TechnoEsq Presentations
Be sure to check out TechnoEsq Presentations. We offer extremely affordable presentations for pre-suit, mediation and trial.

The TRUTH About iPhone Security – The Mac Lawyer and TechnoEsq

Written on April 7, 2010 by Finis Price in Law Office Use, Mac, Technology, macs in law
9 Comments - Leave a comment!

During our visit to Techshow, my good friend Ben Stevens (The Mac Lawyer) and I had the opportunity to hear a number of absolutely ridiculous and absurd comments made by IT consultants as to why attorneys should not use the iPhone for their legal practice.  What was implied was that security on mobile phones is a tricky business and that for a nominal fee those very same consultants could come in and ‘fix your problems’.  After my heated comments on Twitter during the 60 Tips in 60 Minutes, Ben and I decided to post an official response to these baseless assaults on the iPhone on behalf of all Mac using lawyers around the world.

Is the iPhone secure? That question has been hotly debated in legal circles since its release. To date, the loudest replies have been by those shouting “No” (see here, here, and here) but does that make that answer true? Ben Stevens of The Mac Lawyer and Finis Price of TechnoEsq now enter the fray to try to set the record straight.

The anti-iPhone crowd makes the following three types of claims to support their position that the iPhone is the “the most insecure phone we’ve ever seen” and that “the words iPhone and security do not belong in the same sentence”: (1) it’s too easy to jailbreak; (2) there are encryption weaknesses; and (3) it stores screenshots.

Finis is both a practicing lawyer and computer forensics expert, and he recently participated in the Droid v. iPhone debate in the ABA Journal. With these impressive credentials, he responds to each of those allegations as follows:

The fact is that many so called “smart”phones can be cracked and the data stolen. Of course, the same can be said of laptops, and how many lawyers have theirs encrypted? One key difference with the iPhone is that it allows you to remotely wipe the email in the event that is ever lost. Starting back with the iPhone 2.1, it is possible to have the iPhone wipe its data after ten invalid tries, with each attempt being longer and longer. How many attorneys can do that with their laptops? Further, if your corporate email is set up correctly, your mail disappears if your password expires. While this can be annoying, it is more secure than the BlackBerry, which stores the email on the device itself. Also, the iPhone holds only 150 emails at most, which while annoying is more secure than the BlackBerry, which stores much more. Therefore, even if you use POP email, you are only risking 150 emails.

The allegation that the iPhone has encryption weaknesses rings hollow. There are about 100 security apps in the App Store which allow you to encrypt the iPhone to protect it in case it is lost or stolen. You can even add biometric security to the iPhone through apps if you so desire. The fact is that since the 3G-S version was introduced two years ago, the iPhone has been as secure, if not more secure, than any laptop – period.

I believe that the argument about storing screenshots is outright silly. Yes, the iPhone gives you the ability to store screenshots in your photo album, but you have to work a little by pressing a couple of buttons every time to make one. Despite the clamoring made by some, this is not done automatically. Moreover, the only way you would not know about this happening was if you never looked at your photos. I will acknowledge that I have accidentally done this on my home page, but I have never done in by accident within an app.

Is anything 100% secure? Of course not. Law offices are subject to being broken into and/or having wandering eyes (such as cleaning crews) access client information. Legal pads and paper files get lost or misplaced, and how secure is a briefcase to someone who wants to get inside of it? One could argue that even the information stored inside the lawyers’ brains is not secure. Give Jack Bauer ten minutes and I guarantee that he would get information out of the most ethical, security conscious attorney in the world.

All of this might make one wonder why iPhones are being targeted and unfairly branded as being “unsafe.” A skilled forensic expert gets physical access to a laptop computer, he can extract all sorts of information, even that which was thought to have been deleted. Yet we find it odd that we don’t hear anyone claiming that it is unethical for an attorney to use a laptop, as some have stated about the iPhone. One cannot help but wonder whether those are merely the ramblings of fear-mongering PC-centric dinosaurs or those interested in selling us something?

Just as you would verify information a used car salesman tells you about the history of a car before you buy it, attorneys should equally question IT consultants making sweeping statements – ESPECIALLY when those IT consultants have every vested interest in making you believe what they are telling you.  I am not saying this was the case at TechShow but it can’t hurt to explore the REAL facts behind what you are being told.

UPDATE- Be sure to check out the comments to this post as Tom Mighell has made some great points.

Tags: , , , , , , , , ,
  • Anonymous

    Well, I think that’s the point some are trying to make. If an iPhone becomes relevant in e-discovery, a forensics expert could potentially get some interesting data off the phone. The carving tool can certainly piece together a “screenshot” of what someone was looking at, right? There are examples in that whitepaper. This doesn’t necessarily make the iPhone any different from any other device that outputs to a display, but a forensic expert can still grab the data and make it useful (again, potentially) in litigation.

    I guess my point is that you and the others may be talking at cross-purposes. The iPhone may not take screenshots as most users would understand them, but images are being captured that can be retrieved should they become relevant in e-discovery. The fact that it would take a forensics expert to get at the data and make sense of it is a little beside the point to me – if it’s important in litigation, parties will spend the money to get it.

  • TMighell

    Finis, I'm reposting here what I posted over at Ben's blog, for consistency:

    Guys, I'm no iPhone hater here – I love my iPhone. But I have to ask about your third point, that the iPhone does not store screenshots. I've been reading the blog of Jonathan Zdziarski (http://www.zdziarski.com/blog/), and he states that the iPhone takes screenshots as it zooms in and out of applications (to create the animation of zooming), and stores these screenshots – these shots show the last thing the user was looking at before they changed screens. He also shows examples of screenshots saved by the iPhone during this process in a white paper on iPhone forensics, which is authored by a number of different people (and available at http://viaforensics.com/wpinstall/wp-content/up...).

    Is there something you guys know or have seen in looking at the iPhone that would contradict Jonathan's findings? I agree it is extremely unlikely that a user will “accidentally” take screenshots without their knowledge, but according to the above paper this happens behind the scenes, and doesn't appear in Photos or any front-facing app.

  • http://technoesqpresentations.com finis33

    If you read that forensics whitepaper, he actually had to use a method called 'carving' to get those images. This entails using a program to search for the hexadecimal values for image files in the temporary memory of the device. This results in over 2,000 images, most of which are not screens, being reported. These are then widdled down to whichever screenshot haven't been overwritten. This is not the same kind of screenshot we take with the iPhone, but rather a function of the transition effect the iPhone uses. However, it should be noted these files aren't even stored in an image format, they are simply bits and pieces of temporary memory which can be retrieved using a forensics tool and a LOT of forensics training.

    Using a carving tool, a forensics examiner could retrieve ANY image displayed on ANY computer device which outputs to a display. So the terminology used of the iPhone just taking and saving screenshots is misleading. These are not screenshots in the ordinary sense users of the iPhone use or can access.

  • TMighell

    Well, I think that's the point some are trying to make. If an iPhone becomes relevant in e-discovery, a forensics expert could potentially get some interesting data off the phone. The carving tool can certainly piece together a “screenshot” of what someone was looking at, right? There are examples in that whitepaper. This doesn't necessarily make the iPhone any different from any other device that outputs to a display, but a forensic expert can still grab the data and make it useful (again, potentially) in litigation.

    I guess my point is that you and the others may be talking at cross-purposes. The iPhone may not take screenshots as most users would understand them, but images are being captured that can be retrieved should they become relevant in e-discovery. The fact that it would take a forensics expert to get at the data and make sense of it is a little beside the point to me – if it's important in litigation, parties will spend the money to get it.

  • http://technoesqpresentations.com finis33

    Tom,

    The point we are trying to make is that since any data a device which outputs to a display could be recovered by a trained forensics examiner then this issue is not unique to the iPhone nor does it speak to its security. Since ALL devices are susceptible to forensics examiners methods, their retrieval of the information is not relevant – what is relevant is what someone who steals my iPhone can get to.

    Thus when answering whether an attorney should be concerned for the confidentiality of the information on his/her iPhone (discounting forensics experts), screenshots are not a security risk.

  • http://technoesqpresentations.com finis33

    Think of it this way. Having windows in your building make law firms more insecure because someone could more easily break the window and open your filing cabinet than if they had to break your door down. However, every law firm has windows and so the window as an increased risk is not relevant to the conversation of whether your firm is 'secure'.

  • TMighell

    Thanks, I got it the first time, and I agree. You didn't have to go all basic on me.

  • http://technoesqpresentations.com finis33

    I am sorry Tom, I wasn't implying you didn't understand. I was discussing it with someone else and that analogy came up and they thought I should post it as it describes the situation better. I hope I didn't offend you.

  • http://faribaultattorney.com/ Attorney Adrien Piermont

    You raise a very fabulous point. I hadn’t read it from that perspective before. Interesting point.