You’re about to fire off a text to your partner describing your brilliant idea for a revolutionary new product when you hesitate. Examining the iPhone in your hand, you wonder: Is this thing secure?
The answer is that text message, as well as other communications using iPhones and iPads are not much more secure than standing on a street corner and shouting your million-dollar idea out to the world. This, in combination with the increasing quantity and sensitivity of business and personal data kept on phones these days, makes your iPhone one of the most attractive targets by hackers who use tools from spyware to your own laziness to steal your data.
“In 2011, we saw cybercriminals turn their attention from PCs to mobile devices,” said Lianne Caetano, director of mobility product marketing at security firm McAfee in Santa Clara, California. “As iOS gains in market share and as cybercriminals become more sophisticated, we expect to see growth in all mobile malware, including iOS malware.”
Malware can include apps acquired from presumably safe sources, adds David Lingenfelter, information security officer with Fiberlink, a provider of mobile device management tools in Blue Bell, Pennsylvania. “Apple has a good history of controlling and review applications that people can download, but it is not impossible to get a rogue application onto the Apple Store,” Lingenfelter warns.
Rogue apps or Trojans employing malicious code can transmit your sensitive, personal or business information out of your device without you even knowing. Last year, a security expert managed to get a rogue app through Apple’s screening and post it in the App Store, Caetano says. “This malware can be used to read contacts, send device files, steal photos, even make it ring or vibrate,” she says.
To keep your business and personal data safe on your iPhone, follows these seven tips:
1. Lock your phone. Use a pass code and set your phone to lock after a few minutes of inactivity. To make it easier for a Good Samaritan to return a locked phone if lost, use image editing software to put text including your contact details in your phone’s wallpaper.
2. Backup your phone's data. Backup your data on a regular basis and download system software updates when prompted. “This way, you’ll always have the latest security updates and ensure that your device is always performing at an optimal level,” Caetano says.
3. Only use what you need. Disable Wi-Fi, Bluetooth and location services when not being used. These can let evildoers access your device. “iPhones try to connect to the nearest WiFi signal and if this is left open, an attacker can create a WiFi hot spot, which the user could connect to without realizing it,” Lingenfelter says.
4. Use security apps. The BlackSMS app encrypts messages, requiring the recipient to know a password to decode them. This keeps your secrets from someone who picks up your unlocked phone and scans your message log or receives a forwarded message. “As long as the password is only known to you and the recipient, your message is safe,” says BlackSMS creator Tyler Weitzman.
The free Lookout app locates a lost or stolen iPhone, warns you if you connect to an unsecured hotspot and offers other useful security tools. You can also use Apple’s Push Notification service to lock your iPhone remotely, or erase the data on it. If you use a Cisco firewall, the free Cisco AnyConnect app sets up a secure connection permitting advanced work like using Windows Remote Desktop to remotely control a PC.
5. Choose your friends wisely. Family, friends and acquaintances who have an opportunity to pick up an unguarded and unlocked phone probably present the biggest security risk, guesses Weitzman. Families that share iTunes accounts also, depending on settings, sometimes share text messages, he reminds. And your security is only as good as your correspondents’. “If you send a message to someone, even if you have perfect security on your own phone, if they don't then there is still a security risk that unwanted eyes will read it,” he says.
6. Finally, don’t be lazy. Most people don’t activate automatic locking and require pass codes to open their phones because they get tired of punching in the codes. Even more people don’t turn off Bluetooth and Wi-Fi when not used. And only a small number will go to the expense and trouble of buying and installing security apps.
7. Be careful what you click on. “SMS texts coming to the device with links or attachments could potentially be an attack on the device,” Lingenfelter warns. IPhones hide the actual URLs of links included in messages, making it hard for users to know if they’re being redirected to a spoof or phishing site that will attempt to get you to type passwords or other information into a Web page, he notes.
In this regard, treat your iPhone as you would your PC and don’t click on links in e-mails or messages from sources you don’t recognize. (To find out the actual URL contained in an iPhone e-mail, tap the link and hold until a menu appears. Details about the link will be displayed at the top of the menu.) “Users should be aware of how to look at the URL bar on their iPhone to make sure they are actually on the Website they think they went to,” Lingenfelter says.