Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/22/2020
07:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

10 iOS Security Tips to Lock Down Your iPhone

Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Previous
1 of 11
Next

Now more than ever, we depend on smartphones to keep us connected to each other, to our employers, to our finances and healthcare providers. We use our phones to shop, bank, and access corporate applications and information. But are our iPhones as secure as they could be?

"iPhone owners tend to feel more confident in the security of their phones than Android owners, and for good reason," says Randy Pargman, former FBI computer scientist and senior director of threat hunting and counterintelligence at Binary Defense.  

But that doesn't mean iOS is immune to security issues. Back in April, we learned attackers has been exploiting two unpatched iOS vulnerabilities since at least January 2018. Last year, researchers discovered more than 20,000 iOS apps were published without App Transport Security (ATS), a set of rules and app extensions Apple built as part of the Swift development platform. ATS is turned on by default; without it, critical information was being transported without encryption.

"It's true that iPhones and the whole Apple ecosystem keep customers safer from malicious apps, but that doesn't mean that all the data stored in the apps is safe from theft," Pargman continues. "Many apps store sensitive information on servers operated by the app developer or transfer the information unencrypted over the Internet. As soon as your information leaves your iPhone, it is outside of your control to protect it." 

The security of iOS doesn't mean users can ignore basic threats to data security. Most people don't have to worry about advanced targeted attacks or zero-day exploits; however, they are still exposed to phishing attacks, device theft, and malware that could put their information at risk. If you're using Safari or another browser to navigate the Web, share data, or order goods, you're just as vulnerable on your iPhone as you would be on Windows or Android. Those who store financial, health, and other sensitive data on their iPhones should take extra precautions. 

These precautions are even more essential at a time when people are relying on their iPhones to work remotely. Wandera research shows collaboration software adoption jumped nearly 190% between early February and the end of April, says Michael Covington, vice president of product strategy at Wandera.

"Though mobile devices have been broadly adopted within the workforce, COVID-19 has forced many businesses to finally put those devices to use, with more enterprise applications being opened up to mobile devices and remote access finally being allowed," he says.

Many businesses have changed data access policies to enable access for remote users.

"From work files to health records and banking data, the pandemic has forced more frequent use of the mobile device as people try to stay productive and connected, while balancing the needs of entire families now forced to work with a limited set of shared resources," Covington says.

Many people who have been isolated at home have started to let their guard down when it comes to practicing strong security, Covington says. Phishing attacks are taking advantage of the pandemic, preying on global fear and uncertainty, increasing their chances of getting hit.

Now is a good time to take a closer look at your iPhone security posture. More than 20 mobile security experts weighed in to share their go-to tips to strengthen privacy and security of your mobile device. Here, we share their most popular suggestions and tips you may not think of.

What did we miss? Feel free to share your favorite iPhone security advice in the Comments section, below.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
angelabelp
50%
50%
angelabelp,
User Rank: Apprentice
6/5/2020 | 2:12:43 AM
very good this page
 Esta gran web  es una de las mejores que conozco, no comparte información falsa como muchas que veo en muchos lugares, espero que sigan así y mejoren, gracias por todo lo que comparten muy útil

Translation (From Editors)

This great website is one of the best I know, does not share false information as many that I see in many places, I hope they continue like this and improve, thanks for everything they share very useful

 

 

 

 

 
fazzael
50%
50%
fazzael,
User Rank: Strategist
5/24/2020 | 11:58:12 PM
Very Usefull
Good article, very usefull for any iOS owner. Especially considering that there are a lot of security breach nowaday. Stay safe and stay healthy everyone.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12505
PUBLISHED: 2020-09-30
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 ve...
CVE-2020-12506
PUBLISHED: 2020-09-30
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version ...
CVE-2020-4629
PUBLISHED: 2020-09-30
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
CVE-2019-17098
PUBLISHED: 2020-09-30
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior version...
CVE-2020-15731
PUBLISHED: 2020-09-30
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.