Apple devices need an additional layer of security
By Filip Truta
There’s a problem with the passcode lock in iOS that Apple has never fully addressed. Despite making it hard to get “inside” the phone and use its functions freely, the security feature is still far from acting like a padlock on your iDevice.
Passcode Lock has always been one of iOS’ most exploitable weak points. With almost every new iOS release, hackers and regular users alike have showed how easy it is to bypass the passcode screen and access the phone’s functions and sometimes even sensitive data.
Phone’s far from “locked”
The passcode lock feature is there to supposedly lock down your device and keep prying eyes from accessing your personal affairs. It works well most of the time, but it still allows access to a plethora of functions and ways to tamper with the device. In fact, it’s really not surprising that it gets exploited at least once every year.
Here’s what you can do with someone’s “locked” iPhone, in case they leave it unattended for a while. For the sake of the argument, let’s say you don’t care much for this person and you want to see them angry and frustrated.
(Disclaimer: note that I’m not encouraging this type of silly behavior. Point is it’s doable and Apple should allow people to fully lock their phones if they want to).
Take pictures
From the passcode-secured lock screen you can access the phone’s camera, take photos, edit them, and save them to the camera roll. This is for the user’s convenience, but it also compromises on security. Basically, you can take as many pictures and videos as you please and completely fill the phone’s storage capacity.
It’s not something that necessarily compromises the owner’s sensitive data, but it certainly messes up the way they left their phone when they last used it. But this one’s nothing compared to the other things you can do.
Drain the battery
Using the same quick-access feature to the camera, you can drain the phone’s battery by just leaving the camera app open with the phone facing downwards. It’ll eat through it faster than termites through a tree house. Especially so if you also hit the record button.
Access Control Center
With a simple swipe up from the lock screen, you can go inside the phone’s Control Center and mess with the wireless connectivity, turn Bluetooth on and off, change the phone’s orientation settings, enter Do Not Disturb mode, change the phone’s brightness and volume levels, toggle AirDrop on and off, activate the flashlight (another way to drain the battery fast), change the user’s alarm times or set an alarm to go off at a time of your choosing, as well as see what music this person listens to or what YouTube video he/she has last seen.
Access Notification Center and Passbook
This one can disclose more or less information depending on the user’s settings. But if the user trusts the passcode lock to have fully secured their phone and leaves the default settings intact, you can see what apps he/she has been using lately, including personal stuff like fitness coaching, menstrual calendars, media downloads, etc. Let’s not even mention Passbook, which can hold even more personal data.
Ask Siri to talk behind their back
If the user forgot to go deep in the device’s settings and turn off access to Siri from the passcode screen, you can ask the voice-enabled assistant to reveal all types of personal information about that person, including people in their address book, calendar appointments, email, messages, etc.
Solution: a real passcode lock
Normally, these issues don’t arise very often. But for someone who wants their phone fully locked yet still be able to receive calls, a stronger padlock is needed. One that lets you lock everyone (but yourself) out of every function and just asks for the passcode to get in and use the phone.
Apple could easily implement this by specifying two types of passcode locks in the device’s Settings.
Normal: with some functionality available for convenience. This one would be the passcode lock of choice for people who are not too afraid to leave their device unattended or simply don’t care if others can see how they use their phone and for what purposes. Also, these users wouldn’t have friends who like to mess with their devices’ functions and cause them pain and agony.
Strong: with everything locked out of reach, displaying only the passcode screen.This would allow cautious types to completely eliminate any way for someone to tamper with their device, yet still allow the phone to receive calls and text messages, email, notifications etc. The Emergency call feature is the only thing that should remain accessible in any situation. This way, Apple would also fully eliminate any future exploits that reveal the phone’s sensitive contents. It’s not just something worth considering. It’s imperative.