How to Set Your iOS Device Data to Auto-Destruct

| How-To

Security measures are evolving in an effort to both protect your data, and dissuade the thieves from absconding with your iDevice in the first place. Apple has announced new security enhancements starting with iOS 7. Additionally, it's rumored that iOS 7 will support hardware-based biometric analysis – specifically, fingerprint scanning via some sort of on-board capacitance scanner.

But I'm going to show you how to protect your data today.  The feature I'm referring to is officially called Erase Data After Ten Failed Passcode Attempts. That's a mouthful, so my pet name for this is "Auto-Destruct Mode" – the high-tech version of the data-erasure method used in the original 1966-1973 Mission Impossible television series.

A scene from the original episodes of Mission Impossible where an agent is standing next to a tape recorder self-destroying.

"Good Luck, Jim"

In order for this feature to work, you first need to enable Passcode Protection. This is the feature where after a certain amount of time has passed, your device locks, and when waking or turning on your device, you are prompted for either a four-digit pin number or a more complex alphanumeric password. For more information on setting a passcode, plus some related tips, see my article here on TMO: How to Assign a Passcode with More than Four Digits to Secure Your iOS Device.

The passcode entry screen on an iPhone

This is the passcode entry screen for a "non-simple" passcode.

When you enable and configure a passcode, you also turn on a feature simply called Data Protection. This is communicated to you by displaying a notice at the bottom of the Passcode Lock panel in Settings. iOS uses your passcode as the "key" for encrypting mail messages and attachments stored on your device. The encryption scheme used is 256-bit AES Encryption. There are also a number of apps available from the App Store that may also take advantage of iOS Data Protection.

The Passcode Lock preferences panel

When enabling Turn Passcode On, you enter the desired passcode, then you can enable the Erase Data feature.

To enable the Erase Data After Ten Failed Passcode Attempts feature, Go to Settings > General > Passcode Lock and tap Erase Data. After you receive an appropriate warning, and you confirm your action, you'll start feeling better about the security of your data – while fully understanding that data security is rarely 100% foolproof.

A dialog reminding the user that

Just a simple reminder before enabling the Erase Data feature.

After ten failed passcode attempts, all settings are reset, and all your information and media are essentially erased by removing the encryption key to the data. When the data is ostensibly "erased," the process lasts just a few seconds because all that really happens is that the encryption key is erased, thereby rendering all the data useless and unrecoverable.

Does having your data erased via this mechanism turn your device into a brick? Not at all for for current iOS versions. That will change with iOS 7, but for earlier iOS versions, a device erased in the manner described here is still useable. It basically restores the device to "factory specs," as if it were brand new, or was erased manually. To bring it back to life, the thief would have to run a new device setup or do a restore operation.

For the sake of the TMO family – which includes you, the reader – I sacrificed my iPhone to test and document this auto-destruct mode. Well...OK, it's my retired iPhone 4S. I didn't want to take the time for the lengthy restoration process. Here's what I found when entering the wrong passcode:

After a few failed passcode entry attempts, the wait time lengthens in order to discourage further attempts before final erasure of data.

  • On the first failed attempt, I was simply advised to try again;
  • On the second through sixth attempts, the Try Again message blinked a few times to get my attention;
  • On the seventh attempt the lock screen message warned, "iPhone is disabled. Try again in one minute;" At this point, I was able to get to the telephone dial pad if I swipe as if to unlock the iPhone. I was advised that calls can be made, but to emergency services only – 911 here in the States;
  • On the eighth attempt, the waiting period increased to five minutes. Time to go make an espresso;
  • This was followed by a 15-minute wait on the ninth attempt. Time to practice my Tarantella. Incidentally, this waiting strategy is meant to discourage login attempts before getting to the inevitable extreme measure of data erasure. This is a safe measure when children or cats are involved;
  • On the tenth attempt, I was warned that the iPhone would be disabled for sixty minutes. Time to go watch an episode of Mission Impossible;
  • On the eleventh attempt, I figured that this was it… I was eagerly expecting to see my data go bye-bye with a satisfying "poof" and an animated puff of smoke. Nope! I got another sixty-minute reprieve! Gonna go for a nice walk with the Little Woman;
  • Finally, on the twelfth attempt, the screen immediately went black; no warning, no poof, no puff of smoke. After just a few seconds, which I imagine could seem forever to some, the start-up screen with the white Apple logo appeared, along with a brief progress bar. Finally, the standard iPhone Welcome and Set Up iPhone screens appeared – just like on a brand-new iPhone. Wow! That was fast!

The iPhone welcome and configuration screens.

On the 12th attempt – for me – my iPhone was wiped and returned to pristine conditions.

In conclusion, if the data on your iDevice is valuable to you, and you are concerned about others obtaining access to it should your device get lost or stolen, don't hesitate to enable your passcode protection, AND enable the Erase Data After Ten Failed Passcode Attempts feature discussed above.

I have enabled this feature on all the devices I own. I have to say that, while recognizing nothing is 100% safe, I feel a certain degree of satisfaction knowing that my data is protected in this manner. To further assuage any remaining angst I might be afflicted with, I am sure to keep my backups up-to-date by having iCloud Backup enabled, making sure my device is asleep and plugged into power as well as to my WiFi network each and every night. I also run an occasional full backup via iTunes on my Mac.

As always, I hope this has sparked some reflection on your part. Put yourself in the situation where you lost your device. Think of the data on there. Think of the consequences. Simple data security awareness is vital. You are given the tools – and those tools get better and better as the threats worsen – but ultimately, it's up to you to use and take advantage of them.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

wab95

Great tip, Sandro.

While I have this set up on my iDevices, your piece reminds me that I need to do this for the rest of the family, as nearly everyone has lost at least one iPhone (some more than one), and although I have always done remote wipes, it’s nice to have that onboard added layer of security that can auto-activate between the loss and the time you discover the loss.

Many thanks.

Lee Dronick

In iOS 7 I wonder if voice recognition would work for unlocking the device. You train it to recognize your voice, but it could also be unlocked via a password or finger print scan.

mrmwebmax

+

Very good, detailed information. BTW, in keeping with your Mission: Impossible theme, does anyone recall at the end of Ghost Protocol Tom Cruise hands out iPhone 4’s to the IMF team, which contain their new mission information?

Log-in to comment