Fresh Thoughts #55: A Great Security Experience
- Newsletter
It's hard to see the value of security until it's needed.
It can feel like a waste - based on hypothetical scenarios mixed with hysteria.
But security is the cosiest feeling when the chips are down.
A Great Security Experience
Last week I told the story of a stolen handbag.
In all the frustration, one positive shone through. Apple's security experience was exceptional.
Apple can be criticised for many things, but its security experience is exquisite. It answered all our questions...
Disclaimer: #NotAnAd
Where's my handbag?
"The last time your phone was seen near the house was 9:27pm last night... ...it now appears to be at a phone shop in a dodgy part of town."
Why?
Apple's 'Find My' service is the one-stop online place to find your devices. From laptops, phones and iPads, to headphones and anything you attach an AirTag to.
Tracking was enabled - as we have a habit of losing phones around the house - and it even works when the phone is powered off...
This was instant confirmation that it had been stolen. We tracked the phone for four hours, watching it update its location every 5 minutes. Interestingly the police refused to record what we saw - but that's a story for another day.
Are we going to get the phone back?
The police said...
"Don't go to the shop you can see in the tracking data."
And then, a short time later...
"There's no CCTV... and no eyewitnesses... so there's insufficient evidence to pursue an investigation... The incident is closed at source."
I can't help thinking Sandip Patel KC was right. "You're on your own." 🤷♂️
What about the pictures? Can we get those back?
"Yes - everything is safe."
Why?
Both the phone and iPad were configured to use iCloud as a backup. So all the pictures, contacts and settings were stored remotely and securely.
As is always the case, not "everything" was backed-up. Luckily it wasn't something important - merely the children's progress on their favourite science app - Tappity. 🤦♂️
What about the information on the phone?
"There's no way they can get at the data on your phone, so I'll trigger a remote wipe - so the phone is fully secured."
Why?
The array of protection Apple offer iPhones and iPads is impressive. It starts with PIN codes with timeouts for wrong guesses - to prevent repetitive guessing of all combinations.
Apple's facial recognition - FaceID - is a great experience but doesn't provide additional security. However, multi-factor authentication (MFA) is needed to access cloud backups. MFA is the lynchpin of Apple's privacy and security model.
Finally, add in the encrypted storage and obfuscated notifications. There's no way a petty criminal can access sensitive information.
So... it's just a chunk of electronics in a pretty purple case?
"Yes."
The Restoration
As anticipated, Apple's multi-factor authentication was the crux of the restoration process. There was a circular dependency. To authenticate, the phone needed to use the iPad... and the iPad needed to use the phone.
After 5 days - mainly waiting for deliveries - we got the required access. In hindsight, the digital detox was a good thing.
Then... "Would you like to restore you're backup from 2 days before the incident?"
And 20 minutes later, everything was back to normal.
Final Thoughts
It's important to remember that this experience was on consumer devices and inside the closed Apple walled garden. Businesses rarely have this luxury and must combine many vendors to ensure their operations work effectively.
However, the same experience can be achieved by combining native and foundational security technologies to answer the questions that arise. It takes prior thought, planning and configuration.
The incident you experience may not be a stolen handbag. It could be a ransomware attack. But your experience can be as seamless - provided you have security already in place.
February 28, 20233 Minutes Read
