Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/22/2020
07:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

10 iOS Security Tips to Lock Down Your iPhone

Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Previous
1 of 11
Next

Now more than ever, we depend on smartphones to keep us connected to each other, to our employers, to our finances and healthcare providers. We use our phones to shop, bank, and access corporate applications and information. But are our iPhones as secure as they could be?

"iPhone owners tend to feel more confident in the security of their phones than Android owners, and for good reason," says Randy Pargman, former FBI computer scientist and senior director of threat hunting and counterintelligence at Binary Defense.  

But that doesn't mean iOS is immune to security issues. Back in April, we learned attackers has been exploiting two unpatched iOS vulnerabilities since at least January 2018. Last year, researchers discovered more than 20,000 iOS apps were published without App Transport Security (ATS), a set of rules and app extensions Apple built as part of the Swift development platform. ATS is turned on by default; without it, critical information was being transported without encryption.

"It's true that iPhones and the whole Apple ecosystem keep customers safer from malicious apps, but that doesn't mean that all the data stored in the apps is safe from theft," Pargman continues. "Many apps store sensitive information on servers operated by the app developer or transfer the information unencrypted over the Internet. As soon as your information leaves your iPhone, it is outside of your control to protect it." 

The security of iOS doesn't mean users can ignore basic threats to data security. Most people don't have to worry about advanced targeted attacks or zero-day exploits; however, they are still exposed to phishing attacks, device theft, and malware that could put their information at risk. If you're using Safari or another browser to navigate the Web, share data, or order goods, you're just as vulnerable on your iPhone as you would be on Windows or Android. Those who store financial, health, and other sensitive data on their iPhones should take extra precautions. 

These precautions are even more essential at a time when people are relying on their iPhones to work remotely. Wandera research shows collaboration software adoption jumped nearly 190% between early February and the end of April, says Michael Covington, vice president of product strategy at Wandera.

"Though mobile devices have been broadly adopted within the workforce, COVID-19 has forced many businesses to finally put those devices to use, with more enterprise applications being opened up to mobile devices and remote access finally being allowed," he says.

Many businesses have changed data access policies to enable access for remote users.

"From work files to health records and banking data, the pandemic has forced more frequent use of the mobile device as people try to stay productive and connected, while balancing the needs of entire families now forced to work with a limited set of shared resources," Covington says.

Many people who have been isolated at home have started to let their guard down when it comes to practicing strong security, Covington says. Phishing attacks are taking advantage of the pandemic, preying on global fear and uncertainty, increasing their chances of getting hit.

Now is a good time to take a closer look at your iPhone security posture. More than 20 mobile security experts weighed in to share their go-to tips to strengthen privacy and security of your mobile device. Here, we share their most popular suggestions and tips you may not think of.

What did we miss? Feel free to share your favorite iPhone security advice in the Comments section, below.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
EdWelsh
50%
50%
EdWelsh,
User Rank: Apprentice
5/27/2020 | 7:31:05 AM
Thanks
Very useful article! Thanks a lot for such a good comtent
fazzael
50%
50%
fazzael,
User Rank: Strategist
5/24/2020 | 11:58:12 PM
Very Usefull
Good article, very usefull for any iOS owner. Especially considering that there are a lot of security breach nowaday. Stay safe and stay healthy everyone.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4177
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732.
CVE-2020-4180
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735.
CVE-2020-4182
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738.
CVE-2020-4187
PUBLISHED: 2020-06-03
IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805.
CVE-2020-4190
PUBLISHED: 2020-06-03
IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.