Stories about “unbreakable” or “bulletproof” cryptographic solutions always bring a smile to our faces, so when it was reported that iPhone’s use of AES encryption, along with several other bits of functionality, made it impervious to even the massive power of the NSA, we knew it was ripe for skewering. This is not to say that the cryptographic foundations and architecture of the iPhone isn't very solid, because it is, it's just that way in which a majority of people use their iOS device undermines many of the strengths of the system. At its heart the iOS security model is an Enterprise security model; if the configuration of the device can be controlled then a very robust security model can be built atop. If however the configuration is created in a manner that favors ease of use over security, then regardless of the architectures potential the maximal level of security will never be reached. Consider:
- Most people don't set a device PIN. This PIN is the root of the entire security API and without it direct uses of that API by apps are essentially meaningless
- Those people who do use a PIN use a simple 4 digit PIN, which given the small keyspace is readily crackable in a reasonable amount of time for a majority of iOS hardware
- Regardless of the hardware, PIN quality is an open question (Do you need to do any fancy math if most people use a few familiar four-digit numbers –last four of SSN, 1234, etc. - for a PIN?)
So while iOS security has the potential to be impressively secure, its strength relies on mindful configuration. It should not be a surprise to anyone reading this that most people aren't so security conscious that they would render their iPhone provably un-crackable. Or put another way, what percentage of iPhone users have a complex passcode of length 8 or more alphanumeric + special characters that they input every time they receive a text message?
Real-world use-case? The iPhone is only as secure as its user is aware.