Category Archives: Apple

Secure your Apple iPhone or iPad

Your mobile goes with you everywhere. You use it multiple times a day to send email, do your banking, send memes to loved ones via your favourite social media platform, and on occasion you might actually use it to call someone.

Mobile devices have replaced the desktop computer as the main device for much of the population. This is because they are so convenient. You can check the weather before you get out of bed, you can order a pizza without getting off the lounge, and you can laugh at funny videos on YouTube without leaving the comfort of your toilet.

Jokes aside, these devices are popular items sought by criminals who want to steal them or steal data from them.

One thing I have noticed over the years is many people choose to have no passcode. Often their excuse is “they have nothing to hide” or “don’t have anything a hacker would want”.

The downside to this is that if you were to lose your device or have it stolen the criminal have full access to your device. This would allow them to reset online accounts, including your online banking, or paypal. Which brings us to the first step in how to secure your Apple device: Setting a passcode.

Setting a Passcode

Setting a passcode on your device will help to prevent someone gaining access to your device if it was misplaced or stolen. The default option for Apple is a six digit passcode. This should be random, and not something that follows a pattern. i.e. 123456 or 000000. Try to avoid things like digits from your phone number, or important dates such as birthdays or anniversaries.

To set a passcode go to: Settings > Face ID & Passcode (Touch ID & Passcode for older devices) and then Tap Turn Passcode On.

You will then be prompted to enter and confirm your new passcode. This will need to be typed in each time you unlock your device, but it becomes second nature very quickly.

To make things a little easier your can opt to use Touch ID or Face ID on compatible models. This allows your to unlock your device with a finger print or simply by looking at your phone.

If you forget your passcode you will not be able to gain access to your device without performing a factory reset. Ensure you store your passcode somewhere securely away from your device or in a password manager.

Automatic Updates

Apple Devices are reasonably secure out of the box due to Apple taking a “walled garden” approach to security. Apple have strict requirements for app developers to meet before their app can make it onto the AppStore. This means there are fewer malware samples in the wild, compared to Android devices, that can infect Apple devices. This doesn’t make the device 100% secure. Apple devices can still be attacked by exploiting vulnerabilities in software or in apps. To keep your device safe it is recommended to install software and app updates at your earliest convenience.

Updates can be installed automatically, which is highly recommended. This way the updates install without you needing to worry.

To enable automatic updates for Apps go to: Settings > ‘Your Name’ > iTunes & App Store. Tap the toggle switch for App Updates. If the toggle switch is green this indicates your Apps are updating automatically.

To enable automatics updates for iOS go to: Settings > General > Software Updates > Automatic Updates. Tap the toggle switch for Automatic Updates. If the toggle switch is green this indicates iOS is updating automatically.

Enable 2FA for your Apple ID

Two-factor Authentication or 2FA helps to secure your account by requiring a second factor (i.e. a code sent to your mobile) along with your password when signing into a service. I highly recommend enabling this for any account that supports it.

To enable it go to: Settings > ‘Your Name’ > Passwords & Security

Tap Turn on Two-Factor Authentication and then tap continue.

You will be asked to enter your mobile number. Apple will send you a one time code which your Apple device should automatically read. If not, you will need to copy and paste the one time code from the text message. 2FA will now be enabled for your Apple ID.

This means if anyone was to guess your password they would not be able to access your Apple ID without also having access to your mobile device.

Turn of Notification Previews

Notifications previews are a handy feature but they can pose as a privacy risk as well as a security risk.

When you receive a message via most messaging apps, a notification will display on the screen with a preview of the message, and whom it was from. This can pose as a security risk if you were to lose your phone. A criminal could read a text message containing a one time code without needing to unlock your phone. This may allow the criminal to reset you banking or other online services password.

You privacy can also be at risk. Someone who has access to your phone but doesn’t know your passcode can still read part of the message from the lock screen. This means anytime a message comes through on your phone, anyone that can see the phone screen at that time can read the message.

Turn off or limiting the notification is simple:

Go to: Settings > Notifications.

Under Show Previews choose one of the following options:

  • Always – Always show previews on the lock screen
  • When Unlocked – Only show previews after you have entered your pin, or unlocked with Touch ID or Face ID.
  • Never – Never show a preview of the message.

At a minimum I would recommend selecting When Unlocked.

Find My

Find My is an App that can be downloaded on your Apple Devices and can assist you in finding your misplaced device. The app comes installed on most new devices but if you cannot see it, or you’ve deleted it, you can download it from the App Store. One you open the app you will be required to sign into your Apple ID. You will also need to enable location services.

Once enabled, you can log on to iCloud on your computer or use the Find My app on another device to view where you device is on a map and to use the following features:

Play Sound – If you’ve misplaced your device at home you can make your device play a sound, even if it is muted.

Mark As Lost – If you have lost your device away from your home you can put it in lost mode. This will display a custom message on your devices screen, as well as a phone number to call. It also allows you to receive updates of your phones movements via email.

Erase Device – If all hope is lost of getting back your device you can ensure no-one gets access to your data by erasing the phone. The phone becomes useless to anyone who doesn’t have access to your Apple ID as this is required to get the phone up and going again.

People have a lot more sensitive data on their devices than they think at first. Having the “I’ve got nothing to hide” mentality is all good and reasonable until you actually lose a device. Following these steps should help you to keep your phone and data in safe hands. For more tips visit our Tech Tips page!

Apple iOS 10.3.2

Time to update your iDevices to iOS 10.3.2.

Apple iOS 10.3.2 patches vulnerabilities in Webkit, Safari, Kernel, SQLite, and iBooks.

Vulnerabilities being patched may lead to arbitrary code execution, allow code to run with root or kernel privileges, or allow an attacker to read restricted memory.

iBooks can be exploited with a specially craft book, which may allow a malicious website to be opened without user permission. This could potentially be used to then exploit Safari and Webkit vulnerabilities, or lead to phishing websites.

Vulnerabilities in Webkit, which is used by Safari and other web browsers, can be exploited when a user visited a malicious website arbitrary code execution, or cross-site scripting.

Apple iOS 10.3.2 is available for iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later.

Update your iDevices to iOS 10.3

Apple have just released the latest version of their iOS software bringing the version number to 10.3. iOS 10.3 is packed with important security updates as well as several new features.

iOS 10.3 is available for iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later. Older devices are no longer supported by Apple, and should be replaced to ensure that you are able to patch any known vulnerabilities.  Vulnerabilities, left un-patched, can be exploited by an attacker, and could potentially allow access to personal files, or your device could be used for malicious activities.

10.3 patches many vulnerabilities, over many core services.

Safari and Webkit both have many important updates. Webkit is the browser engine used by many third-party apps on your device. These patches fix vulnerabilities that can lead to performance degradation by high memory consumption, arbitrary code execution which may allow an attacker to run malicious code on your device, and address bar spoofing which may allow an attacker to make a fake website appear to be legitimate.

Vulnerabilities have been patched to prevent attacker performing malicious activities by tricking a user into opening a malicious JPG, dfont, or PDF.

Updates have also been made to Kernel, to prevent apps running arbitrary code with kernel privileges. This prevents apps from being able to run malicious code.

Some other vulnerabilities require physical access to the device, and left un-patched, may leak private data such as Apple ID, info stored in the pasteboard, and pages viewed in Private Browsing. Updates have also been made to Siri to stop her revealing contents of a text message if the device is locked.

Other updates improve the stability of the device. More information can be found on the Apple Website.

iOS 10.3 introduces only several new features.

The major new features is the upgrade to a new file system. The new file system, APFS, was designed by Apple to help improve performance and storage management on their devices. This is especially handy for older, still supported, Apple devices.

I recommend backing up your devices before installing 10.3. If the upgrade fails during the file system upgrade, there is a good chance your data will be lost. I recommend doing all major upgrade via iTunes on your PC or Mac.

Another new feature is the ability to find your lost AirPods. AirPods are Apples new wireless headphones. Because AirPods are so small, it is inevitable you will misplace one or both at some stage. Find my AirPods works like the Find my iPhone and Find my iPad features already offered by Apple.

Other minor changes are a few user interface settings, the ability to see what devices are on your iCloud account easily from the settings menu, and developers get the ability to reply to app store reviews, or change App icons without an update being release.

I highly recommend install iOS 10.3 sooner, rather than later, to ensure your devices are kept secure.