Category Archives: iPad Security

Apple iOS4.2 – What are the security benefits?

Apple released iOS4.2 in late November and it is applicable for the iPad, iPhone, and iPod Touch. From a functionality perspective the upgrade provides a lot including the ability to create folders and multitask on the iPad (features previously lacking) plus the AirPlay feature for all three devices that enables streaming of content to the Apple Tv or Airplay enabled features.

These features are intriguing but since this site specializes in information security my primary focus is to discuss the security implications of the iOS4.2 upgrade.

What is the most significant security benefit of iOS4.2?

The Find My iPhone, iPad, or iPod touch application is now available as a free application and this is an important breakthrough because these services typically were subscription only in previous iOS’s via the Mobile Me service. Once the Find My app is installed an owner of one of the devices mentioned above can perform the following security functions:

  • Find the location of a lost device on a map
  • Display a remote message on the device screen (with hope it will be returned to you if found so perhaps offer a reward as incentive)
  • Remotely set a passcode lock so your device and data can not be accessed inappropriately
  • Wipe the device remotely if it is stolen or lost for good and you are not likely to recover it.

These security features are significant and go a long way to help prevent loss of data confidentiality on a loss or stolen device and possibly may even with the recovery of your device itself.

How do you upgrade your iPad or iPhone to iOS4.2?

First back up your data and then connect your iPhone or iPad or Ipod Touch to your computer and load up iTunes and click check for updates. Download and install the upgrade.

How do I activate Find My (iPad/iPhone)?

Here is a nice Apple instruction video showing how to configure your device on Me.Com

* Be sure to set this up right away if you wait until you need the features it will be too late.

What security vulnerabilities are corrected by iOS4.2?

In addition, to the Find My functionality there is a big list of other security vulnerabilities fixed in the iOS upgrade. In scanning the list several of the vulnerabilities mention arbitrary code execution that could lead to a lack of security integrity of the device. If you have not already done so an upgrade to i0S4.2 is highly recommended to close these vulnerabilities and take advantage of the new Find My capabilities. Install it and configure your device on Me.com as soon as possible.

iPad Security – 10 tips to keep your iPad safe

Apple’s iPad has been one of the hottest launches ever and is gaining widespread acceptance for both business and personal use. Security for Apple developed devices is often an after thought to users since the general impression is these devices are immune to the security problems that have plagued Windows based devices. Now that Apple devices have become more popular they have also become more intriguing targets for hackers and malware developers. Now is the time to take action to ensure your iPad is secure so that you can continue to enjoy its rich functionality. Click here if you are here to learn about physical security products for your iPad/iPad 2 (cases/locks/mounts/etc) to prevent theft otherwise read on for our device security setting recommendations.

iPad Security Tips

1. Set up a passcode to help prevent unauthorized use of your iPad. If you do not set a passcode you greatly increase the chances of unauthorized use especially if your device gets lost or is stolen.

Go to General > Passcode lock to set your password and be sure to remember it

2. Set the Auto-Lock feature to automatically lock your iPad after a designated amount of inactivity. You should choose your auto lock time setting based on your normal usage but 30 minutes should work fine for most people.

Go to General > Auto lock choose amount of time (I recommend 30-60 min)

3. Disable Bluetooth if you do not plan to utilize it. If Bluetooth is active it is another potential vulnerability source so if you are not using it shut it off.

Go to General > Bluetooth, turn bluetooth off

4. Install iPad and installed application updates promptly when new updates are available. When hardware or software is updated by a vendor it is often is due to security vulnerabilities so it is best to stay current with these important updates

  • Connect iPad to your computer
  • Select iPad in the iTunes sidebar, then click the Summary tab.
  • Click “Check for Update.” iTunes tells you if there’s a new version of the iPad software available.
  • Click Update to install the latest version of the software.
  • Update all applications: At bottom of the screen, tap updates , then tap update all.

5. Enable fraud warning within Safari browser to enhance security and to get warnings about potentially fraudulent sites.

Change security settings: Choose Safari, then turn fraud warning on

6. Turn Pop Up Blocker On to enhance security and browsing experience (note that this stops only entry/exit induced pop ups not click through pop ups)

Change security settings: Choose Safari, then turn pop up blocker on

7. Backup your important data and and encrypt it within iTunes. You will be glad you have a backup if your device is lost, stolen, or has a significant hardware issue. Reference Apple’s iPad backup support guidance for additional details.

8. Mobileme account functionality is an extra cost but has some useful security features that could help minimize security implications if your device is lost or stolen. These features include:

  • Find my iPad which displays a message on your iPad if it is lost with hopes that a good samaritan will return it to you. Perhaps some type of reward would also be useful in this circumstance.
  • Remote Passcode lock– Allows you to remotely lock your iPad should the need arise.
  • Remote Wipe option – In the event that the worst case scenario occurs and your device is stolen you can minimize the damage by remotely wiping the data from the device that was formerly known as your iPad.

9. Erase data after ten failed pass code attempts – This is an effective control to prevent unlimited brute force password attempts vs. your iPad if it is lost or stolen. Be careful when implementing though since you will lose data you fail on 10 successive passwords so regular backups are a good prevention against potential data loss.

Go to General > Passcode Lock enter your passcode, turn on Erase Data

10. Choose your applications carefully – Make sure you choose applications wisely as 3rd party applications are not extensively validated by Apple and they can introduce new sources of vulnerabilities to your iPad (and additional required patches that need to be installed)

Bonus Tip: Simplify administration – If you are responsible for administering multiple devices you should utilize a configuration profile to simplify configuration of these security settings and other needed settings included VPN or email configuration. It is a more efficient way to effectively manage all of the iPads in your environment

Any other useful iPad security tips that I have neglected?