Five Ways the Apple Patent Will Improve iPhone and iPad Security
By Tony Bradley
A recently unveiled Apple patent application has raised concerns that Apple intends to remotely detect and disable jailbroken iPhones and iPads. The patent application does contain the word jailbroken, but the description of the patent reveals powerful new remote security features and doesn’t really support the conspiracy theory.
A blog post from patentlyapple.com provides an overview of the Apple patent application. According to the post, the patent technology would enable a variety of security features including “the device taking a photo of the thief (smile now) or recording the thief’s voice,” adding, “Apple’s iOS security is getting so smart, that it’ll even know what kind of vehicle that the thief is using your device in – be it a plane, train or automobile and notify the proper authorities.”
The patent summary explains, “Systems and methods for identifying unauthorized users of an electronic device are provided in today’s patent. In particular, systems and methods for detecting an unauthorized user, gathering information related to the electronic device, the unauthorized user, or both, and transmitting an alert notification to a responsible party for the electronic device are provided.”
While the patent application does mention the capability to remotely determine if an iPhone or iPad is jailbroken, and it describes methods for remotely restricting the capabilities of the device, those two things do not logically lead to the conclusion that Apple intends to remotely disable jailbroken devices–especially considering the fact that jailbreaking has been declared legal from a DMCA perspective.
Conspiracy theories over the lengths Apple will go to in order to preserve its walled garden aside, the patent describes a number of innovative methods for determining if a device has been lost or stolen, and alerting a responsible party. It also provides the means for taking action to prevent unauthorized access to sensitive information on the iPhone or iPad, and gathering details that might help track the device down.
• Detect Unauthorized Use. A photo or voice recording of the current user, or the current user’s heartbeat pattern can be compared to the photo, voice, or heartbeat pattern of the authorized user to determine if the device has been lost or stolen.
• Suspicious Activity. Entering an incorrect passcode a predetermined number of times, hacking or jailbreaking the device, removing the SIM card, or moving some predetermined distance from a synced device could indicate suspicious activity and be used to detect that the device has been lost or stolen.
• Gather Forensic Data. If the device is suspected of being lost or stolen, the current user’s photo, voice recording, and heartbeat pattern can be automatically gathered and sent to a responsible party (such as the IT admin). Other data that could be collected include screenshots, keystroke logs, data sent to the device, current GPS coordinates, or geotagged photos of the surrounding area.
• Method of Travel. The accelerometer of the iPhone or iPad can be used to detect the vibration profile of the device and compare it against known vibration patterns to determine if the device is currently traveling. This method is capable of determining types of movement including walking or running, or traveling by train, plane, automobile, or bicycle.
• Remote Security. In addition to sending the forensic data above, remote security measures would enable the functionality of the lost or stolen device to be limited, and/or Apple’s remote wipe feature could be used to remove sensitive information from the iPhone or iPad.
While the paranoid conspiracy that Apple is out to disable all jailbroken devices is far-fetched, the ability to remotely detect attempts to hack or jailbreak the iPhone or iPad can be a valuable tool for IT admins who need to monitor and maintain the devices remotely.