Mobile Security: Protecting iPhones and iOS Devices
As I pointed out a few weeks ago, Android accounts for more than 97% of malware; and Apple, Blackberry and Windows phones together account for less than 1% of all malware. In fact, according to network security firm Fortinet, there have been only three cases of a malware-infected app making it into the Apple App Store since its launch in mid-2008. Those apps were removed from the app store once they were discovered. Given that there are around 1.2 million apps in the Apple App Store, having only three rogue apps slip through in six years is pretty amazing.
The article also points out is that there have been an additional eight malware sightings on jailbroken iPhones—devices on which Apple’s security features have been removed in order to download third-party apps. This means that, regardless of the few instances of malware that have been found in the App Store, iPhones are not 100% safe from malware.
While it is very difficult to infect an iPhone through the Apple’s App Store, clever fraudsters have found a way around that. It is possible for a Mac or PC to become infected with malware that can in turn load malware on an iPhone or iPad that syncs with the computer. A new variant called WireLurker can actually infect an iPhone that has not been jailbroken, which is a particularly troubling development. This means protecting your iPhone requires you to protect any devices it connects to.
With that in mind, here are some tips for protecting your iOS devices from trouble:
- Don’t jailbreak your iPhone. Jailbreaking your iPhone opens you up to a great deal of risk you would not otherwise have. If you want to make changes to your phone that Apple does not allow, you are really better off getting an Android where there are security products that can help protect you.
- Set a passcode on your device. Setting a passcode on your iPhone or iPad enables data protection (encryption) on the device and prevents others from reading data on the device, even if they have direct access to its memory.
- Encrypt any backups you make in iTunes. Some people back up their devices to iCloud, and others back them up to iTunes on a PC or Mac. If you are backing up in iTunes, be sure to select the option to encrypt the backup. That way if your computer is compromised in some way, your iPhone backups will not be accessible to other people.
- Make sure your computer has updated anti-virus protection as well. Syncing your device with a computer is another way malware can get on your mobile device.
- If you use a Mac, don’t download apps from third-party stores or sites. Third-party app stores are how fraudsters are currently delivering the WireLurker malware, and there is no good way to tell which apps are infected and which aren’t. So stick with Apple’s App Store.
- Turn on the “Find my iPhone” feature. If you have multiple devices using the same Apple ID, you can use one device to find the others, or use the service on the icloud.com website. You can also set it to “lost mode” which locks the device with a passcode and tracks it or, in dire situations, wipe the device entirely.
|Tim Grove, vice president of systems development, has been with EECU Credit Union’s information technology team since 1999, and is responsible for the programming and development of EECU’s website as well as all online and mobile services. Tim holds an undergrad degree in marketing from Oklahoma Christian University as well as an MBA from the University of Texas at Arlington, and has served marketing and IT teams at companies including Canon, EDS and Halliburton.