How to FBI-proof your iPhone
You don’t have to be a wizard hacker to lock down your iPhone, preventing even the FBI from accessing your mobile data. But you do need to update its settings.
“There are a lot of people—and I consider myself among that group—[who] have useful knowledge that could be exploited,” says Jonathan Zdziarski, an expert in forensic analysis of Macs and iPhones. “CEOs, journalists, security researchers, even actors,” he says, have data on their phone somebody else would love to access.
The value in tightening your iPhone’s security isn’t specifically to keep law enforcement out; it’s to keep hackers, broadly, at bay. (And to be clear, we at The Parallax are promoting personal security, not the circumvention of law enforcement operations.) Apple designed the iPhone to prevent any kind of unauthorized access, so long as its security settings are turned up to 11.
Be warned: Several of these settings handicap the convenience of your phone.
Step 1: Use a complex alphanumeric passcode.
Apple’s own security guide (PDF) says it would take more than five years to run through all the combinations for a six-digit passcode.
To toughen your passcode, go to Settings, then Touch ID and Passcode, Change Passcode, and Passcode Options. From there, choose Custom Alphanumeric Code. Note that this will slow down your log-ins because it’ll take you longer to type in your passcode. If you don’t want to use an alphanumeric code, you can choose a six-digit Numeric Code that will still be harder to crack than the standard four-digit code.
Be careful when choosing a code: Don’t use numbers (or letters) in sequence from your address or phone number.
Step 2: Disable the fingerprint reader.
The Touch ID fingerprint reader is a tool of great convenience, but it also makes it easier for law enforcement officials to compel you to unlock your phone. Your fingerprint is considered physical property, and you can be forced to use it to unlock your iPhone. By contrast, because a passcode is nonphysical knowledge, you can’t be forced to use it to unlock your phone.
Zdziarski advises that if you find the fingerprint reader just too convenient to stop using, at least consider using a digit other than your thumb or index finger—perhaps your pinky or ring finger—to unlock the phone. The iPhone forces you to use your passcode after five failed fingerprint attempts. If law enforcement officials don’t know you’re using an atypical finger to log in, the phone could switch to the harder-to-unlock passcode before your finger unlocks it.
To disable Touch ID, go to Settings, then Touch ID and Passcode. Swipe to the Fingerprints section, tap on any fingerprints you’ve saved, and delete them.
Step 3: Wipe your data. All of it.
You can set your phone to erase all your data after 10 failed passcode attempts. This is the feature activated on the iPhone of Syed Rizwan Farook, one of the shooters in a December attack in San Bernardino, Calif., that led the FBI to demand that Apple build a special version of iOS.
As in Step 1, go to Settings, then Touch ID and Passcode. Swipe to the bottom of the screen, tap the option to Erase Data, then tap Enable.
Step 4: Tell Siri to buzz off (when your phone’s locked).
By default, Siri, your iPhone’s personal-assistant feature, is active when your phone is locked. Without unlocking your phone, she can assist you in revealing recent calls, emails, texts, and calendar events. And there’s a good chance that she’ll respond to someone’s voice other than yours.
To disable Siri when your phone is locked, go to Settings, then Touch ID and Passcode. Enter your passcode, and scroll to the Allow Access When Locked Section. Tap the Siri option to disable it when your phone is locked.
Step 5: Disable iCloud (and delete your backups).
Apple’s iCloud service is a helpful tool for backing up your data, but if you set it to synchronize all of it, it copies nearly everything on your phone to Apple’s cloud storage servers. Once the data reaches those servers, it’s much easier to access through means legal and otherwise. Government agencies could subpoena the data, and hackers could potentially break into the servers.
Advanced tips for the paranoid
If you’re extremely worried about someone accessing your phone, there are additional steps you can take. You can disable Find my iPhone, which tracks your phone’s location. You can also pair-lock your phone, which blocks the phone from establishing privileged connections with other devices and computers, using a free Apple app called Configurator.
“If it’s pair-locked, there’s no forensics tool on the market right now that can get in,” Zdziarski says.