Preventing unauthorized iPhone users

Apple has patented a new method of stopping a thief from using your iPhone. Each time the device is plugged into the computer, a code buried deep within the iPhone is compared to a code downloaded from Apple via iTunes. If the codes don’t match up, (i.e. you called in a lost iPhone and Apple/AT&T changes the code), the iPhone then prevents itself from being charged again.

It is a fascinating idea for mobile device theft deterrence. Most devices use a password system to attempt to accomplish the same thing. For example, my Blackberry requires me to enter a password each time I use it. Not only is this horribly annoying, it results in me setting the easiest password I can to minimize my pain.

(Granted, the Blackberry is not trying to only prevent someone from using it as a phone long-term, they are trying to deter someone from looking at sensitive information immediately.)

However, I see a few problems with this security method.

  1. It requires the use of iTunes. Hackers have already managed to change the iPhone into a web server that can serve web pages (yes, for the hell of it, this is what most hackers do with new devices). I am certain they can bypass the use of iTunes on the iPhone, as many hackers I know of hate iTunes.
  2. It requires me to plug the phone into a computer. What if I just plug it into a wall outlet and never into a computer? Unless the code can be sent wirelessly, you have just circumvented the security system.
  3. Sensitive documents can still be accessed at the time of theft.
  4. Eventually, someone will figure out how to bypass the circuitry that prevents the phone from being charged and find a workaround. This may take weeks or years, but it will be done – “hiding” security in a system almost never works to prevent unauthorized access.

(Are there other problems that I have forgotten?)

As we depend more on mobile devices, theft will affect us in more substantial ways. While this solution may have issues, at least Apple is thinking of ways to solve the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *