How to secure your iPhone and iPad against 'backdoors' and other risks

How to better protect your iPhone and iPad against hacks and other security and privacy risks

Security and convenience are perpetually at war. There will always be errors, compromises, and oversights that put our privacy at risk. Old ones will get fixed but new ones will get discovered. So what can we do? Luckily, while some of the conveniences of iOS and OS X make our devices easier to use, there are also ways to remove those conveniences and make our devices even more secure. If your privacy is worth more to you than ease of use, here's how you can better lock down your iPhone and/or iPad, and any Mac it might connect to.

IMPORTANT: These steps are not necessary for most people, most of the time. Following them will absolutely make your iPhone, iPad, and/or Mac more secure but will also make it much less convenient. Consider it the difference between living in a house with a lock on the door and maybe an alarm system compared to living in a panic room. Think carefully about your risk level, read over your options, then implement the ones that make sense to you. You can always go back and turn more on, or off, as your needs or feelings change.

How to setup and use a passcode, Touch ID, and strong passwords

How to secure your iPhone or iPad with a 4-digit passcode

Before we get into specifics there's something everyone should do to better secure their iPhone, iPod touch, or iPad — setup and use a passcode, or if your device supports it, Touch ID, or if you consider yourself at greater risk, a strong alphanumeric passcode.

This is the equivalent of locking your front door. If your iPhone or iPad leaves your house, it should have a passcode set at the very least. Even if it doesn't leave your house, it should have a passcode set at the very least.

How to minimize data exposure on your iPhone or iPad Lock screen

For the sake of convenience, Apple allows you to access Notification Center, Passbook, Siri, and Control Center right from your Lock screen. That means you can quickly glance at incoming messages, pay for your Starbucks beverages, set a Reminder, or toggle on the Flashlight. It also means anyone else within eyeshot or reach can glance at your messages, try and photograph your barcode, ask for certain types of information, and toggle on Airplane mode without having to enter your passcode, Touch ID, or password.

If you value those features on your Lock screen, then by all means enjoy their convenience. If security and privacy is more important to you, however, you can turn them all off.

How to minimize other forms of data exposure

"Backdoors" are only one type of potential threat to your data. While it would be nice if we could trust everyone all of the time to never try and steal our devices or data, hijack our accounts or identities, or otherwise act outside the bounds of publicly document laws and simple human decency, we can't. It is very really a jungle out there. I say that not to scare anybody, but simply to remind all of us that locking our devices should be as standard a practice as locking our doors, our cars, our bikes, and safes, and our other valuables.

How to use 2-step verification for your online accounts

Security works best in layers, and defensive depth means having as many layers are possible. Biometrics (like Touch ID) cover "something you are", while the password is "something you know", a token is "something you have". Unfortunately, Touch ID is currently used instead of a passcode or password and can't (yet?) be required in addition to a passcode or password, but 2-step verification can be required for many online accounts, including your Apple ID.

With 2-step verification you will have to enter an app-specific password, or an additional pincode/password the first time you set up the service on your device, but it'll make it more than twice as strong for only a minimal amount of extra effort.

How to keep your web browsing, location, social and other data private

Your iPhone, iPod touch, and iPad can accumulate a lot of data over time, including data you may not want or need it to accumulate. Likewise, you can grant access to your data to a lot of apps and services over time, including apps and services you may no longer want or need to have access. Luckily, iOS makes it easy to review and change your privacy settings. So do many online services as well. Also, if you're on a network you don't trust, and have access to a VPN service you do, you can use that to help keep your data private as well.

How to secure your iPhone, iPad, and Mac against pairing record theft

How to prevent unauthorized pairing to your iPhone or iPad using Apple Configurator

Pairing records are what allow you to repeatedly connect your iPhone or iPad to your Mac or Windows PC and sync data, transfer media, update software, install betas, test apps, or perform other tasks without having to enter your passcode or tap "Trust this Computer" each time. In other words, they're a huge convenience. Unfortunately, in their current form, if someone else takes physical possession of your computer they can retrieve those keys and use them to access your iPhone and/or iPad.

If you've never paired your iPhone or iPad with iTunes, Xcode, or similar software, no such records will exist. If you have paired but no longer ever need to, existing records can be removed. If you have paired and continue to need to do so, existing records can be better secured. If you're concerned someone might try to take your iPhone or iPad and pair it without your knowledge or consent, or try to trick you into pairing, new record generation can be prevented.

How to remove existing pairing records

Unfortunately pairing records do not (yet?) expire after a period of time, nor can they (yet?) be audited and deleted through iTunes on the desktop or Settings on iOS. On the Mac or Windows, however, they can be accessed through the file system:

  • var/db/lockdown or ~/Library/Lockdown on Mac or C:\Program Data\Apple\iTunes\Lockdown on Windows

On iOS your current option is limited to wiping your device, setting it up as new, and not paring it going forward. That's a nuclear option, however, and depending on how laden your device is with personalized settings, apps, content, etc. not one that should be taken lightly. (I wipe and set my iPhone up as new whenever a new version of iOS is released, but I also keep my iPhone setup very lean so it only takes me a day or two to get back up to speed.)

How to better secure existing pairing records

Unfortunately, if you want to keep connecting your iPhone or iPad with iTunes, Xcode, or other computer software, there's no option (yet?) to require your passcode/password to be entered each and every time, or even have the Trust this Computer requester pop up every time. You can, however, do your best to secure the computers that contain the records.

Every Mac running OS X Lion or later, including the current OS X Mavericks and the upcoming OS X Yosemite, include Apple's FileVault2 full disk encryption system. With it, the data on your hard drive, including pairing records, can't be accessed without your Mac being logged in under your username and password. If you work in a sensitive industry or consider yourself at great risk, you can also set a firmware password on your Mac.

How to prevent new pairing records from being generated

Unfortunately, if you want to keep your iPhone, iPod touch, or iPad from pairing again in the future, there's no "Allow Connections to Computer" option (yet?) in Settings that you can easily toggle to "Off". However, there is Apple Configurator. It's is a free tool from Apple meant to help schools, businesses, and institutions set up and manage large amounts of iPhones and iPads. With it, you can prevent your device from pairing with other computers or accessories, which prevents it generating pairing records, which prevents those records from being used to access your iPhone or iPad without your consent.

Bottom line

If you value your privacy and security over your convenience and ease of use, the above are some of the steps you can take to further lock down your iPhone, iPod touch, iPad, and Mac. It's by no means a complete list, and it's by no means for everyone. It's what we believe is measured and reasonable against a broad range of needs and requirements.

It's important to remember that some or all of the above vulnerabilities will be patched and compromises be made better. It's equally important to remember new vulnerabilities will be discovered and new compromises will be made. That's the nature of the beast.

We try very hard to provide information and empower our readers. We make very sure we don't yell "FIRE!" when there is none, and we make just as sure not to ignore any exposed wires sparking near the stove.

If we've left anything out, please add it to the comments and, if appropriate, we'll update to include. Also, please let us know how you're balancing your convenience vs. your security. Wide open, locked down, or somewhere in between?

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, Vector, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts

 

51
loading...
0
loading...
262
loading...
0
loading...

← Previously

Clash of Clans: Top 8 tips, tricks, and cheats!

Next up →

Deal of the Day: Seidio LEDGER Flip Case for iPad Mini/Mini 2

Reader comments

How to better protect your iPhone and iPad against hacks and other security and privacy risks

22 Comments

Great set of advice. An addendum about Zdziarski's trusted pairing method:

A lot is exposed - contacts, messages, photos - even the audio files of text messages - and it is available wirelessly after the initial trust is established. Video in action (long, but interesting):

https://www.youtube.com/watch?v=z5ymf0UsEuw&feature=youtu.be

He cautions that this is not vulnerable to the random theft on the street, but it would be for anybody to whom you loan or surrender your unlocked phone, from your co-worker to they officer at the TSA checkpoint. Give them an unlocked minute to establish a pairing, and your phone may be persistently compromised.

Lesson: do not give your unlocked phone to anybody, ever, or, if forced, wipe and reinstall as new as soon as possible thereafter.

This fun article suggests you should do this when you receive your new phone, too:

http://gizmodo.com/the-nsa-actually-intercepted-packages-to-put-backdoor...

I'm not sure how much tinfoil is in my hat, but on a just-received device, there is nothing really to lose yet, anyway.

Sent from the iMore App

I always set up a new phone or computer from scratch, and I almost always set up a new device from scratch.

I never did it for security, but for battery life and performance. Security is certainly another very good reason to do it.

It's a pain, but I can typically be set back up in 2 days thanks to so much being online these days.

But, um, so much is online these days... (security vs. convenience — think about it too long, you'll need that hat!)

Backdoor pairing can be have two very different points of view.

I am not an IT specialist. I am just an iPhone user. I would not have know anything about backdoor pairing had I not been a victim of "cybercrime".

Backdoor pairing takes away the device's owners ability to stop the backdoor pairing. Further more, it is impossible to know that you have been what I call "hacked" until damage is caused. I only allowed my device to be handled by a trusted companion and because Apple/Mac has not real way of showing the backdoor pairing from my end it almost impossible to prove.

My phone is still currently under investigation.

Sent from the iMore App

"Unfortunately, in their current form, if someone else takes physical possession of your computer they can retrieve those keys and use them to access your iPhone and/or iPad."

And this is why I ignored the latest scare. If someone has physical possession of my computer and is intent on getting information out of it and/or my iOS devices I'm pretty screwed. I've either been raided by the law or had my stuff (all of it) stolen. If my Macbook is stolen but my iOS devices aren't, I'm wiping the Macbook remotely. If both are, I'm getting to a computer ASAP and wiping everything remotely. If I've been served with a warrant etc... see comment about being screwed, above.

Don't get me wrong - this is a great post. But when people start freaking out about security issues they also need to really pay attention to the details. Any exploit that require physical access to a device is a FAR lower priority to me than remote exploits.

Physical access can absolutely be game over. This is more about layered protection. The more roadblocks in place, the more effort needs to be expended to get your data, and the higher value you have to be for someone to bother.

Yep. And the fact is that very few of us are high value enough for someone to bother. Hence why I kinda don't worry past some of the basics (strong, non-duplicated passwords, firewalls, VPN when needed, drones, anti-aircraf... uh, never mind.)

Do Macs have a remote wipe option, or can that be added Rene? So many people carry an Air around with them, thy are effectively mobile kit.

I've been using two factor for Gmail for about 18 months now. It's hassle free and so far works fine. I carry a tiny laminated card with back up codes, so far unused.

Thanks for article, Richard posted a link on G+.

You might want to check Zdziarski's video - 10 seconds of physical access can lead to literally irrevocable, undetectable remote access to your data (though the tip on using Configurator to manage pairings eliminates that risk).

Sent from the iMore App

Yeah I know. "physical access" isn't something others get to my machines. Look, it's not that I discount the existence of the exploit, but that I think it's incredibly unlikely that most people will ever a) be targeted for this exploit and b) allow their machines to be physically accessed by a malicious party. The intersection of the people in A and B are really small. That doesn't mean the vulnerabilities shouldn't be addressed but for the vast majority of us it's not relevant. AS Rene points out, making things more secure sometimes comes at the cost of convenience or usability. If I'm to pay that cost, I want to get some benefit for it and I'm unconvinced that I will see that here.

Consider the first version of Windows Vista where MSFT was taking security seriously after seen exploit after exploit against prior versions. Every time you did something that was possibly compromising, it asked you to confirm that action. It was annoying as hell because the vast majority of things that most people were doing (installing known good software, etc) were fine. There wasn't a risk to them. They eventually dialed back on this, but it's a delicate balance.

This is not a question of security vs convenience balance - unless you a) believe there are any diagnostic routines where unencrypted personal data would be unless explicitly included, and b) believe that Apple decided the cost of writing that exclusion and/or the convenience of an in-store Apple technician outweighed customer's privacy with their contacts, messages, voice mails, etc -- in which case you think Apple holds customer data and privacy in absolute contempt.

Sent from the iMore App

Apple need / must to add following steps:
- Two Factor Authentication to all iCloud services.
- Create individual password per devise for iCloud access and sync.
- or List of the approved devise and option to approved or remove them on fly.
- Option to trust or don trust computer each time phone is connected to the PC or Mack. Like it was done on Blackberry longtime ago.

Please remember that strong password is good option and fingerprint scanner also is a good option when you on any Apple ios devise, but you still need to enter same password to access iCloud from Mac or PC it's just not that safe anymore.
From my underspending user must have option to add separate password or additional pin get access to iCloud services Mail, Contacts, Notes, fined my iPhone, Remainders, etc.

Sent from the iMore App

Yeah, then apple could sue Google for using two factor authorization like they already offer...but apple never copies anyone, right?

Posted via the Android iMore App!

Great piece, Rene.

I really don't see why so many people are so afraid. Everyone authority, even the NSA may know everything about me, so that's not a risk (since I'm a normal citizen, not a drug dealing people smuggler of some sort). I'm not famous, so hacks and such may happen, but why would they? Why would anyone want to hack anyone they don't hate or isn't high-profile. For money, perhaps, but my mac or iPhone would be a poor target, if money is what they want, and that also goes for a lot of other people's macs and iPhones.

I'm middle-of-the-road in my security preferences. I have a strong password so no one can get in my phone without either it or my fingerprints. I love Guided Access for when someone wants to use my phone (sure you can use my phone, but it won't be "smart"!) too. I have dual authentication for Google too. I don't get into the guts of my computer or wipe my phone for an update mostly because if someone has possession of these devices and can bypass my password then they are probably executing my Will.

Sent from the iMore App

My iPhone doesn't have a private browsers switch in the settings as it states in ur secruity article! Knew something wasn't right!

Sent from the iMore App