave a separate computer, it can’t be manipulated through iOS, which is how the FBI hacked the San Bernardino shooter’s iPhone 5C.
Enable Find My iPhone
The San Berndardino shooter was killed before he had a chance to wipe his iPhone, but Apple provides a convenient way to remotely delete the data stored on iPhones for the living. Find My iPhone is a service that’s enabled through iCloud. The tradeoff is you must give up some privacy to Apple, because iCloud and Find My iPhone require location services to be switched on.
With this feature enabled you can now completely wipe your iPhone and return it to factory settings from another device.
Shrewd thieves and law enforcement, however, will know to disable location services as soon as possible. To prevent this, go to the Restrictions section of your iPhone’s general settings and tap Location. With Find My Location toggled on, choose « Don’t Allow Changes » at the top of the page. Now a passcode is required to turn off location settings and Find My iPhone.
Only use this method if you are certain your iPhone cannot be recovered, as you will no longer be able to locate the phone after your data is wiped.
Set a passcode and self-destruct
This is what gave the FBI such a hard time with the San Bernardino shooter’s iPhone. A swipe sequence is better than nothing, a PIN number is better than a swipe sequence, and a password is superior to a PIN number.
In the Passcode Lock settings on your iPhone, turn the Erase Data option on. This allows a maximum of 10 attempts at guessing the passcode before the iPhone is wiped.
If someone else uses your iPhone, be wary of the possibility of this method backfiring. A small child playing with the iPhone when you’re not looking could enter the wrong passcode 10 times and delete the contents of your phone.
Encrypted communication apps
WhatsApp recently announced full end-to-end encryption for all communications sent through its app. Telegram has done the same, as has iMessage. Using apps that allow end-to-end encryption prevents hackers from sidestepping the device altogether and instead accessing an app-maker’s servers, where text messages and other correspondence are often backed up.
Besides chat apps, video and voice calling apps should also be checked for authentication. FaceTime and Skype both use VoIP protocols with encryption enabled. Signal offers free voice encryption for normal phone calls.
VPNs mask your device’s IP address and location while also adding a strong layer of encryption to your internet connection. All the user’s web traffic is re-routed through a server in a location of the user’s choosing. Logless VPNs are ideal as they keep no records of your usage. The encryption and location spoofing make it extremely difficult for hackers to trace and snoop on VPN users’ online activity.
Paid VPN services typically cost a few dollars a month and are the most trusted. You can check out our VPN reviews here. If you want a quick and easy free option for iPhone, consider Hotspot Shield or TunnelBear.
File and disk encryption
When you set a passcode on your iPhone, the entire device is encrypted. If that passcode is cracked, there’s nothing left between the hacker and your data. For another layer of security, a few apps can encrypt specific files and folders of your choosing. Cloudfogger, Boxcryptor, Viivo, nCrypted Cloud, and Sookasa all serve this purpose. You can find more detailed descriptions of each in our list of the best apps to encrypt your data before uploading to the cloud.
If you prefer to encrypt all of the memory on your iPhone using a third-party (non-Apple) tool, consider VeraCrypt. VeraCrypt is actually desktop encryption format, but it has been adapted for the iPhone in two apps: Disk Decipher and Crypto Disks. These apps encrypt both data and metadata, and can even create hidden encrypted disks for further obfuscation.
Email is a very old technology, and as such has no real encryption or protection from hackers. If you need to send sensitive emails, the iPhone comes with built-in S/MIME encryption. Check out our tutorial on how to encrypt email here.
Silent Circle is an enterprise-level encryption service, and thus is not recommended for normal users. It’s aimed at businesses with highly sensitive secret information. Silent Circle encrypts phone calls, texts, email, and video calls for $20 per month per device. It uses an intricate system of nested cryptography and self-destructing data, but without interfering with the iPhone’s normal functions. Use logs are stored in Canada and Switzerland.