Top 5 Security Settings for Apple iPhones and iPads

The following is from:
http://www.spylogic.net/2012/02/top-5-security-settings-for-apple-iphones-and-ipads/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+spylogic+%28spylogic.net%29

Top 5 Security Settings for Apple iPhones and iPads
Apple mobile devices are among the most popular gadgets today. In fact, Apple reports
that 250 million iOS devices have been sold and 18 million apps downloaded. I often
find that, while the popularity of these devices increases, many don’t understand
the basic security features that Apple makes available to them. Some of you may not
even realize that these features exist and how easy they are to use. Let’s walk through the top five security settings for these devices:
#1 – The Passcode
This is the most important security feature of your device. It’s also one of the
least configured settings. While it may be a pain to “unlock” your device when you want to use it, it’s also your first line of defense if your device is ever lost
or stolen. The key to the passcode is to ensure its complex and greater than 4 characters
or digits. Never use simple passcodes like “1234” or your ATM PIN number. The two
other settings that you need to set are to “Require Passcode Immediately” and set
“Simple Passcode” to OFF. You can find these settings under the “Settings” icon then “Passcode Lock”.
#2 – Erase Data
The erase data functionality adds another layer of security to your device. This
function will erase all data after 10 failed passcode attempts. What this means is
that if someone steals your device and tries to brute force your passcode, if they
enter it incorrectly, the device is erased and returned to the factory default settings. Turn “Erase Data” to ON in the Passcode Lock screen.
#3 – Find My iPhone/iPad
If you ever lose or misplace your iPhone or iPad, “Find My iPhone/iPad” is a very
important feature to enable. Simply download the application on your device or access
it through iCloud (icloud.com). If your device is iOS 4 or below you will need to use the “MobileMe” (me.com) feature instead of iCloud. Either way, you will need to login with your Apple ID to set it up. You can then send the device a message
or alert, locate the device on Google Maps, remotely set a passcode, and remotely erase the device. This feature is invaluable if your device is lost or stolen. #4 – Backup Encryption
One of the more obscure settings that many users don’t set is the “Encrypt Backup”
setting, which is found in iTunes. This setting even applies to the new iCloud service
in iOS 5. This setting ensures that the backup of your device is encrypted. It goes
without saying, if you can access this backup, the data on your device can be accessed and harvested. For example,
earlier last year there was a “feature” in which Geolocation data could be easily harvested from the backup file
. This has since been remediated, but just think how much information could be harvested about you through an unencrypted backup file.
#5 – Keep iOS Updated
Making sure that you always have the latest version of Apple iOS on your device is
important because Apple is always releasing security updates and implementing new security controls. Simply plug your device into iTunes and you will get prompted to update your phone to the latest version. As a side note, don’t Jailbreak your
device! Jailbreaking makes many of the built in security features useless and allows your device to be an easy target for data theft.
Ensuring that you have enabled and configured these security settings on your Apple
iOS device is more important than ever. Devices like these are lost or stolen all
the time and without taking the proper precautions, your data could be vulnerable. Having conducted Apple iOS device penetration testing assessments at SecureState for our clients, I can tell you how easy it is to break into these devices. It’s
easy because the proper basic precautions were not taken. Take five minutes now and enable these settings; you’ll be glad you did.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s