A recent second phone theft in the family prompted me to revisit the extent to which the iPhone is secure from unwanted access. The key security hole is the lock screen. The last major update to iOS created a radically new lock screen.
Addicted to the locked screen
I will admit that I am a heavy user of my phone when it is locked. I regularly ask Siri for things, check calendar and other items in the Today section, review notifications, read and reply to messages, and manage phone settings and music in the Control Center. Indeed, that’s almost everything that I know one can do while the phone is locked.
I recently upgraded to the new 7 and activated Apple Pay in my lock screen – a press of the home button and all the payment options pop up. A nice quick access.
But seeing how easily my cards popped up gave me the heebeegeebees, so I turned it off.
And then my daughter had her phone nicked out of her coat.
Going dark. Easily.
Apple has some good phone finding and locking capabilities. When I got the text from her that her phone had been stolen, I got onto Find Phone, tried to locate it, sent the Lock command and note. Only thing, the phone was dark.
OK, so, yes, the phone can be turned off without knowing the lock code. But a bit more troublesome, the phone can be taken offline by raising the Control Center and going into airplane mode. That means that the phone can be futzed with while it is offline. If the phone could not be placed offline, then at least the cellular data would allow some communication and location.
As I was texting with my daughter, I was concerned that the thieves would be able to see my messages. That’s when she told me that she turned off the message notification on the lock screen for her own privacy.
Ubiquitous computing headaches
I’ve been reading a lot about the proliferation of internet-connected devices (aka IoT, but I knew it back in the day as ubiquitous computing). One common alarm is the low-level security leaving the barn door wide open for hackers. Though often, folks compare washer machine and thermostat risks to the security of phones and computers.
Not so fast.
We need to assess the security of our phones and computers as well, in their mobile context. And users are not equipped to understand how to get to a secure state. Though, I am sure millennials, if you tell them to lock down the privacy of their phones and computers away from their nosy friends and family, can figure out all the ways to keep private.
More serious options
The ability to turn off the phone without a passcode is an achilles heel. The remote locking and wiping of the phone is good, but perhaps there needs to be something more when someone tries to either reuse parts (which I think is the usual fate of these locked phones) or connects to iTunes. Indeed, my wife wishes there was a halt and catch fire, yes, catch fire, to spite the thief. Perhaps we should think of the whole lost/theft experience: how can we counter the fishing attempts to get the iCloud info to unlock the phone, how do we make it easy for carriers and Apple to be aware of the theft, how do we make it easy to know the IMEI and other identifying info after theft?
I have now turned off anything that might show up or use my lock screen. As a heavy user, I want to see the impact on my usage, figure out the balance between privacy/security and usefulness.
Also, I’ll let the rest of my family know about these privacy holes, including passwords on computers and phones.
Already I’m missing Siri: I was on a run and could not control the music player, or find out who was calling or messaging me.* And around the house, I can’t just holler to Siri for some info or what. I wonder if there’s a quick way to turn it on and off on the lock screen, but, it’s really not much of an assistant.
What about you?
Do you have a story of being lulled into a security breach while using the lock screen of your phone? What do you do to stay private?
*Hm, now that Apple Watch really seems useful as a second screen.
Image from ZDNet