The government finally found a way to break into the San Bernardino shooter’s iPhone, ending a drawn-out legal battle with Apple. On March 21, the government announced an “outside party” had found a promising technique for cracking an iPhone 5C used by one of the San Bernardino shooters. After a week of legal respite, the new technique worked, and the case is finished. The government withdrew all charges against Apple and announced that it had managed to access the data on the shooter’s phone, circumventing Apple’s carefully-designed security and encryption.
The government isn’t letting on what they can and can’t do. The only thing we know for sure is that they have a workable exploit of the security features that allowed them to remove stored data from an iPhone 5C running iOS 9. The government confirmed that their security exploit worked for the phone connected to the case, which had the specs listed above, but did not confirm or deny whether the technique would work on similar phones. But it’s a pretty damn safe bet that it does. The latest iOS update, iOS 9.3, irons out a few security flaws and adds some privacy features, but without knowing the exploit the government’s “outside party” is using, nobody knows how vulnerable newer models of the phone are to the breach.
One thing you can do is change your passcode settings to a longer, alphanumeric password. The longer and more complex your password, the more difficult it is for a brute force attack to crack your security. On new versions of the iPhone, six digits is the minimum for a numbers-only passcode, but old versions can have as few as four. Upping your code from four digits to six increases the possible passcode permutations from around 10,000 to over a million, and adding a longer alphanumeric (numbers and letters) password makes it skyrocket exponentially higher.
Still, even a complex passcode probably wouldn’t stop a dedicated hacker with full physical access to the phone for long. While a passcode can definitely delay the government, it’s safe to assume that someone will find a way to extract the data, if given enough time, as in the San Bernardino case. Encryption is a strong digital tool, but it’s not flawless, and everything from digital flaws to human error can compromise your security at any time. Without knowing the government’s specific method of unlocking the phone, it’s probably wise to assume that data on your phone is less secure than before — while the San Bernardino shooter’s phone was an older model running an outdated version of iOS, there’s no guarantee that updates have fixed the exploit without knowing what it is.