Thursday, February 18, 2016

Apple V.S FBI and how you can secure your iPhone right now

You might have read Apple's opposition of hacking its own iPhone. You can read an in-depth analysis about the technical obstacles of FBI hacking the iPhone and how Apple can in fact help the FBI bypass the security measures.

This is not the focus of this blog post, however. I am here to help you secure your iPhone in case of an FBI search or search from law enforcement agencies in other countries.

1) You need to have an iPhone 5S, or later.  5S and later have an additional hardware called Secure Enclave, which will protect the integrity of the authentication process even if iOS is compromised. (which is what FBI demanded)
In Apple's own words,  The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.

2) Make a backup of your iPhone locally with iTunes

3) Download Apple Configurator 2 from the Mac App Store. https://itunes.apple.com/us/app/apple-configurator-2/id1037126344?mt=12

4) Create a profile to enforce strong password protection and pair-lock.
Open the Apple Configurator 2.
Create a profile by File - New profile
Go to the General Tab, and configure as shown
go to password and configure as shown


Go to Restriction Tab and configure as shown. Pay special attention at the setting marked in red

Exit and save the profile

5) Now that you have the profile, use USB to connect your iPhone with and click prepare in the main interface. You have to turn off find my phone before the preparation if it's turned on. 

Click through the steps, but choose to supervise the device. Also remember to add the profile created in the previous step. 
6) Now let the configurator do its prepare the iPhone. All data currently on your iPhone will be erased!
7) Wait till iPhone is prepared and shows you the welcome screen. In the welcome screen, set up normally but set it up as a new iPhone.
8) On your iPhone, go to Setting- General-Reset- Reset Location & Privacy. This will make your iPhone even distrust the computer your configured it with.

Congratulations! Now you have an iPhone that's beyond most agencies reach when turned off (perhaps not the NSA). However, do remember to turn off your iPhone when a physical take over might occur. Leaving your iPhone on might enable a much larger attack surface. 

No comments:

Post a Comment