Smartphone security expert Graham Lee offers some simple advice on how better to protect your iPhone or iPad.
The iPhone – along with the rest of Apple’s iOS product family – seems to me to be the TARDIS of the computing world.
There’s a full-featured UNIX computer with almost permanent network access, and it fits in my pocket: surely it must be bigger on the inside. Apparently you can even use them to make phone calls, too.
It certainly puts my first portable to shame.
Of course, such a powerful computer must be protected, particularly when you use it for sensitive tasks like email and editing work documents on the move. So here’s a short list of iOS tips to help you stay secure using your iPhones and iPads.
1. Set the passcode
All of Apple’s products that run iOS allow the user to configure a passcode. The passcode controls access to the apps and data installed on the device. No passcode, no data – and there’s no way to get around that, because content including saved passwords and mail attachments is encrypted so that without the passcode, iOS can’t read the content at all.
To enable the passcode, first launch the Settings app. In the “General” section, look for the “Passcode Lock” setting. Tap that, and you’ll see a screen that allows you to turn the passcode on, and to define when it’s required and whether to use a “simple passcode” (a four-digit PIN) or a longer password.
Even though iOS is designed to slow down “brute force” attacks (where the attacker enters multiple guesses at the passcode until he finds the correct value), guessing one of the 10,000 simple combinations is very quick.
Particularly if you use one of the most common PINs.
It’s best to turn simple passcode off and use a stronger password, following Graham Cluley’s advice.
2. Don’t jailbreak
By default, Apple limit the software that will run on your iPhone or iPad to their own apps, and anything that you download through their app store. They do this to restrict the chance that malware gets onto the devices, and so far it seems to work: iOS has not seen the same malware problems that have plagued Android.
Google are more permissive about the software allowed in their marketplace, and allow installation of non-marketplace apps: both good avenues for getting malware onto a mobile phone or tablet.
Of course, some people (including regular Naked Security contributor Duck, who discussed the issue in a recent Chet Chat podcast) see this as an unwelcome limitation on what they can do with the phones that they paid for.
Such people may turn to jailbreaking to remove Apple’s limitations, so that they can install unapproved software or reconfigure the operating system.
Down that path lies iPhone malware and an easy route for attackers to install remote access tools, keyloggers (well, taploggers I suppose…) and other nasty things.
“Grange Hill” stalwart Zammo would probably agree with me here: when it comes to jailbreaking, just say no.
3. Be careful of where you surf
Phishing, and other scams like the recent iTunes giftcard ruse, do not depend on your technology choices: they’re designed to fool you, not your computer.
With that said, it’s perhaps easier to be taken in when surfing with Mobile Safari: user interface hints including the location bar and the SSL padlock are smaller, and in scrolling to read a page’s content you’ll push them off the top of the page and perhaps forget to check that you’re on the correct site.
Especially if you’ve just snuck your phone out during that boring meeting, and are still half-listening to the Q3 sales projections.
Personally, I reserve sensitive tasks including online shopping and banking for either native apps released by the banks and stores, or for the desktop browser where it’s easier to see whether I’m on the right website.
I hope you found those tips useful. For more chat about mobile security and privacy, please follow me on Twitter.
Leave a reply