How to secure iPhone data with pair locking and supervision
In this article we're going to take a closer look at an obscure but highly effective way of increasing your phone's security: pair-locking.
What is pairing?
Pairing creates a trusted connection between your iPhone and a computer. For example, when you connect your iPhone with a USB cable, you are asked to grant full access and once accepted, pairing takes place and a trusted key is kept for future connections. A connection is created between your iPhone and your computer so that applications like iTunes can communicate with your device. The bad news is that forensic applications which might harvest your data can use the same connection key to remotely communicate with your iPhone.
Once an iPhone is paired with a computer, that computer will have full access to all the personal information stored on your device. This means the computer will have access to all photos, notes, videos, messages, and -- with the right knowledge -- hackers can even break passwords from third-party applications. Your iPhone can be accessed even when it's locked with a PIN code.
What is pair-locking?
By pair-locking your iPhone you're basically blocking any forensic application that tries to communicate with your iOS device, by preventing new pairings. You're pairing it with a single computer -- yours -- and preventing it from ever pairing with any other.
Is your iPhone paired with your computer already?
A private key is being created when paired your iPhone. This key is stored both on your iPhone and on the computer you have paired with. You can find a pairing record of your device easily, like this:
- On macOS, open Terminal and paste the following:
open /var/db/lockdown - If you are using Windows, go to
%ProgramData%/Apple/lockdownin Explorer
Steps you need to take to pair-lock your iPhone
-
Download Apple Configurator from the App store on your Mac and open it
-
Click "Prepare"
![Apple Configurator's "Prepare" button]( "Apple Configurator's \"Prepare\" button")
Apple Configurator's "Prepare" button -
Choose any name you would like and toggle on "Supervision"
- Uncheck the box "Allow devices to connect to other Macs"
Create a new profile by clicking on the plus sign at the bottom of Apple Configurator
![Creating the pairing profile in Apple configurator]( "Creating the pairing profile in Apple configurator")
Creating the pairing profile in Apple configurator You can use any name you would like for this profile, then click on "Restrictions" and on "Configure"
![Restrict your iPhone]( "Restrict your iPhone")
Restrict your iPhone Uncheck "Allow pairing with non-Configurator hosts" to disable pairing, then click "Save"
![Enable pair-locking for iPhone or iPad]( "Enable pair-locking for iPhone or iPad")
Enable pair-locking for iPhone or iPad -
Select your newly created profile and click on "Prepare"
![Sync pair locking profile]( "Sync pair locking profile")
Sync pair locking profile -
Fill in the organization information: only the name field is required, and you can input anything you would like on phone, email and address
- Connect your iPhone or iPad and click "Done"
You'll get a warning message asking if you are sure you want to apply these settings to all connected USB devices, click "Apply" and your device will only be accessible from the computer you've paired with
![Apply changes to USB devices with Apple configurator]( "Apply changes to USB devices with Apple configurator")
Apply changes to USB devices with Apple configurator
Just remember: if you do this, you won't be able to sync or connect your iPhone with any other computer. But neither will the bad guys.
