Is the iPhone secure enough?

by Claudiu Popa

According to popular expert opinion, there are seven areas in today’s mobile devices where vulnerabilities can create security or privacy breaches. Nowhere is this more true than in the paragon of mobile digital success: the iPhone. Nothing short of a juggernaut, new versions of the quasi-ubiquitous device have all but evaded attempts at hacking it by consistently introducing innovative new features and by leveraging a strategy of built-in obsolescence.

Claudiu Popa

It follows then that each of these areas corresponds to specific security controls, tactically building a ‘defense in depth’ approach to securing the iPhone for personal use. In practice, the original seven risk areas map to the following five safeguards:

1. The operating system
Avoid jailbreaking the phone. As Apple never tires of repeating, once jailbroken, it is exposed to a set of clear and present dangers that at least risk compromising the data stored inside.

2. Data encryption
While encryption for iPhone data is standard on the handsets, it has already been cracked and free software can now be used to compromise it. Use third-party tools such as SplashID, FolderLock, iDiscrete or eWallet to encrypt the data you depend on.

3. Authorization

Ensuring that the iPhone is used by its rightful owner is as simple as introducing anti-theft technology. From a physical security perspective, Apple’s MobileMe service attempts to correct the aftermath of theft situations. It includes Find My iPhone which includes real time tracking of the handset.

4. Multimedia

What about the camera and microphone? Ensure that no one is listening by installing anti-malware from Symantec, Cisco SIO To Go and threatPost.

5: Communications

Internet and Web access are pretty well taken care of using SSL and even email is protected between the handset and the server.

The iPhone’s locked nature is the biggest factor in preserving the device’s security. Between the new IOS and the old, tried and true interface, it offers an adequate baseline of security for personal use, but the aforementioned tools should be used to complement its security.

In a future post I will cover iPhone and iPad security for corporate environments, because while you can always see your family after work, it’s clear that you can’t part with these devices for an entire work day.

Claudiu Popa is a Toronto-based  security and information management expert  and founder of Informatica Corporation.  He is an ardent supporter of information security and privacy awareness, as well as a frequent speaker on the topic.       

Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.