Securing the Ubiquitous iPhone

 by Claudiu Popa 


According to popular expert opinion, there are seven areas in today’s mobile devices where vulnerabilities can create security or privacy breaches. Nowhere is this more rational than in the paragon of mobile digital success: the iPhone.

Claudiu Popa



Nothing short of a juggernaut, new versions of the quasi-ubiquitous device have all but evaded attempts at hacking it by consistently introducing innovative new features and by leveraging a strategy of built-in obsolescence.


It follows then that each of these areas corresponds to ways to specific security controls at that level, tactically building a ‘defense in depth’ approach to securing the iPhone. In the name of brevity, here are these safeguards:


1: The operating system

Avoid jailbreaking the phone. As Apple never tires of repeating, once jailbroken, it is exposed to a set of clear and present dangers that at least risk compromising the stored inside.


2. Data encryption

While encryption for iPhone data is standard on the handsets, it has already been cracked and free software can now be used to compromise it. Use third-party tools such as SplashID, FolderLock, iDiscrete or eWallet to encrypt the days you depend on.


3. Authorization. Ensuring that the iPhone is used by its rightful owner is as simple as introducing anti-theft technology. From a physical security perspective, Apple’s MobileMe service attempts to correct the aftermath of theft situations. It includes Find My iPhone which includes real time tracking of the handset.


4. Multimedia. What about the camera and microphone? Ensure that no one is listening by installing anti-malware from Symantec, Cisco SIO To Go and threatPost.


5: Internet and Web access are pretty well taken care of using SSL and even email is protected between the handset and the server.


The iPhone’s locked nature is the biggest factor in preserving this tool’s security. Between the new IOS and the old, tried and true interface, the device offers an adequate baseline of security for personal use, but the aforementioned tools should be used to complement its security.


About the author:
Claudiu Popa, Principal Risk Advisor at Informatica Corporation (

Follow him at or A published author, lecturer and entrepreneur, Claudiu enjoys writing incendiary pieces of great interest to ITBusiness readers.


Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Blogger Spotlight

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.