Everyone is weary of hackers and the damages that they can cause, as seen with the Heartbleed Bug and Shellshock Bash. But hacking attacks can also mean physical security breaches, as hackers do not always have to resort to intricate techniques to steal your personal information. A criminal can simply break into your house, car, or office and steal a laptop. If unencrypted, this can equal to major losses.
According to Business Insider, if your iCloud account has been hacked, a full backup of your account can be downloaded. This gives the hacker complete access to all your personal information. Here is a scarier thought, not only will the hacker have access to all your personal data, but they will have the ability to stalk you in real time by using the Find My iPhone feature.
Apple this week rolled out a new version of its operating system running mobile devices such as iPads and iPhones. It also announced it will no longer be able to comply with requests of law enforcement to unlock the encryption governing those phones. Moving forward, accessing encrypted data on an Apple smartphone or tablet will only be possible by the owner of that device.
Last month I wrote about the necessity of performing Pre-Boot Authentication (PBA) in order to get the full benefit of confidentiality that Full Disk Encryption (FDE) can provide. However, there are some environments where corporate security policy might allow for a less secure configuration as tradeoff for better usability. For example, I have conceded in the past that if a user is within the physical confines of his company, say travelling from one floor to another for a meeting, that sleep / standby (S3) might be an acceptable risk.