In association with heise online

04 July 2011, 16:21

Three iPhone and iPad security tips

by Jürgen Schmidt

The H's in-depth article on iPhone security, iOpener, vividly demonstrates that you can't turn your iPhone into a tamper-proof data vault, but the following measures will make life considerably more difficult for thieves.

Use the code lock

Without a passcode, all your iPhone data is easy prey for thieves. If you briefly leave your phone unattended, anyone can rummage through your emails and explore your calendar or address book. You can safely use your SIM card's PIN as your passcode – if one has been set. This way, you also stop yourself from forgetting your SIM's PIN, which is required only in the rare cases when you reboot the iPhone.

If you want to be extra safe, switch off "Simple Passcode" and use more than four numbers. Unlike passcodes that contain letters and special characters, a long number passcode will still display the unlock dialogue with the large input buttons. With eight digits, cracking programs will already take months before all possible combinations have been tried.

Passcode Lock Settings
Zoom The Passcode Lock is the most important barrier between a user's data and a thief

The passcode lock also activates additional protective mechanisms for emails and other data that requires special protection. You can see that these mechanisms are active if the bottom of the passcode lock settings page says "Data protection is enabled". With older devices, you may first need to restore the device from a backup copy using iTunes. This will delete any data and then restore it with the new security options.

The "Erase Data" option will delete the data on the iPhone after 10 failed passcode attempts. Before that, there will be warnings and short input blocks. These are designed prevent an unauthorised person from accessing your data simply by trying out different combinations.

Encrypt your backups

This is particularly relevant if you sync your iPhone with iTunes on a Windows PC. The backup copies made by iTunes contain a lot of personal, and potentially sensitive, data. For instance, in tests, we have found bank transfer data and even TAN lists that were stored on the iPhone in plain text by online banking apps. If your PC catches a trojan, an iPhone backup without encryption will provide just what the trojan is looking for. You can turn on encryption by checking the "Encrypt iPhone backup" option on the iTunes iPhone summary screen.

Implement a kill switch

Find My iPhone web interface
Zoom Users can use the "Remote Wipe" option via the web interface to revert the phone back to factory settings
In corporate environments, remote wiping is carried out via the Exchange interface. Private users can create a free MobileMe account for this purpose. This account must then be added as a new email account, and "Find My iPhone" must be enabled. Users can then locate their iOS devices via Apple's site, or the "Find My iPhone" app, at any time. This may come in handy if you've arrived at the office wondering whether you really forgot to take your iPhone off the charger, or whether you lost it on the way to the office.

If you have lost your phone, you can send a message to the hopefully honest finder and, to avoid temptation, take the precautionary measure of blocking the phone's access or even wiping the entire device. Really clever thieves will try to prevent this by immediately removing the SIM card and disallowing further Wi-Fi connections but, with a little luck, you'll be quicker.

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit