Apple iPhone

iPhone Advice

Be aware of that Apple iOS 4 update is disabling your security settings, see Update 24/06/2010 below

Do not store any sensitive or confidential data on your iPhone and follow the iOS4 update procedure described.

Shutdown your iPhone only in the locked state and keep it in locked state when not in use: Intending to shutdown your iPhone from the unlocked state (thats when you see the App icons) press the top right button once. Wait a second and then keep pressing the button again until the slide to power off appears and then shutdown your iPhone.

Please do also use the “encryption” feature with iTunes for your Backup. Click on your phone device under iTunes and under Summary -> Options Select “Encrypt iPhone Backup” and use a strong password.

Ideally Do store your Backup only on a PC with an encrypted storage.

Apple will release iOS 4 which might fix the massive security vulnerability for the iPhone 3G and iPhone 3GS. Please update asap. According to Apple the release date will be on the 21st of June 2010.

Apple released today (21st June 2010) a newer version of the iPhone software (version 4.0-8A293). If you want to update the phone please make sure to get iTunes also updated to its latest version 9.2.0.61 before attempting the software update.

After the first tests done, please bear in mind that I need further investigations followed to provide a more reliable conclusion. So far it turns out that the time-of-check-to-time-of-use (TOCTTOU) bug (race condition) seems to be patched in iOS4. The flaw is for me no longer reproducible in the way described.

However, I would not call the issue as cleared off for the time being:

Apple security release notes can be found here and Apple is not mentioning anything about the security improvements towards better authentication and/or encryption.

If you read the installation notes during the software update very carefully you will note:

“* Better data protection using the device passcode as an encryption key* (Requires full restore)”

What this means is that unless you go through the Full restore process you will not gain any data protection improvement promised by Apple.

Update 22/06/2010:

Apple hasn’t pointed this out so far but I would strongly recommend following update procedure for iOS4:

Upgrading your iPhone to the latest version is the normal procedure, however if you read the installation notes during the software update very carefully you will note as mentioned:

Apple: * Better data protection using the device passcode as an encryption key* (Requires full restore)

What this means is that unless you go through the Full Restore process you will not gain any data protection improvement promised by Apple.

1.) Make sure your PC system is connected to a reliable power source.

2.) Get iTunes up to date, use the built in update function (Help -> Check for Updates)

3.) Make a backup of your iPhone data: Connect your iPhone to the computer system and open iTunes. Under ‘Devices’ on the left hand side of the window, right-click on the name you assigned your iPhone and first select ‘Sync’. Once this has been completed follow the same procedure, only this time select ‘Back Up’. Again, once this is finished right click on your iPhone and finally select ‘Transfer Purchases’. Once this has been done your iPhone would be fully backed up onto iTunes locally.

4.) iPhone iOS4 installation Phase 1:

Once you have fully backed up your iPhone go onto ‘Summary’ and select ‘Check for Updates’. The option to update to the latest version (4.0) will appear, select the update option and leave the iPhone to run its system update. The iPhone will require restarting.

Added 24/06/2010

Apple iOS 4 update is disabling your security settings: After the update Apple iOS4 leaves you with no passcode protection and “Erase Data” feature disabled even when you have set this up before the update.

After the iOS4 update make sure under Settings – General – Passcode Lock On:

– Require Passcode is set to “Immediately”

– Simple Passcode is set to “OFF” , I recommend at least 6 characters (numbers and or letters with at least one special character included). This is very important as the passcode will be used to generate your encryption key during the full restore procedure .

– Erase Data is set to “ON”

5.) iPhone iOS4 installation Phase 2:

Note: If a Backup is available you should not lose any data at all.

Once the iPhone has completed its updates, select ‘Restore’ in the ‘Summary’ section of iTunes. If you have already backed up your iPhone with all the latest changes you’ve made to it (New songs, pictures etc) you won’t need to update the iPhone again, just allow it to run its System Restore, this will reset the iPhone back to its factory settings. Once the process is completed the device will restart and the Apple logo will appear on the screen. After the restore, the iPhone displays the “Connect to iTunes” screen. Keep your device connected until the “Connect to iTunes” screen goes away or you see “iPhone is activated.” If iTunes does not have an Internet connection, you cannot complete this step.

Finally, to restore your device from the previous backup you should be able to see a set of options in iTunes, stating that “An iPhone has been previously synced with this computer” with a list of synced devices, select the backup from which you want to restore your settings and select the continue button to complete the devices restoration.

Update 24/06/2010:

Apple iOS 4 update is disabling your security settings: After the update Apple iOS4 leaves you with no passcode protection and “Erase Data” feature disabled even when you have set this up before the update.

After the iOS4 update make sure under Settings – General – Passcode Lock On:

– Require Passcode is set to “Immediately”

– Simple Passcode is set to “OFF” , I recommend at least 6 characters (numbers and or letters with at least one special character included). This is very important as the passcode will be used to generate your encryption key during the full restore procedure .

– Erase Data is set to “ON”

If you had to change from Simple Passcode “ON” to a more complex passcode follow again the “iPhone iOS4 installation Phase 2” described above. This will generate a new stronger encryption key.

To make it easier, I summarized the iOS4 iPhone update.

Thank You.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s