Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Nine tips to secure your iPad

How to keep your data safe on the Apple tabler

Article comments

The recent AT&T data leak underscores the need for iPad security precautions. A few simple steps can help protect confidential data.

AT&T apologised Sunday for a hack that exposed thousands of customers' email addresses last week, and said it will work with law enforcement to prosecute those responsible.

A hacker group called Goatse Security got about 114,000 email addresses of people including White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg by exploiting an authentication page on AT&T's Web site. The group found that the page would return an email address associated with a particular iPad if they entered the correct serial number for that iPad's SIM card. The group wrote code that would randomly generate serial numbers and query the website until it got email addresses back.

The AT&T attack emphasises the need for users to take precautions. As a multipurpose computing device, the iPad is susceptible to a wide variety of attacks. Jon Heimerl, director of strategic security for Solutionary, an enterprise security service provider, shared some tips via email to me on how users can protect themselves.

Keep an eye on it

"Most simply put, the single most effective thing someone can do to protect their iPad from any security issues is just to hang on to it. Keeping the device under your physical control means you also have control over device and data access. If you can keep the iPad in your physical control, many other security concerns do not come into play," Heimerl said.

Use a passcode when taking the iPad out in public

The passcode blocks unauthorised users from accessing your apps and information. However, the passcode only provides limited protection; it can be bypassed by users with long-term physical control of the device. "If someone has prolonged control over your iPad and access to a PC, they can connect to the iPad with a PC and remove the passcode, allowing them to log onto the device," Heimerl said. "An attacker can also bypass encryption on the iPad the same way." Even if they don't get access to the data, the attacker can reset the device, destroying your data and converting the device to their own use.

Another limitation of passcodes: "The keypad you use to enter your passcode always appears in the same place on the screen," Heimerl said. This may leave a tell-tale pattern of fingerprints on your screen where you enter your passcode. "Of course, if you never clean the screen and leave fingerprints everywhere this may not matter at all, but it is something to keep in mind in how you use the device," Heimerl said. (Hear that, guy who never wipes down his iPad? You're not a slob - you're security conscious!)

Consider enabling automatic data erasing

"You can configure the iPad to erase all user data on the device after 10 failed passcode attempts," Heimerl said. "Whether this is good or bad depends on the quality of any data backups, and how likely you are (or your children are) to exceed the 10 failed passcode attempts."

He added, "While the iPad does not really erase the data, it does erase the key to the data which is actually stored on the iPad encrypted. So, since you no longer have the key with which you can decrypt the data the end result is essentially the same."

Restrict the capabilities of the iPad

"To add additional controls, the iPad allows the user to restrict certain functions on the device, Heimerl said. Users can restrict access to Safari, YouTube, installing applications, and explicit media content. "This function is also passcoded so it could be configured by a corporate administrator and not changed by the end user," Heimerl said. Of course, it can also be configured by a parent for a child's iPad.

Use a VPN

The iPad lets you encrypt all your WiFi traffic using a Virtual Private Network (VPN) service.

Get MobileMe

While a little bit pricey at $99 per year to start, Apple's MobileMe service provides several tools for syncing, backing up and securing data, "including the ability to sound a tone and/or display a message on a lost iPad if you have temporarily misplaced it," Heimerl said. "If your iPad is stolen or completely lost, you can access MobileMe from a computer and can display the location of the device on a map in order to help find it. You can also use MobileMe to keep information in sync across multiple devices, to share information through iDisk, and, when you get desperate, to initiate a remote wipe of the device, thus removing all information from the device, including all potentially sensitive information.

However, "If the remote iPad is not connected via cellular or [Wi-Fi] network, it will not receive the remote wipe commands, so a determined attacker would likely take the iPad off the network before they worked on the system."

Heimerl added, "The iPad also supports Microsoft Exchange ActiveSync. The remote wipe can be triggered via ActiveSync. MS Exchange ActiveSync can also be used to enforce additional controls and extended password policies beyond what the iPad can support natively."

Jailbreak with care

"Jailbreaking is hacking an iPad so you can install non-App store apps and have access beyond Apple control," Heimerl explains. "[W]hile it does give the user more control over the end device, it also removes some of the controls that help make the iPad more secure than a PC. In any case, jailbreaking the iPad dramatically changes the controls in the device, so the best we can say about security on a jailbroken iPad is that your results will be unpredictable. Besides that, jailbreaking an iPad automatically voids any warranty."

Share with care

The iPad is "essentially a single user device," Heimerl said. Unlike a Mac or PC, you can't create multiple user accounts on the iPad and block access to information between accounts, everyone with access to the iPad has access to all the information on the device, including e-mail and browser and personal information. However, users can protect their privacy in some ways, by disabling the option to autofill browser fields, and regularly clearing browser history, cookies and cache, Heimerl said.

Also, users can use software like 1Password, which encrypt information stored in the app.

Install software updates

Apple regularly updates its operating system software on all devices to keep up with the latest vulnerabilities. "[T]o make sure the system is current, it is necessary to regularly connect the system to iTunes on a computer," Heimerl said. "If a remote system does not have iTunes available, or is not connected for some length of time, it is possible that the system would miss a critical update and therefore be exposed to a risk that had been patched. For long-term use of the device in a corporate environment, IT will need a means to manage appropriate updates."

Are you worried about iPad security? How do you protect yourself?


Share:

More from Techworld

More relevant IT news

Comments

BusyBody said: Does this support VPN connectivity using IPSEC




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *