Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iPad and iPhone security ?


  • Please log in to reply
3 replies to this topic

#1 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,757 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:42 AM

Posted 01 February 2016 - 11:45 AM

iPhone model 5-3. iPad, according to 'Settings' , is model MD511B/A running OS 9.2.1

 

A neighbour, a woman in her fifties, approached me yesterday about major security problems on her iPad and iPhone. She had had her credit card cloned and her phone and tablet penetrated. I am assuming that the credit card problem is separate from the tablet/phone problem.

 

Having a discussion with her today it turns out that the tablet/phone problems are almost entirely self-inflicted. During a recent very stressful period in her life she responded to two fishing e-mails - "We notice you haven't used your account for some time, please click here to refresh your details.". Unhappily, she did. On top of that she was also using simplistic passwords, and one password for most of her accounts.

 

Her bank have stopped her credit card and she has in fact opened a new account and will be getting a new card. I have given her the lecture on strong passwords and different passwords which she accepts and I hope she is going to practice it. I accept that no form of security will protect you if you respond to fishing e-mails.

 

However I have very little personal knowledge or experience with iDevices. I would be grateful for suggestions as to what form of security might best be suited to her needs as general protection. The iPad, she tells me, has been re-set.

 

Chris Cosgrove



BC AdBot (Login to Remove)

 


#2 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:09:42 AM

Posted 03 February 2016 - 03:11 PM

One often overlooked thing to check would be to ensure that all email accounts set up on the devices use encryption, and are set to use it on both send and receive. I'm thinking particuarly about pop/imap accounts.

 

It is easy to configure email without encryption (indeed, whilst far from best practice, that may even be the default). If connected to let's say your home pc wired to your home ADSL router, unless someone compromised your router, (or a router on your ISP's network), your unencrypted password that would be shared on send/receive would be unlikely to be intercepted.

 

Using an mobile phone or tablet on your home wifi, is not much an awful lot more of a sin, as your home wifi is (hopefully!) secured with encryption. However again this is far from best practice.

 

However.... tablets/mobile phones roam outiside of your (relatively) secure home environment. Let's say that you connect to public wifi somewhere. Suddenly all of your unencrypted traffic is visible for all to see, Passwords and all... and as your device polls your ISPs mail servers, sends the unencrypted passwords reguarly . Spot the problem!

 

Obviously these days, if you own access to somebody's email you own much of their digital  life (as you can reset most of their web passwords etc).

 

Additionally, on an iPhone, setting a passcode enable encryption for most sensitive data in memory, so set a good passcode on the device.

 

Depending on the environment the device is used in, set an auto-lock consumate to the risk. For instance, I travel on the London Underground rail service every day. I class that as high risk and have a one minute auto-lock set on my iPhone. I also have it set to wipe after 10 failed passcode attempts. Ensure that the passcode is not trivial (ie not 1234, 1111 etc!). In reality use in any busy urban enviroment would be high risk.

 

From the model code (iPhone 5,3) I think you have an iPhone 5s. consider setting up the fingerprint scanner. That (supposedly) isn't bullet proof, but is a lot less risk than having your passcode "shoulder surfed" on a busy train. It's also insanely convenient, especially when you have implemented a short auto-lock.

 

x64


Edited by x64, 03 February 2016 - 03:13 PM.


#3 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 AM

Posted 17 February 2016 - 09:45 PM

Unfortunately, I'm sure you know this, but often the weakest link in the security chain is the user. An informed user is a more secure user. Advise her to change her passwords every month or so, and to use over 14 characters.

Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#4 Chris Cosgrove

Chris Cosgrove
  • Topic Starter

  • Moderator
  • 6,757 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:42 AM

Posted 19 February 2016 - 06:14 AM

As much as anything, I think your point about the user is right on the money. These spam e-mails came in at a time when she was having major personal problems and she wasn't thinking straight. I have made the point about not using the same password for everything, certainly not for things that can cost you !

 

Passwords can be a PITA. I advise everybody to use strong passwords for things like on-line banking or shopping, and different ones for each, but I can only advise. I have the advantage of using computers with USB sockets so I keep my complex ones on a memory stick which is only connected when I need one of them and then i usually copy/paste to avoid typing errors, but she has an iPad. I think I will have to investigate something like Keypass for her. And perhaps remind her of the old advice "If in doubt, don't !"

 

Chris Cosgrove






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users