LuxSciLuxSci
Secure Email,
Web and Form Solutions
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Encrypting the data stored on your iPhone/iPad with disk encryption

Share Post:
More...

Mobile devices are with us all the time … if you are a parent, you phone is probably at your side more than your kids.  With all the secrets of your life residing on your phone, protecting those against access should your phone be lost or stolen is important.  If you use your phone for work, then this may be critical. E.g. if you are a doctor or nurse and use your phone for access to email or other data that may contain patient-related information, then HIPAA essentially requires that easily-lost mobile devices like this are locked down and encrypted.

This article explains how to protect yourself if you have an iPhone, iPad, or iPod Touch.

1. Make sure that your OS and device are not too old to be secure

Make sure that your device is relatively recent: an iPhone 4 or better will do the trick.

You need to have an iPhone 4+, iPod Touch 3rd Generation+, or a recent iPad. Essentially, any Apple device that shipped with at least iOS v4.0+.  It is this version of iOS that supports improved AES-based disk encryption and the hardware that shipped with it that contains AES processors on these devices.

Older devices may have a basic form of encryption, but it is not really useful, and designed for data wipe only and not for security.

2. Passcode-protect your device

Next, you need to add a passcode to your device.

When your device is passcode-protected then Apps that support the Apple Data Encryption API will encrypt the data stored at rest on the device.  Adding a passcode automatically causes all supported data to be encrypted and for the encryption codes to be derived from your passcode … so unless someone knows your passcode, they can’t access your encrypted files.

  1. Click on “Settings”
  2. Click on “General”
  3. Scroll to “Passcode Lock” and touch it.  Enter a 4-digit passcode
    1. Recommended: Change “Require Passcode” to immediately, so that data is encrypted as much as possible
    2. Recommended: Change “Simple Passcode” from “On” to “Off” and enter a complex password as the passcode.  This will make it more painful to unlock you phone, but will also make it no longer trivial to guess your passcode and unlock your encrypted data by brute force.
Note: What is encrypted?
  • All mail stored by the built-in Mail application.
  • Data stored by third party apps that use the “Data Encryption API”
  • Nothing that is being synchronized with iCloud
  • Not your texts, or skype history, etc
So, mostly, this takes care of your email as long as you are using the built-in email app.

3. Use a service with Remote Wipe

Remote wipe allows you to erase all of your iPhone or iPad data remotely in the case that your device is lost or stolen.  This erases all encrypted and all non-encrypted data.

  1. Apple’s iCloud Data wipe service allows this. Provided it is enabled and Find My iPhone is setup., anyone with access to your iCloud account can wipe your device.
  2. LuxSci’s Moble Sync service also supports remote wipe of data on demand.  This does not need to be pre-configured on your phone.  However, the wipe will not occur until your device next tries to check your email or sync your calendars/contacts/tasks.  So, if you find your device, you may have time to turn off Internet access, avoid the wipe, and backup the device or delete your MobileSync account, before things are cleared.

4. Caveats?

Always some caveats.  Here is what else you need to know:

  1. Remote wipe will not affect devices that are not connected to the Internet.
  2. iOS encryption will mostly only apply to your email.
  3. The encrypted email could be decrypted by someone who has access to both your device and the computer that you use to backup your device…. see: Limitations of Data Protection in iOS 4.
  4. 4-digit passwords really do little good in keeping someone from cracking your encrypted data.
  5. For best security, do not store sensitive data on your phone at all.  Instead, use apps or web-based services which can display data to you, but that keep the data stored elsewhere (not cached or saved locally).  This is the recommended solution for HIPAA compliance… as even with the best encryption, if a single device is stolen, that is a reportable event under the HIPAA Omnibus rule.

Share:
More...

Leave a Comment

You must be logged in to post a comment.

Security Certifications TRUSTe EU Safe Harbor Thawte Extended Validation SSL Certificate McAfee Secure Authorize.net Merchant
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries