Category Archives: Apple Devices

How long until Apple iOS needs its own patch Super Tuesday?

Are you Apple fans ready for some digital heresy? Apple iOS is as vulnerable to security problems as any other software, even as vulnerable as gasp Microsoft. We have witnessed this evolve from occasional updates to regular iOS updates and news of active attacks in the wild. If there was any doubt it is official Apple devices need the same security measures as any other device.

None of this should come as surprise to anyone. One of the unpleasant realities of being the big dog in town is that you become an attractive target to hackers. Apple devices started as a consumer hit but that success has led to a clamor for equivalent devices in the enterprise. Top level executives love these devices and have adopted them in masses along with the regular rank in file company employee. Would be attackers now realize that Apple devices are the future and compromising them can lead to a treasure trove of corporate intellectual property.

So will Apple adopt the equivalent of a regular monthly patching window the equivalent of Microsoft’s infamous “Super Tuesday” patch window? I would bet big money on it and the reason is enterprise adoption. Most enterprise IT departments have not been on the forefront of bringing Apple mobile devices into the fold and are now quickly playing catch up.

Playing security catchup for them with Apple devices means:

  • Refining policies to enable Apple mobility devices
  • Educating users on security requirements on Apple devices such as patching and safe device usage tips
  • Reminding users that physical security and safe browsing security measures apply on mobile devices
  • Evaluating and implementing iOS enterprise security tools to help control devices that contain sensitive corporate information

Enterprise IT will also pressure Apple to release iOS updates at a consistent time of the month because it helps with planning and user education. It is a lot easier to schedule, implement and communicate security updates when a fixed release date is established and can be planned around. Then again Apple has never had a reputation of pandering to corporate IT departments so the call for consistent patch release dates may go unanswered.

Bold and not so bold predictions:

Within next 6 months a major security incident will involve the iOS and be responsible for a big intellectual property loss.

Within one year Apple will establish a fixed monthly patch window date

How to remove the Sent from my iPad message from emails

Tired of seeing the Sent from my iPad message when you send email to colleagues or friends? If so here is how you can change that setting to remove the sent from my iPad message.

Settings > Mail, Contacts, Calendars > Signature – Remove the signature.

If you are leaving it as a status symbol by all means ignore this tip. ; )

Additional Resource for iPad 2 Security Recommendations

iTunes Security Applications – What’s available for the iPad2, iPad, and iPhone

Apple devices such as the iPad 2, original iPad, or iPhone are not vulnerable to traditional information security threats such as viruses and other web based malware. This statement is untrue wishful thinking and is a dangerous message that is being communicated by many forum “experts” who think just because it is not happening now it will not in the very near future.

Apple products are at the top end of the usability scale but are vulnerable to the same information security threats as any other devices. In the past Apple devices were not often targeted because the user footprint was small and not the high value targets that hackers seek. The times have changed and now Apple has the highest market cap of all technology stocks and everyone from CEOs to soccer moms are seen sporting iPads and iPhones. Apple devices are now among the hottest targets for hackers and financial criminals who seek to compromise your information and cause other all other sorts of information headaches. Click here if you are here to learn about physical security products for your iPad/iPad 2 (cases/locks/mounts/etc) to prevent theft otherwise read on for our top itunes security application recommendations.

Do you need more security protection for your iPad(1/2) or iPhone?

  • Are you a business user? – These devices could end up being a pathway into the corporate network and require the same type of endpoint protection as any other device
  • Do you perform online banking or manage other sensitive financial accounts with an apple device? Online banking increases your potential for financial loss if your credentials are compromised so additional controls are recommended.
  • Do you frequently web surf to many sites of unknown quality?
  • Do you have kids and desire advanced security or child protection features?
  • Have you opened up your device otherwise known as  “jailbreaking”?

Here is a rundown of the top security applications/utilities available in the iTunes store to protect you iPad2, iPad, or iPhone.

Mobility Management/Device Locators – Tools that help identify a lost device or simplify the management/cleanup process to minimize the risk when a device is lost or stolen.

Find My iPhone – Apple’s free app is a must use security device to help locate or remotely wipe your device should it become lost or stolen.  iOS 4.2 is required to take advantage of this functionality.

McAfee Enterprise Mobility Management (MEMM) – Tool to allow company’s to administer iPhones and iPads in an efficient and more secure manner. This is done through registering of devices and allowing rapid configuration to an allowed email/VPN system. Features Active Directory compatibility for enterprises that use that functionality. MEMM is listed as a free app in the iTunes store. Compatible with: iPhone 4, iPad, iPad2, 4th generation iPod touch

Anti Virus & Web Surfing Security Apps – Tools that provide additional security from viruses and other web based malware.

McAfee Family Protection – Designed for parents to allow their children to safely browse the Internet and avoid inappropriate content. Allows reporting of blocked URLs and easy modifications to the inappropriate content list. It works by providings a browsing sandbox that takes the place of the native Safari browser. Cost is $19.99 and is compatible with iPhone, iPod touch, and iPad(1/2). Requires iOS 3.0 or later

Virus Scan of Suspicious Website – Free app queries existing database archives that have labeled a site as clean or infected. This would be used prior to visiting a site but should only be considered a small mitigating control as these data sources could be quickly out of date. Otherwise an ok tool to view known problem sites before visiting them. Compatible with iPhone, iPod touch, and iPad. Requires iOS 4.0 or later

Intego’s VirusBarrier X6 – Software is installed on a Mac computer not an iPad or iPhone itself. Software scans an iPad or iPhone when it is connected to the machine with this installs and helps to validate it is free from malware. This should not be considered real time protection but is an option if a device does become infected and needs to be cleansed.

Symantec VeriSign Identity Protection – Coming Soon (recently announced but not yet available in iTunes store)

Password Managers – Tools that help securely manage passwords for the Apple device itself and more important the assortment of websites you visit.

Roboform – Award winning password manager for other platforms has an offering that is available for free download in the iTunes store. It appears it is not entirely a free app as it requires an annual fee. One other item to note is there is more negative feedback on the iTunes comments vs. what I would expect from what is a normally high quality name brand tool. Compatible with iPhone, iPod touch, and iPad. Requires iOS 3.0 or later

Splash ID Password Manager – Top rated software costs $9.99 and is my top choice of programs available to securely create lock and store sensitive information. Had the most positive reviews of any security software in the store and also offers password generation and anti-phishing url awareness options. Compatible with iPhone, iPod touch, and iPad. Requires iOS 3.0 or later

1Password Pro – Password management tool to auto fill password to all the web sites you visit in a secure manner. This type of tool is essential to avoid reusing passwords which puts all of your accounts at risk if any one of the sites you frequent is compromised. If you decide to use this tool remember to back up the data to your iTunes account if you this is your sole method of keeping track of your passwords.The Pro version costs $14.99 and is compatible with: iPhone, iPad, iPad2, iPod touch  iOS 3.1.3 or newer

SyCrypt Safe – Provides additional security around passwords/PINs and contacts using a 256 bit key based on the TwoFish algorithm. Costs $1.99 and is compatible with: iPhone, iPod touch, and iPad. Requires iOS 4.1 or later.

mPassword – Maintains passwords to provide additional security over the standard device passcode locks available in most apple devices. App cost $.99 and appears to have a relatively small user install base. Compatible with iPhone, iPod touch, and iPad. Requires iOS 4.2 or later.

Mnemosyne Password Manager $.99 download that does password management based on a secret pass phrase/username.

Keeper Password & Data Vault – All user feedback suggest the free version with ads is sufficiently bothersome to avoid this application. Compatible with: iPhone and iPad iOS 3.0 or newer

This is just a sample of the security solutions available via iTunes app store and many more are on the way.

For most users I recommend the following setup:

  1. Use Splash ID Password Manager
  2. Use Find My iPhone
  3. McAfee Family Protection (optional if you desire these features)

Other useful resources:

iPad and iPad 2 screen privacy recommendations

iPad2/iPad physical security products (cases/locks/mounts/etc)

iPad2 Security Tips

iPad Security Recommendations

iPhone Security Tips