or Connect
AppleInsider › Forums › Mobile › iPhone › Apple exploring 'proactive' iPhone security methods for stolen hardware
New Posts  All Forums:Forum Nav:

Apple exploring 'proactive' iPhone security methods for stolen hardware

post #1 of 48
Thread Starter 
Apple could be planning to greatly enhance its "Find My iPhone" security feature in the future, as the company has shown interest in giving users the ability to scramble or delete specific data, or even record audio or visual information in the event that an iPhone is lost.

Apple's new potential security options are detailed in a patent application made public this week and discovered by AppleInsider. Entitled "Proactive Security for Mobile Devices," the feature would offer extremely flexible, custom options for security measures on an iPhone.

For example, with specific data such as e-mail, contacts and stored passwords, users could selectively choose to either scramble, delete or ignore the information if the handset is reported stolen or missing.

Users could even choose to deny a potential thief access to certain features of the iPhone, including the ability to make phone calls or access Wi-Fi. Users could also prevent a security breach to a corporate network by having their iPhone automatically change VPN settings once a security risk has been detected.

But a user may also decide to continue to allow some features on a missing device, such as Wi-Fi or GPS, to help track down the handset and identify its location. Keeping that functionality active allows the rightful owner of the device to determine its place on a map.



In one example included in the application, the missing iPhone displays an alert that a secure password must be entered within 60 seconds or location data associated with the handset will be transmitted back to the owner.

If a correct password is not entered in time, the location data will be sent, and the device can also be locked and restricted only to the functionality chosen by the original owner. For example, the device could become password locked, and the only available activity would be to contact the original owner of the iPhone.



Apple's solution could also utilize the sensors inside of an iPhone to record unusual activity, and alert users that their handset is at security risk, potentially preventing it from being lost forever. Such a system could detect suspicious activities like calls or texts to an unknown number.

If an iPhone is reported stolen, the device could record images and ambient audio. This data could be provided to investigative authorities to help track down the hardware.



These options are more powerful and flexible than the existing Find My iPhone functionality, which late last year Apple made free for all iOS devices. The current service allows users to identify the location of their device, display a message on it, set a passcode lock, or remotely wipe it.

But in its patent application, Apple notes that features like the remote wipe command are an all-or-nothing approach that can be frustrating for users. If a remote wipe is conducted, the user is forced to restore all of the deleted information, which can be inconvenient and time consuming.
post #2 of 48
Interesting - certainly a step up from Find My iPhone!!
post #3 of 48
I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.
post #4 of 48
I own an iPhone. I care if it gets stolen. As for pirating apps, let's take one problem at a time.
post #5 of 48
Quote:
Originally Posted by serkol View Post

I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.

You're the one who does that.

Applications themselves can tell when they're pirated; I've seen screenshots of stupid pirates who downloaded the wrong apps.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #6 of 48
I did this protection. And devs of many other pirated apps did this. But since Apple does nothing about this, this protection is very easy to break, and pirates break it for more-or-less popular apps. Currently there's only one way to tell that the app is pirated - checking the encryption status. Pirates also know this, and they simply patch those checks, and my patched app thinks that it is not pirated.
post #7 of 48
I'm sorry, but this just sounds way too Big Brother-ish. It would intimate that Apple logs, records and saves each and every communication, whether by text, call or email, so that they could recognize if a thief (or you!) has made a new contact, not already on your list.

And being able to record audio and video by a remote command opens so many privacy holes that I can't imagine it would ever be approved. There's no such thing as unhackable software. How long before someone's legitimate and/or private activities get recorded and transmitted, unbeknownst to them, by their own phone? Apple would be crossing into extremely dangerous territory if they decide to go there. There's so much potential for evil, it should not even be a consideration. This is taking Facebook's very questionable (hopefully deemed illegal at some point) facial recognition efforts to privacy-shattering levels.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #8 of 48
I actually wrote to Steve Jobs about "Find My iPhone" in March. It wasn't about these features but I think it's ridiculous (!) that anyone can just turn off the "Find My iPhone" setting option in the settings menu without entering a password. I recently had my iPhone stolen out of my hand and I couldn't track it because the setting option was turned off few minutes after the incident.


Quote:
Steve's reply:

Why didn't you have your password turned on?

Sent from my iPhone

On Mar 31, 2011, at 12:48 AM XXX wrote:

Apple needs to change the Find my iPhone setting to ask for a password when trying to disable the feature.

My phone was recently stolen and I had the Find my iPhone-function activated. However, after a few minutes it was gone and the thief probably just deactivated it in the settings. This should not be possible, Steve. Thanks
post #9 of 48
Quote:
Originally Posted by serkol View Post

I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.

The only people who can pirate your apps have jailbroken their OS. Anybody who wants to pirate apps and is jailbreaking their OS can conceivably use a jailbreak that removes any anti-piracy solution apple might attempt to place into iOS.

Sorry but they've already done as much as they can.
post #10 of 48
Quote:
Originally Posted by Gatorguy View Post

I'm sorry, but this just sounds way too Big Brother-ish. It would intimate that Apple logs, records and saves each and every communication, whether by text, call or email, so that they could recognize if a thief (or you!) has made a new contact, not already on your list.

And being able to record audio and video by a remote command opens so many privacy holes that I can't imagine it would ever be approved. There's no such thing as unhackable software. How long before someone's legitimate and/or private activities get recorded and transmitted, unbeknownst to them, by their own phone? Apple would be crossing into extremely dangerous territory if they decide to go there. There's so much potential for evil, it should not even be a consideration. This is taking Facebook's very questionable (hopefully deemed illegal at some point) facial recognition efforts to privacy-shattering levels.


It does sound big Brother-ish. And I think Apple actually feels the same way, given the application they just denied.

http://news.cnet.com/8301-27076_3-20...?tag=cnetRiver
post #11 of 48
Quote:
Originally Posted by serkol View Post

I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.

My garage was broken into last year. Why didn't you stop it?

Apple is not responsible for YOUR SHIT.
post #12 of 48
Quote:
Originally Posted by cloudgazer View Post

The only people who can pirate your apps have jailbroken their OS. Anybody who wants to pirate apps and is jailbreaking their OS can conceivably use a jailbreak that removes any anti-piracy solution apple might attempt to place into iOS.

Sorry but they've already done as much as they can.

No, they haven't.
- Their jailbreak protection is inefficient. iOS 5 was jailbroken within minutes after release. Since they make their own hardware, they could make iPhone un-jailbreakable on hardware level.
- Their piracy protection is very rudimentary. They could do much more, like an encrypted purchase receipt and other well-known measures. And again, since they make the hardware, they could protect apps on hardware level, that would be unbreakable.
post #13 of 48
Quote:
Originally Posted by serkol View Post

they could make iPhone un-jailbreakable on hardware level.

Go ahead and keep thinking that that's possible. We'll wait for you to come to your senses.

Quote:
unbreakable.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #14 of 48
Hopefully, it will automatically take snapshots from both cameras and upload them directly to the nearest iPolice station.
post #15 of 48
Quote:
Originally Posted by milkmage View Post

My garage was broken into last year. Why didn't you stop it?

Apple is not responsible for YOUR SHIT.

If you had paid 30% of your income to the company that built your garage, you would expect them to make your garage unbreakable, would you? Well, that probably depends on your income... Last year I paid Apple enough for a garage :-)
post #16 of 48
Quote:
Originally Posted by milkmage View Post

My garage was broken into last year. Why didn't you stop it?

Apple is not responsible for YOUR SHIT.

Wow, talk about a bad analogy...

Considering that they do all of this 'signed app' stuff through the App Store, it actually is a bit strange that they don't encrypt the apps on a per-user basis to prevent both tampering and theft.
post #17 of 48
Find my iPhone ? honestly i dont see what that nonsense does. I dont know anyone who has fond an ipod touch with it before, besides what stops a theif from just restoring the iphone or ipodtouch with the firmware i think its great that apple is trying but they have to make plans so it cannot be restored and apple really needs to get their s**t together on the ipodtouch they make it sound like people have wifi antennas comming out of their ears.take a scenario where i have an ipodtouch that i passworded with the wifi set to off how is find my iphone going to be usefull for me? no one can "slide to unlock" (because of the password) and find my iphone does not work because the wifi is off. Flexibility is useless when find my iphone doesnt even work...The theif can always just restore the hardware.
post #18 of 48
Quote:
Originally Posted by shadyside4fyr View Post

and find my iphone does not work because the wifi is off.

That's your fault.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #19 of 48
Quote:
Originally Posted by serkol View Post

If you had paid 30% of your income...

Wait! You didn't pay 30% of your income to Apple. You sell products through a distributor. Every penny you received from your distributor, you kept.
post #20 of 48
This happened just to me on Monday night, 13th June.

I had left my iPhone 4 by mistake in the back of a taxi on my way home and by the time I realised and called the cab company, the cab had already taken on another passenger. I was informed that my phone was not spotted and perhaps I made a mistake. I knew however that someone HAD found my phone because it was already switched off.

I requested that the cab driver turn back to where I had alighted (and offered to pay for the fare) provided the thieving passenger was onboard. Luckily he agreed. While waiting, it occurred to me to check the Find My iPhone app on my iPad and I chose to utilise the "Send A Message" function, hoping that the thief would read it and return my phone if I made a promise of a cash reward.

Upon the taxi's return, I did a search but to no avail. Somehow something I did on the app woke my iPhone up and it started to show up on the GPS, displaying that the phone was within the vicinity. Since the thief refused to hand over my phone, I had no choice but to call the police.

In the presence of the police I started to use the "Play a sound" function fo the app and the policeman noticed a vibrating sound from the thief. Long story short, I got my phone back and the feller got to spend a night in jail.

Seriously, I was never so thankful for the innovation of an app until then. I do lots of work for a government military arm and the classified emails contained within would have spelt a lot of trouble for my career if those had got out. I learnt my lesson in keeping my phone safer and also just how useful technology these days can be!
post #21 of 48
Quote:
Originally Posted by johnnielse View Post

I actually wrote to Steve Jobs about "Find My iPhone" in March. It wasn't about these features but I think it's ridiculous (!) that anyone can just turn off the "Find My iPhone" setting option in the settings menu without entering a password. I recently had my iPhone stolen out of my hand and I couldn't track it because the setting option was turned off few minutes after the incident.

1) I have written them as well. You need to have a passcode to enable or disable this service.

2) I did find a solution for user that isn't very cumbersome. Go to Settings » General » Restrictions. Enable Restrictions and allow everything, but under Accounts switch to Don't Allow Changes. This doesn't give you an extra step if you do need to change your Mail account settings but I haven't found that to be an issue.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #22 of 48
Classified emails on an iPhone??

Extremely doubtful.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #23 of 48
"St John Smythe" was an alias of James Bond (Roger Moore) when he saved Silicon Valley in A View to a Kill.
post #24 of 48
Quote:
Originally Posted by Tallest Skil View Post

That's your fault.

interesting so u leave your wifi on all the time? what if it is not around a wifi network or a network that needs autentication is that still my fault?
post #25 of 48
Quote:
Originally Posted by shadyside4fyr View Post

interesting so u leave your wifi on all the time?

Of course.

Quote:
what if it is not around a wifi network

Then it obviously won't find it. Logic, however, states that the thief will seek out a Wi-Fi hotspot to try out his new toy.

Quote:
or a network that needs autentication

The thief wouldn't be able to access it even if the thing didn't have a passcode, then, so that's moot.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #26 of 48
This may be slightly OT...

Doesn't this patent/features give more support that a web interface, such as MobileMe has that can be accessed from any other computer or device, WILL be part of the iCloud infrastructure?
post #27 of 48
They should have this on ALL of their products immediately.

And a nuclear death ray that emanates from the webcam when necessary.

And the ability to send a 30 amp surge to the keyboard. And....



Cheers,
Cameron
post #28 of 48
There is a fundamental step needed before these things will work, and that should be done on today's iPhone. That is, it should require the PIN to allow it to be turned off. Right now, you can steal an iPhone, hold the power button and slide to power down. Ten seconds of effort, and no protection like Find My iPhone will help. The thief can now take it somewhere radio-secure and wipe it. Job done.

Entering the PIN before it will power down would give you more time to track it.

On TWiT they say that thieves will steal a phone and quickly remove the battery to prevent wiping (they want your contacts). The iPhone has no battery to easily remove, but makes it just as simple.
post #29 of 48
Quote:
Originally Posted by mj2011 View Post

There is a fundamental step needed before these things will work, and that should be done on today's iPhone. That is, it should require the PIN to allow it to be turned off.

This! Really Find My iPhone is useless against any thief who knows about it. This is also totally unobtrusive, especially since we rarely turn off our iPhone (few do it on airplanes even though it's an FAA and FCC regulation).

Another thing that is needed is if you could prevent it from being restored in iTunes unless iTunes was logged into the account where the iPhone is registered.
post #30 of 48
Quote:
Originally Posted by serkol View Post

No, they haven't.
- Their jailbreak protection is inefficient. iOS 5 was jailbroken within minutes after release. Since they make their own hardware, they could make iPhone un-jailbreakable on hardware level.

Hey now... Jailbreaking != piracy. It's not even necessary to jailbreak in order to pirate apps. I've been jailbreaking since day one. Of my current iTunes apps, 0 out of 425 are pirated. Of my Cydia (jailbroken Apps) 0 out of 121 are pirated.

Have I pirated? Yes, but only because free trial versions weren't available and I wanted to try before I bought an expensive app. Of those, about 75% were then purchased and the remainder were deleted.

I know this is anecdotal, but I know, and have met many jailbreakers. Only a few pirate at all, and not one person I know pirates to keep.

Regardless, you can just as easily pirate without jailbreaking, so please don't confuse the two, as the jailbreaking community offers many things not only to consumers but also to developers (some of which are making good money).
post #31 of 48
This is all good, but to make it really consumer friendly they need to reduce it to simple user-oriented scenarios, rather than config screens.

Perhaps: Button 1 = I *think* my phone has been lost or stolen but I'm still checking.
Button 2 = Yes, it's definitely gone.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #32 of 48
Let's have more reasons to include the words 'proactive' and 'security' in one sentence.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #33 of 48
Quote:
Originally Posted by Gatorguy View Post

I'm sorry, but this just sounds way too Big Brother-ish. It would intimate that Apple logs, records and saves each and every communication, whether by text, call or email, so that they could recognize if a thief (or you!) has made a new contact, not already on your list.

And being able to record audio and video by a remote command opens so many privacy holes that I can't imagine it would ever be approved. There's no such thing as unhackable software. How long before someone's legitimate and/or private activities get recorded and transmitted, unbeknownst to them, by their own phone? Apple would be crossing into extremely dangerous territory if they decide to go there. There's so much potential for evil, it should not even be a consideration. This is taking Facebook's very questionable (hopefully deemed illegal at some point) facial recognition efforts to privacy-shattering levels.

The biggest potential for evil comes from a source that can act right now. That's the government. After all, it's not Google that has a history of international abduction for torture. That's not going to get better until we stop kidding ourselves that we are leaders of the free world and our free press is doing its job.

But, looking on the bright side, the good news is that OSX Lion windows can be resized from *any* corner.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #34 of 48
Quote:
Originally Posted by cloudgazer View Post

The only people who can pirate your apps have jailbroken their OS. Anybody who wants to pirate apps and is jailbreaking their OS can conceivably use a jailbreak that removes any anti-piracy solution apple might attempt to place into iOS.

Sorry but they've already done as much as they can.

I have always assumed that Apple deliberately leave jailbreaking open so as to provide a way for people to experiment but without Apple having to support them when it goes wrong.

I assume there is a step somewhere in the jailbreaking process where iOS grants the user/app permission to open a dialogue where the jailbreaking process can start.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #35 of 48
How cool would it be if Apple built in a self-destruct mode into iPhones, iPads and iPod touches? If your device gets stolen and you manage to track down the location of it and you get visual video confirmation that some loser thief is using your device, you could order the device to remotely self destruct while your device video records the destruction and transmits it to you.

This would be useful for situations where you know that you wouldn't be able to retrieve your device. Sometimes the police don't really care and sometimes you might get your device stolen in a foreign country or in a location that is far away from you. A person should have the right to destroy their own property.
post #36 of 48
Quote:
Originally Posted by serkol View Post

If you had paid 30% of your income to the company that built your garage, you would expect them to make your garage unbreakable, would you? Well, that probably depends on your income... Last year I paid Apple enough for a garage :-)

Quote:
Originally Posted by chabig View Post

Wait! You didn't pay 30% of your income to Apple. You sell products through a distributor. Every penny you received from your distributor, you kept.

Spot on.

serkol's income from Apple would have been 100% of zero if Apple did not distribute his app.

No point in having a further conversation with this guy.... I am sure he doesn't get it.
post #37 of 48
Now that every Apple device (iOS/Mac OS X) has a built-in camera, it seems like Apple could incorporate biometric data (facial recognition, iris scan?) in its security strategy. One caveatI would want this data to only be stored locally, and not sent up to the cloud. Basically, as part of the setup procedure, or to set up user accounts, the camera could snap a photo of you (or if you feel like getting more personal, move in closer to the camera so it can get a capture of your iris) and use that as part of your ID. Then, if you lose your iOS device, or if it's stolen, you go home, command it to go into a "safe mode", where it will only operate if it "recognizes" the person using it. Even if it's not commanded to go into "safe mode" (i.e., before you're aware that it's been stolen, or before you've had a chance to activate security procedures) it could "know" who's using it, and if it doesn't recognize the person as an authorized user, it could put itself into "safe mode", and put out a "distress signal" to the other deviceseventually alerting you, the owner, that it's being used by an unauthorized person. All this could be done without saving any personal biometric information to the cloud (which I do not want). It would only use the cloud as a message delivery platform during this "emergency" situationI think we can all agree that losing your iOS device or MacBook would constitute an emergency.
"Don't be a dick!"Wil Wheaton
Reply
"Don't be a dick!"Wil Wheaton
Reply
post #38 of 48
Absolutely necessary when going drinking at bars in Redwood, CA.

On a serious note, I've never understood why some companies leave device security up to 3rd party apps. Apple certainly ahead of Google here. Android leaves device security up to OEMs. HTC Sense has Find my iPhone like features. But it's not baked into Android. Remote backup and device security should be baked into the OS. And the more options (like ones presented here) the better. This will all help reduce the theft of mobiles.
post #39 of 48
Quote:
Originally Posted by serkol View Post

I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.

Complain to the jailbreakers who make this possible.

Jailbreaking opens a device to use pirated Apps in spite of the protests of do-gooders who proclaim they jailbreak for innocent reasons.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #40 of 48
Quote:
Originally Posted by macslut View Post

Hey now... Jailbreaking != piracy. It's not even necessary to jailbreak in order to pirate apps. I've been jailbreaking since day one. Of my current iTunes apps, 0 out of 425 are pirated. Of my Cydia (jailbroken Apps) 0 out of 121 are pirated.

Have I pirated? Yes, but only because free trial versions weren't available and I wanted to try before I bought an expensive app. Of those, about 75% were then purchased and the remainder were deleted.

I know this is anecdotal, but I know, and have met many jailbreakers. Only a few pirate at all, and not one person I know pirates to keep.

Regardless, you can just as easily pirate without jailbreaking, so please don't confuse the two, as the jailbreaking community offers many things not only to consumers but also to developers (some of which are making good money).

You can't side load apps in stock iOS. You can only go to the App Store. The only way to "pirate" then is to login to a friend or family member's account and re-download the app. Which is a pretty benign way of "pirating" and is limited in scale.

Jailbroken iOS devices can load any app, including pirated ones available on the internet. It is impossible to make a computer-device impermeable to hacking.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple exploring 'proactive' iPhone security methods for stolen hardware