by Claudiu Popa
According to popular expert opinion, there are seven areas in today’s mobile devices where vulnerabilities can create security or privacy breaches. Nowhere is this more true than in the paragon of mobile digital success: the iPhone. Nothing short of a juggernaut, new versions of the quasi-ubiquitous device have all but evaded attempts at hacking it by consistently introducing innovative new features and by leveraging a strategy of built-in obsolescence.
It follows then that each of these areas corresponds to specific security controls, tactically building a ‘defense in depth’ approach to securing the iPhone for personal use. In practice, the original seven risk areas map to the following five safeguards:
1. The operating system
Avoid jailbreaking the phone. As Apple never tires of repeating, once jailbroken, it is exposed to a set of clear and present dangers that at least risk compromising the data stored inside.
2. Data encryption
While encryption for iPhone data is standard on the handsets, it has already been cracked and free software can now be used to compromise it. Use third-party tools such as SplashID, FolderLock, iDiscrete or eWallet to encrypt the data you depend on.
Ensuring that the iPhone is used by its rightful owner is as simple as introducing anti-theft technology. From a physical security perspective, Apple’s MobileMe service attempts to correct the aftermath of theft situations. It includes Find My iPhone which includes real time tracking of the handset.
What about the camera and microphone? Ensure that no one is listening by installing anti-malware from Symantec, Cisco SIO To Go and threatPost.
Internet and Web access are pretty well taken care of using SSL and even email is protected between the handset and the server.
The iPhone’s locked nature is the biggest factor in preserving the device’s security. Between the new IOS and the old, tried and true interface, it offers an adequate baseline of security for personal use, but the aforementioned tools should be used to complement its security.
In a future post I will cover iPhone and iPad security for corporate environments, because while you can always see your family after work, it’s clear that you can’t part with these devices for an entire work day.
Claudiu Popa is a Toronto-based security and information management expert and founder of Informatica Corporation. He is an ardent supporter of information security and privacy awareness, as well as a frequent speaker on the topic.