Ever since the 3GS model, iPhones have had built-in, automatic hardware encryption. That, coupled with a robust operating system with very few security flaws, makes it simple to keep anyone from getting to your data: just turn on password protection for the lock screen (Settings –> General –> Passcode Lock) and pick a strong password, which has more than 10 characters that aren’t words in the dictionary. Once the phone is powered off, it would take even the NSA 25 years to crack its security.
This is because Apple uses 256-bit AES encryption keys that are stored in the phone’s hardware — the same technology used by the government to store top-secret data. Each iPhone has its own key that is randomly generated and stored nowhere else in the world but on that phone. All the data stored on it is always encrypted using that key, meaning that if someone took its memory out manually and tried to read it, it would look like gibberish, unless they had the key with which to decrypt it. The only way to get that key is from the phone itself, while it’s running.
If the phone has no PIN set, getting the key is fairly trivial — but if it does have one, then the intruder would have to guess it first. Using software, PINs can be entered about 12x per second, so what makes breaking in take longer is how many passwords the intruder has to enter before guessing correctly. The longer the password, the more possible combinations of letters and numbers there are to try, and they grow exponentially: a 4-digit PIN takes 13 minutes to guess, a 6-digit one takes a day, and a 10-digit PIN takes 2.5 years.
The strong encryption key and PIN lock — combined with the option to wipe the phone’s data after 10 incorrect PIN entries and the Find My iPhone feature — most likely makes it the hardest consumer good from which to steal information, including safes. The only other smartphone with similar data protection is the once-mighty Blackberry. There are, however, two gotchas to watch out for, both related to data duplication:
- The cloud: almost all the information on the iPhone can and usually is pulled from or duplicated on a computer on the Internet. If someone breaks into that computer, they have access to it without going through your phone.
- Your home computer: when you sync the iPhones with iTunes, a popular option is to backup the phone’s contents on that computer. Someone could easily hack into that backup file and get all the data on your iPhone, without ever touching it. It might be a little out of date, but still a major treasure trove.