Tuesday 23 November 2010

iPhone Security Guide

Last week a reporter asked for my opinion on iPhone Security, I said I thought it was a good idea.

But seriously, Apple are actually taking steps to better secure the iPhone, this is driven by Apple's desire to impact the business smart phone market more, and better compete with the likes of Blackberry, who are the dominate force when it comes to business smart phone usage. Blackberry has been widely adopted by larger enterprises not only because their devices are easy to centrally manage, but because it comes with a whole raft of essential business security features, such as device level encryption and remote wipe functionality.
When you think about it, you realise your iPhone is absolutely crammed with your personal information, think about the details within your Contacts list, Email accounts, Facebook account and even your personal photographs and videos all stored on the device, so if you care about your privacy and safety online, you may well concern yourself with the security aspects of your iPhone. The good news is Apple are making improvements to better secure the iPhone, and it's cousin the iPod Touch, which is equally security important considering the same personal information is generally kept on it as well. 

There are security settings and device usage methods you need to consider as a security conscious iPhone user, so here are my top iPhone Security tips; and they don’t require the purchase of any Apps either.

1. Always update your iPhone operating system software, known as the iOS, to the latest version. The iOS can be freely downloaded and applied to your iPhone via iTunes, ensure you check by syncing your iPhone at least monthly basis for new iOS updates. I do find some people very rarely sync their iPhones with iTunes, while others choose not download and install iOS updates.

There are a number of security vulnerabilities in past versions of the iPhone iOS which have since been resolved. Such as bypassing the iPhone’s Passlock security by opting to make an emergency call and typing in ### or using the main iPhone button to access a shortcut. Also there are additional security functions that are only available with the latest version of iPhone iOS.

2. Avoid connecting to Free WiFi Hotspots when you are out and about. You’ll probably have a 3G connectivity data access package anyway, so stick to this and using your own home WiFi. I find rogue WiFi access points often pose as legitimate looking wireless connections. I have found rogue WiFi access points using real Hotel names, Restaurant names and default WiFi Router names like Netgear and BTRouter, all in a bid to have you connect to them, or even worst have your device automatically connect. Connecting to a rogue WiFi access point may well give you the internet access you crave, but in turn it gives criminals (yes WiFi theft is a crime under UK law) access to everything you do while connected to the Internet, allowing the bad guys to steal your information, login into the same websites as you, including fully accessing your Facebook, Twitter and Email accounts. There is a solution to this issue, by using a VPN service to connect your iPhone securely to the Internet, I'll blog about this separately.

3. In case you lose or have your precious iPhone stolen, you will want to ensure all your peronsal stored information like Emails and pictures, as well as the potential usage of your phone's call credit and even your iTunes account are well protected, should your iPhone fall into evil hands. So it is imperative you review the following account settings on your iPhone.

a. Tap on ‘Settings”, then Tap “General’

b. Ensure “Passcode Lock” is “On”, if not I strongly recommend you enable this feature.  Next tap "Passcode Lock"

c. Now enter your passcode

d. At this point the most important setting to check to ensure is enabled, is right at the bottom called, “Erase Data”. Enabled it means if a bad guy enters your iPhone passcode 10 times incorrectly, all your information on your iPhone is wiped, this is not only a good feature but is essential for iPhone Security.
This setting should be on by default (thanks Apple), but if this option is turned off, a bad guy can keep trying your passcode until he or she gets it right. There are up to a maximum 10,000 possible combinations with a 4 digit code, these attempts are feasible work for a serious phone hacker to try, however they always first try, and are often successful with the typical most common four numbers used, such as 1234, 4321, 0000, 1111 and numbers 1950 to 2010 etc. 

e. If you are using a passcode with the above common 4 digits, change it to something more unique and less guessable.

f. If you want more security with your iPhone passcode and don’t mind the extra inconvenience that comes with it, you can change your passcode from a 4 digit number passcode to a "text"passcode.

To do this tap “Simple Passcode” to off and follow the instructions

You don’t need a complex password if you have the “Erase Data” option enabled, 5 characters or more should be sufficient, unless it’s something easily guessable like your name.

If you are a security nut, go with a password of at least 8 characters in length, made up of upper and lower case letters, numbers and special characters.

g. Don’t tell anyone or write down your iPhone passcode (obvious really)

h. Enable “Require Passcode” feature to a sensible timeframe. This feature automatically lock the iPhone after a set amount of time, requiring a correct passcode to unlock and use. My suggestion is to set this to 15 minutes, however if you don’t mind the inconvenience for higher security, you can set this to immediately come on or after 1 or 5 minutes of inactivity. I wouldn’t recommend setting it to 4 hours or ever turning it off, as it kills the protection the passcode provides.

4. Be careful about the Apps you download and install onto your iPhone, specifically be vigilant about the information you type into your iPhones Apps. There are 100,000s of Apps available, while Apple do their best to vet all these Apps, some dodgy Apps do get through the iTunes AppStore vetting net. Past dodgy Apps have stolen personal information, passwords and credit card details, so be wary when requested for sensitive information by an Application. Also check Application options for security features, you may not want to allow Apps like Facebook to be able to geotag your location.

5. Within your Safari web browser settings, to help prevent possible malware infection and spam messages, ensure Pop Ups are blocked.  A web browser cookie is a piece of information which records details about you and your access on specific websites, sometimes cookies can automatically log into a website, so could be dangerous in the wrong hands. In Safari's settings, you have the option to disable cookies if you are highly security conscious, however my suggestion is to occasionally delete your cookies by tapping "Clear Cookies", under "General", "Settings" then Safari, especially after visiting sensitive websites. While in Safari's settings, double check the "Fraud Warning" is enabled, which it should be by default.

6. Finally avoid storing sensitive information on your iPhone, such as your bank account details, website passwords, credit card details and your PIN codes.