Understanding iOS’ passcode security

Marco Tabini
3 August, 2013
View more articles fromthe author

Ah, the eternal question: should you protect your iOS device with a passcode? On the one hand, having confidence that your data is presumably safe from prying eyes makes carrying around your phone and tablet less worrying; on the other, having to tap in a code every time you want to check your email or make a phone call can quickly become annoying.

Apple, for its part, isn’t making this choice easier for its customers: Attackers keep discovering new methods for bypassing the passcode screen or circumventing it altogether, and, though the company typically provides patches fairly quickly, these security vulnerabilities undermine confidence in iOS’ ability to keep our data safe.

Still, the passcode is only the tip of the iceberg of iOS’ security measures.

Encryption for all. iPad and iPhone security begins at the factory, where two special codes are burned right into the hardware. The first code is unique to each device, while the second code changes from product line to product line. So, for example, each iPhone 5 has its own unique code, as well as a code that identifies it as an iPhone 5.

iOS uses these codes, together with a bit of random data called entropy, to generate a master cryptographic key, which it then stores in a dedicated area of the device’s memory called effaceable storage.

Subsequently, every file created on the device is encrypted with a separate key derived in part from the master key. Because iOS devices support encryption directly in the hardware, this process is typically fast and transparent to the user, and produces files that are unintelligible to anyone without the master key.

Should you ever need to completely wipe the data from a device, the only thing the operating system needs to do is erase the effaceable storage and voilà: all the data stored on the device’s disk becomes permanently unusable, even though it’s technically still there. When you install a new copy of the operating system, it generates a new master key and the encryption process starts from scratch.

This storage-based approach is important for two reasons: first, it’s relatively quick and efficient – which can save time at a critical juncture
if, for example, there’s only a small window of opportunity to erase the device’s contents when a thief turns it on to see if it works. Second, this method helps to extend the life of the device’s flash memory, which can be written to only so many times before it starts to fail.

Enter the passcode.

Useful though this storage-based encryption scheme may be, when a quick wipe is called for, it does not fully protect your data from prying eyes, because the key used to decrypt the data is stored right on the device, where a skilled hacker could easily retrieve it.

This is where the passcode comes into play: when you create a passcode and turn your device’s passcode lock on, a technology called Data Protection kicks in and generates a new encryption key; the key serves to encode certain files that the operating system has marked as critically important – such as your Keychain – as well as files that individual apps have deemed critical.

Because the passcode is not stored anywhere on the device (you are responsible for safeguarding it), the only way an attacker can decrypt the data without it is to use a brute- force approach – that is, to try every possible combination until they land on the right one.

The fact that the passcode isn’t stored on your device is, incidentally, the reason why Apple can’t help you if you lose your passcode. The unlocking code that you select is required to encrypt the data, and it is never saved anywhere that a malicious third party could access it (unless, of course, you write it down and leave it where someone could find it). Any security scheme that involved storing the passcode, even in the name of convenience, would introduce a massive vulnerability, effectively undoing the advantage of such encryption.

The weakest link.

Regrettably, people are notoriously bad at choosing security over convenience and many of us unwittingly weaken the safety of our data by following poor security practices.

Research has shown, for example, that most people choose extremely weak passcodes like ‘0000’ and ‘1234’, giving would-be hackers an easy means of attack. Because of that tendency, there’s a better than one-in-five chance that a thief can gain access to your phone within just five attempts, simply by guessing the most common passcode combinations.

Fortunately, it doesn’t take much effort to dramatically improve those odds in the user’s favour. For starters, if you prefer to use numeric codes because they’re easy to input on the large numeric keypad that appears, you’ll be happy to learn that iOS uses the same entry mechanism even if you pick a numeric code longer than four digits.

Open the Settings app and choose General, and then tap Passcode Lock, where you can turn Simple Passcode off. If you now enable passcodes and choose one that is composed of five or more digits, iOS will produce the numeric keypad when you try to unlock your device.

For some perspective on the difference this one measure makes, consider that each digit makes it
10 times harder for someone to break your code. For example, if a six-digit code requires around 22 hours to break, a nine-digit code will require some two and a half years to crack.

Still, it’s important to understand that a passcode isn’t a perfect solution that protects your data for all eternity: given enough time and resources, an attacker can defeat virtually any encryption scheme. Your goal should be to choose a passcode that’s lengthy enough to give you the time necessary to neutralise the effects of losing your data.

Buying time.

A garden-variety thief, for example, will most likely turn on a stolen device as soon as possible to make sure that it works, and will possibly root around for a quick score like your online-banking credentials.

In this case, even a reasonably secure four-digit passcode will give you enough time to log on to Find My iPhone and remotely wipe the phone’s contents well before the thief can access them.

More sophisticated criminals, on the other hand, will immediately pop out any SIM card and wait to turn on the device until they’re well out of range of open wireless hotspots; this gives them all the time in the world to hack into your personal data. In this case, your choice of passcode must be commensurate with the amount of time that you want the information on the device to remain inaccessible.

So, if you routinely keep confidential data on your iPhone or iPad that could remain ‘hot’ for years – such as legal documents – you’ll need to pick a long alphanumeric passcode to improve your odds of keeping that information secure.

Finding the right balance between convenience and safety is much easier once you understand how passcodes work. Whatever
new vulnerabilities arise in Apple’s mobile operating system in the future (and they inevitably will occur), the company can almost certainly be counted on to fix them in a timely manner. But the information on your devices will be only as secure as the locking codes you select.


Leave a Comment

Please keep your comments friendly on the topic.

Contact us