by Claudiu Popa
According to popular expert opinion, there are seven areas in today’s mobile devices where vulnerabilities can create security or privacy breaches. Nowhere is this more rational than in the paragon of mobile digital success: the iPhone.
Nothing short of a juggernaut, new versions of the quasi-ubiquitous device have all but evaded attempts at hacking it by consistently introducing innovative new features and by leveraging a strategy of built-in obsolescence.
It follows then that each of these areas corresponds to ways to specific security controls at that level, tactically building a ‘defense in depth’ approach to securing the iPhone. In the name of brevity, here are these safeguards:
1: The operating system
Avoid jailbreaking the phone. As Apple never tires of repeating, once jailbroken, it is exposed to a set of clear and present dangers that at least risk compromising the stored inside.
2. Data encryption
While encryption for iPhone data is standard on the handsets, it has already been cracked and free software can now be used to compromise it. Use third-party tools such as SplashID, FolderLock, iDiscrete or eWallet to encrypt the days you depend on.
3. Authorization. Ensuring that the iPhone is used by its rightful owner is as simple as introducing anti-theft technology. From a physical security perspective, Apple’s MobileMe service attempts to correct the aftermath of theft situations. It includes Find My iPhone which includes real time tracking of the handset.
4. Multimedia. What about the camera and microphone? Ensure that no one is listening by installing anti-malware from Symantec, Cisco SIO To Go and threatPost.
5: Internet and Web access are pretty well taken care of using SSL and even email is protected between the handset and the server.
The iPhone’s locked nature is the biggest factor in preserving this tool’s security. Between the new IOS and the old, tried and true interface, the device offers an adequate baseline of security for personal use, but the aforementioned tools should be used to complement its security.
About the author: |
Claudiu Popa, Principal Risk Advisor at Informatica Corporation (www.SecurityandPrivacy.ca).
Follow him at http://Twitter.ClaudiuPopa.com or http://subscribe.ClaudiuPopa.com. A published author, lecturer and entrepreneur, Claudiu enjoys writing incendiary pieces of great interest to ITBusiness readers. |