Is a Stock iPhone Secure Enough?

For a long time, it was a given that Apple’s devices were all but immune from the computer viruses that had started infecting Microsoft machines. But over the last couple of decades, starting with the launch of the iPod, Apple has closed the gap in market share between the two. As Apple devices became more popular, they became a more attractive target for cybercriminals.

There are now a multitude of viruses and other malicious code designed specifically to attack Apple devices. The iPhones security renowned security features, and heavily curated app store, ensures user data is safe.

Zero Day

Apple do everything they can to prevent their users from customizing their devices. This means that users have a limited number of options for improving the security of their iPhone. In February of this year, arch-rival Google announced that it had found two zero-day vulnerabilities in iOS. These previously undisclosed security vulnerabilities, described as “serious”, have since been patched. However, Google says that the exploits were out in the wild and were being used by cybercriminals.

Apple security updates iPhone resting on table.

Undermining Security

You might have heard that Apple recently revoked the developer certificates of both Facebook and Google. iPhones run on iOS, a closed system. iOS will only run pps that have been approved and digitally signed by Apple. Apple provides developers with the tools they need to sign apps so that they can test apps directly on their devices rather than emulating them.

These certificates also allow companies like Facebook and Google to sign and run their own proprietary apps for internal use. What they are very explicitly not to be used for is to sign and distribute apps through a channel other than the official app store. Facebook used its app to encourage teenagers to allow them to monitor their internet activity. Teens were offered vouchers and cash incentives for taking part.

Within hours of Apple’s decision to revoke, reports came in regarding Google’s behaviour. Both companies guided users through an installation process that bypassed the app store to get the necessary app on devices.

Securing Your Device

While Apple does limit your options, they also aim to provide as secure an environment as possible. To their credit, Apple have always been effective at identifying and fixing major security issues. But as with any tech company, Apple has to strike a balance between user security and convenience. People don’t want to enter their password every time they press a button on their phone, even though that would technically make it more secure.

Every iPhone user should go through their device settings and configure their device for optimal security. Let’s take a look at some of the key things you can do to secure your iPhone.

Use a Strong Password

A 4 digit pin code is easy to remember, but also very easy to crack. Apple designs iPhones to limit the rate at which the user can try to enter passcodes. This is a measure to prevent brute force attacks, where an attacker tries different passwords until one works. Attackers have successfully cracked previous generations of iOS so that they can try thousands of passcodes a second.

Instead of a 4 digit code, use a proper password. Even a simple password consisting of two random words and a number is much more secure than a short numerical code.

Turn Off Lock Screen Notifications

Lock screen notifications can present a number of security risks that you might not think about. First of all, let’s consider someone is trying to access one of your online accounts with two-factor authentication. When they try to log in to your account, a code is sent to you via SMS. Usually, an attacker would have to gain access to your phone to get that code. But with lock screen notifications, they can easily read the code while the device is locked.

Lock screen notifications also present another potential point of entry for an attacker. Turning them off entirely ensures that while your device is locked, no one can access your data.

Turn on Two-Factor Authentication

Two-factor authentication is an essential measure to add to your iCloud account. When you have 2-FA enabled, you will have to confirm every log in to your iCloud account via a prompt sent to your designated Apple device. You can set up more than one trusted device and you should do this if possible. Otherwise if one device becomes inaccessible, you might have trouble.

VPNs and Proxies

When you connect to the internet, you are exposing a lot of personal information. Even if you use ad blockers and take measures to prevent tracking, a technique known as fingerprinting can link your IP to you.

If you want to avoid this kind of tracking, hiding your IP address is your best bet. You can use either a VPN or a proxy serverto achieve this. In both cases, you will connect to the internet via another server. Setting up proxy on your iPhone is a quick and easy process. A step by step guide can be found here. Websites and services you use will see the IP address of the server rather than your device. If you regularly use public Wi-Fi, this is essential.

Disable Siri on the Lock Screen

Similarly to app notifications, anyone can use Siri from the lock screen. If they know what voice commands to use, an attacker can have Siri reveal personal information. You don’t need to turn Siri off completely. But you shouldn’t have Siri accessible from the lock screen unless you have a specific reason. Remember, Siri is not locked to a particular voice.

With a few tweaks and the right settings, your iPhone can be an incredibly secure device. You can leave personal and sensitive data on your device without having to worry about an attacker breaking in and stealing it. Apple offer great security features, but they can easily be undermined with the wrong settings.