Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/22/2020
07:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

10 iOS Security Tips to Lock Down Your iPhone

Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Previous
1 of 11
Next

Now more than ever, we depend on smartphones to keep us connected to each other, to our employers, to our finances and healthcare providers. We use our phones to shop, bank, and access corporate applications and information. But are our iPhones as secure as they could be?

"iPhone owners tend to feel more confident in the security of their phones than Android owners, and for good reason," says Randy Pargman, former FBI computer scientist and senior director of threat hunting and counterintelligence at Binary Defense.  

But that doesn't mean iOS is immune to security issues. Back in April, we learned attackers has been exploiting two unpatched iOS vulnerabilities since at least January 2018. Last year, researchers discovered more than 20,000 iOS apps were published without App Transport Security (ATS), a set of rules and app extensions Apple built as part of the Swift development platform. ATS is turned on by default; without it, critical information was being transported without encryption.

"It's true that iPhones and the whole Apple ecosystem keep customers safer from malicious apps, but that doesn't mean that all the data stored in the apps is safe from theft," Pargman continues. "Many apps store sensitive information on servers operated by the app developer or transfer the information unencrypted over the Internet. As soon as your information leaves your iPhone, it is outside of your control to protect it." 

The security of iOS doesn't mean users can ignore basic threats to data security. Most people don't have to worry about advanced targeted attacks or zero-day exploits; however, they are still exposed to phishing attacks, device theft, and malware that could put their information at risk. If you're using Safari or another browser to navigate the Web, share data, or order goods, you're just as vulnerable on your iPhone as you would be on Windows or Android. Those who store financial, health, and other sensitive data on their iPhones should take extra precautions. 

These precautions are even more essential at a time when people are relying on their iPhones to work remotely. Wandera research shows collaboration software adoption jumped nearly 190% between early February and the end of April, says Michael Covington, vice president of product strategy at Wandera.

"Though mobile devices have been broadly adopted within the workforce, COVID-19 has forced many businesses to finally put those devices to use, with more enterprise applications being opened up to mobile devices and remote access finally being allowed," he says.

Many businesses have changed data access policies to enable access for remote users.

"From work files to health records and banking data, the pandemic has forced more frequent use of the mobile device as people try to stay productive and connected, while balancing the needs of entire families now forced to work with a limited set of shared resources," Covington says.

Many people who have been isolated at home have started to let their guard down when it comes to practicing strong security, Covington says. Phishing attacks are taking advantage of the pandemic, preying on global fear and uncertainty, increasing their chances of getting hit.

Now is a good time to take a closer look at your iPhone security posture. More than 20 mobile security experts weighed in to share their go-to tips to strengthen privacy and security of your mobile device. Here, we share their most popular suggestions and tips you may not think of.

What did we miss? Feel free to share your favorite iPhone security advice in the Comments section, below.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
fazzael
50%
50%
fazzael,
User Rank: Strategist
5/24/2020 | 11:58:12 PM
Very Usefull
Good article, very usefull for any iOS owner. Especially considering that there are a lot of security breach nowaday. Stay safe and stay healthy everyone.
angelabelp
50%
50%
angelabelp,
User Rank: Apprentice
6/5/2020 | 2:12:43 AM
very good this page
 Esta gran web  es una de las mejores que conozco, no comparte información falsa como muchas que veo en muchos lugares, espero que sigan así y mejoren, gracias por todo lo que comparten muy útil

Translation (From Editors)

This great website is one of the best I know, does not share false information as many that I see in many places, I hope they continue like this and improve, thanks for everything they share very useful

 

 

 

 

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14180
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are...
CVE-2020-14177
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versio...
CVE-2020-14179
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from...
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...