Apple iPhone 5C - security

A family member has, against my advice, bought an Apple iPhone 5C.
At home we have 3 Apple computers served by a Netgear64 router from a BT semi fibre line [ the last 100 m or so are ye olde copper wire ].
The G4 Desktop is wired to the router.
The G4 iBook and Mountain Lion MacBookPro are normally connected to the router via the router's integral wireless feature.

My concern is that of security of the wireless link.

We were told by a relative [ who is a non-numerate English schoolteacher! ] that the router wireless PASSWORD has to be entered into the iPhone.
This seems dodgy to me.
Assume the iPhone gets stolen, the thief could read that password, park car nearby, and access 2 of the 3 computers and search files and emails for info, get PASSWORDS for using Safari etc. And then possibly get access to our money in banks etc.
I assume that any competent crook nowadays has good software to crack PASSWORDS.

I would like to believe that I am worrying needlessly.
What evidence is there that iPhones do not provide a thief with access to our Apple computers?

This is nonsense.

The theoretical stolen iPhone would provide access to your network, but not to any of the data stored on your computers, which are protected by their own passwords. And the first thing you would do if a device were stolen would be to change the wireless password on your router. Also, note that an iPhone can be remotely locked.

So, yes, I guess it is theoretically a very slight security risk. But far less than the risk of someone breaking into your home, accessing your computers, and stealing your passwords and data. Most people who get hacked manage it by carelessness on their part, not a thief spending hours trying to crack a password - why bother when most people put it on a PostIt attached to their monitor.

Plus, set a pin on the iphone. Then they can't even get into it without the 4 digit pin (and from personal experience I can say it is pretty hard to crack as the more incorrect pins you enter the longer you have to wait between tries, entering enough pins to guess an answer could take decades).

And by setting a pin the phone will also be encrypted. There have been some bugs that allow bypass of the pin but they get quashed fairly quickly and a lot of them only allowed basic access.

Finally, setting a decent WPA2 password on the router would be sensible. If it is WEP and the password is easily guessable then the security is worthless whether a person has the iphone or not - a strong WPA2 password will protect the home network far better.

This sort of thing is only a concern when you're running an enterprise wireless network and should a device get stolen and the password be decrypted, you need to then figure out how to reconfigure hundreds of devices with the new passphrase (assuming you are still using preshared keys for your enterprise wireless), as well as have some sort of assurance that your employees will tell you if their device gets stolen, and all that is even putting aside trusting the employees themselves to not try and get the password themselves so they can connect their other devices to the corporate wifi at work to save on their 3g data on their phones.

At home, it is not really a risk, and also, if a device gets stolen, just change your wifi password.

Nothing to worry about.

Many thanks for the several helpful practical replies.

I will certainly do what I can to implement them.

My concerns may seemed over the top, but I prefer to err on the side of caution rather than be over confident.

For example, see

http://www.theguardian.com/media-network/2015/sep/29...

http://www.theguardian.com/technology/2015/oct/13/nc...

http://www.theguardian.com/money/2015/jun/22/telepho...


THANKS!

If you are still concerned about this there are routers, Apple AirPort Extreme, which I use, for example that run two wi-fi networks. One I call guest nerwork were I just tell people the password, grand kids their friends etc and my own network for my computers and iPads etc. It's not concern over people hacking in etc it means if someone is abusing it, I don't know how but you never know I can change the guest password easily without disturbing the other devices. Saying that I've never needed to change the guest password.

This is just paranoia, there is "erring on the side of caution" and then just going way overboard. You don't need to worry about this stuff.

To access your wireless network, and in order for the phone to connect to it, yes you would need to enter your wireless password. That is the case for ANY phone, not just an iPhone.

And, they would not be able to read the password, it will be ******* out.

None of this is specific to the iPhone.

No, that is incorrect. The iPhone, like any other, stores the details of previous wireless connections , including password. So the OP's concern - that the phone could connect to his wireless network (without any action being taken to block it) - is quite correct. There would be no need for a thief, or someone who found a lost phone, to enter the wireless network password.

But it is not really something to be worried about as has been explained by other posters here.

Sorry but you are incorrect.

The OP was discussing the iPhone specifically and I was pointing out that the iPhone is no different to any other phone as far as having to enter a wireless password in order to connect to a wireless network.

Additionally, the OP was quite explicit viz a via:

"Assume the iPhone gets stolen, the thief could read that password,"

And my response was quite correct that the thief count not read the password, it is ***** out and thus simply would not be able to read it.

You can retrieve the "password" (the pre-shared key) using this app http://modmyi.com/cydia/com.malcolmhall.wifipasswords

Cydia = jailbreak

Once one has gotten past the pin code or other form of locking the phone of course.

However, if someone leaves their phone completely open, jailbroken or not, they deserve all they get.

To access your wireless network, and in order for the phone to connect to it, yes you would need to enter your wireless password.

As I said, this is just not true for a phone that has already connected to the network - any phone. It would be hopelessly inconvenient if you needed to re-enter the password every time you connected to your home network.

I'm not going to get into an argument about iPhones versus any other phone; this holds for all smart phones.

I never said the phone doesn't save the password, however a thief would NOT be able to read the password.

You are absolutely incorrect if you think otherwise.

There is no argument, you are simply wrong.

As already explained, the thief would only have to jailbreak the iphone, install the app and see the psk.

I'm not disputing the reading of the password (although BatBoy makes a good point). But the thief would be able to connect to the user's network without entering a password, which is the real concern. (It really doesn't matter that you can't read a password if you don't need it!) What you said about having to enter the password to connect to the network is quite wrong.

Once connected there are all sorts of tools to help infiltrate further. A simple terminal session would be a good starting point.

Refer to the OPs post which clearly states "read" and stop being foolish.

They would have to get into the phone first, and anyone who leaves their phone insecure deserves all they get.

If someone is so paranoid as the OP about non-issues then one would expect the phone to be pretty secure in the first place.