Secure your iPhone or iPad - Hack your data | Jimiz.net

I am always interested in how secure my devices are? Is my data safe, can people get to my info, am I at risk of giving out any private information. The iPhone /iPad has proven to be pretty secure if you take precautions. Lock your screen and keep sensitive data out of the clear. The one interesting item you can hack is the backup. There is a lot of information to be gathered and searched in your simple backup. Many people don’t think twice about the sync that happens with your computer and iTunes. I’ll go into a little discussion on what can be seen.

Before I go too far into this information, it should be noted that this can be corrected by encrypting your backups. The process to encrypt your backup is a simple check box in iTunes. You can do this by connecting your iphone / ipad and selecting summary -> options -> encrypt iPhone backup.

Now that you have secured any future information let’s look at the wealth of informaiton that is now residing on your computer from your previous backups. Â To find your backups on a windows machine navigate to :

(Windows 7 or vista) – C:\Users\{your username}\AppData\Roaming\Apple Computer\MobileSync\Backup\

(Windows XP) – C:\Documents and Settings\{your username}\Application Data\Apple Computer\MobileSync\Backup

Once in the directory you will see your backup sets. Select one to look at. First we will start with the info.plist file. You can open this file with any text editor (xml formated file). This file contains the overall information regarding the ios device:

Device Phone number
Device name
Device GUID
ICC-ID: Integrated Circuit Card ID serial number of the SIM card
Serial number of the device
and Much more

You can see in the screen capture above that this device name is “jimizphone”.

I know at this point you are thinking why is this stuff important. Well after some research and some reading I was able to find out what some of those files contained. Thanks to team over at hrgeeks in their great post here is some definitions of the files. These files are all .mddata files that can be viewed using a SQLite browser.:

Call Log: ff1324e6b949111b2fb449ecddb50c89c3699a78
SMS (TEXT) Log: 3d0d7e5fb2ce288813306e4d4636395e047a3d28
Notes Application : 740b7eaf93d6ea5d305e88bb349c8e9643f48c3b
Contact List: 31bb7ba8914766d4ba40d6dfb6113c8b614be442
Voice Mail List: 992df473bbb9e132f4b3b6e4d33f72171e97bc7a
Calendar: 2041457d5fe04d39d0ab481178355df6781e6858

Let’s review one of the files. I choose to look at the SMS log. This would be the most damaging file if someone could review what I have said. It could also be the target file for people looking for information (ex-wife, girlfriend, or business competitor). Using SQLite browser I did a select statement on the file “select * from messages” it returns records of text messages from the phone.

You can see from the image, that a record of all text messages was saved. I have not verified if the deleted items are saved but the information is clear enough. Your iPhone backup file contains in clear text your SMS text messages. It has the date, phone, message, and time stamp that can be searched.

Opening the contact list quickly allowed me to look at names and numbers that were stored on the phone. This could be dangerous for people who don’t want that information shared. A person would not need physical access to their phone, only access to their computer.

Armed with file name information you can also get other non-phone related information that may be stored by applications.

Facebook friend list – 6639cb6a02f32e0203851f25465ffb89ca8ae3fa

I did a quick check, and I was able to see all my facebook friends information (cell phone, email are hashed) but names and contact areÂ available. This is interesting in that you can gather information outside of the phone that could be used against you.