Cybersecurity – Nine Tips to Secure your iPhone
While Apple's iOS system is pretty secure, there are ways that your iPhone can be hacked. However, the good news is there are ways you can make your iPhone secure. iOS 13.4, Apple’s latest mobile software for iPhone and iPad packs in a bunch of new security and privacy features, which you can take advantage of and lock down your device. Here are few things you can do to keep your ios device safe.
1) Secure your Apple ID by using strong passwords and 2FA
Prevention:
Your password must have nine or more characters and include upper and lowercase letters, extra characters or punctuation marks and at least one number to make your password even stronger.
Enable two-factor authentication (2FA) - https://support.apple.com/en-us/HT204915
2) Avoid being a victim of Juice Jacking
Juice jacking is a type of cyber-attack involving a charging port that doubles as a data connection, typically over USB. There are two ways juice jacking can be used by cyber criminals:
- Data theft: During the charge, data is stolen from the connected device.
- Malware installation: As soon as the connection is established, malware is dropped on the connected device
Prevention:
a) Enable USB restricted mode in the Passcode settings by turning off the option
- Go to Settings > Touch ID & Passcode and type in your passcode. Then, scroll down and ensure that USB Accessories are not permitted on the lock screen, so make sure the setting is Off. (On an iPhone X, check your Face ID settings instead.)
b) Always use data blockers safely charge your phone in public places
3) Audit your Passwords
Even if you use a password management app or iCloud Keychain to remember the passwords for you, chances are you have at least one password that you’ve used more than once. The good news is that iPhone password manager comes with a useful feature called password auditing.
Prevention:
To review your passwords, go to the Settings app on your iPhone and follow the steps below.
a) Tap Passwords & Accounts
b) Select Website & App Passwords
c) You will be prompted to enter your password or use Touch ID
You’ll notice all locations where you have saved passwords and those you have reused will show gray triangles.
4) Disable "Load Remote Images" in email settings
The option that controls remote images in the Mail app is called Load Remote Images, and it is enabled by default. When you disable it, emails load faster, you use less data, the battery lasts longer, and senders can't track when you download their images or gather personal information.
Prevention:
a. Open the Settings app
b. Tap Mail
c. Scroll down to the Messages section. Disable Load Remote Images
5) Don't auto-join Wi-Fi networks
Auto join is a feature that allows your phone to automatically join any WiFi network it already has the credentials for, or open WiFi networks, without having to ask you to do anything. When you automatically join open public WiFi networks you put your data and privacy at risk. You could connect to a rogue network, and attacker can run exploit software that bypasses the secure sockets layer (SSL) Web encryption. From there, attackers can perform man-in-the-middle (MitM) attacks that allow them to observe passwords in transit and even forge links and other content on the websites users are visiting.
Prevention:
a) Go into Settings > Wi-Fi
b) Find the Wi-Fi you’d like to disable Auto-Join with
c) Tap the “I” that resides next to the Wi-Fi name
d) Toggle the Auto-Join toggle to off
6) Don't jailbreak your iPhone or sideload apps
Jailbreaking modifies the iOS operating system, usually via specialized software allows an iPhone or iPad run apps that have not gone through Apple's rigorous security audit. On iPhone and iPad, all apps are obtained from the App Store and all apps are sandboxed to provide the tightest controls. Apple provides layers of protection to ensure that apps are free of known malware and haven’t been tampered with. Additional protections enforce that access from apps to user data is carefully mediated.
The biggest problem with jailbreaking is that it disables the "sandboxing" feature of iOS, a key part of the operating system's security architecture. Jailbreaking an iPhone could let in hackers or malware and making you responsible for the security of your device. On a jailbroken iPhone, there's a very high chance cybercriminals can install malicious code such as keyloggers, banking Trojans, botnets and other forms of malware. This can allow the malicious apps to access address book, photos or location data without user knowing about it.
Prevention:
DO NOT Jailbreak your iPhone
7) Disable Location Tracking
Many of the apps on iPhone track our location data to better deliver information about local weather, local services, shops, or movie showtimes. A new report from The New York Times , reveals that this data is precise and collected up to 14,000 times per day. It’s so precise, in fact, that it’s possible to figure out intimate details of a person’s life merely by studying it. Worse, some apps sell this data to companies who then use it to push hyper-targeted ads to your phones.
Prevention:
a) Open Settings
b) Scroll down and select Privacy
c) Press Location Services
d) Scroll all the way down to System Services
e) Scroll down to Significant Locations and press it
f) You can completely disable the feature by untoggling Significant Locations at the top, however, that might be little extreme. Instead, you can disable specific app by scrolling down to that App’s listing and select it. You’ll see three choices: Never, While Using the App, and Always.
8) Fake Apps
Fake mobile apps mimic the look of legitimate applications, or provide legitimate functionality while hiding other malicious functionality, to trick unsuspecting users into installing them. Once downloaded and installed, these applications can perform a variety of malicious actions. Some are relatively benign: they merely display annoying advertising, aimed at generating revenue. Others are much more serious: they steal information and data, or they divert payments and revenue towards illegitimate sites. And it only gets worse, as some fake apps can take over functions such as the microphone or the camera, or damage the phone itself. In the worst cases, fake apps can lead to exploitation and ransomware, where the bad guys take control of the data on the phone and force you to pay.
Although Apps in Apple App Store go through a security audit yet many malicious apps circumvent Apples security controls. Last year in 2019, researchers uncovered 17 apps on Apple’s official App Store infected with malware. These Apps allowed the artificial click-through of ads, which is a violation of Apple’s guidelines. All 17 infected apps were published on the App Store by the same developer, India-based AppAspect Technologies Pvt. Ltd.
Prevention:
a) Do NOT follow links in emails or SMS that invite you to download an app from a website
b) Download Apps only from the trusted sources.
9) Smishing Attacks
SMS phishing known as Smishing uses cell phone text messages (SMS) to deliver the malicious links to obtain sensitive information such as usernames, passwords and credit card details by disguising. Some of the examples of Smishing messages:
- IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted.
- Your entry last month has WON. Congratulations! Go to [URL] and enter your winning code – 1122 – to claim your $1,000 Best Buy gift card!
Prevention:
Don’t click on links you get on your phone unless you know the person they’re coming from. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. Use unique, alpha-numeric, long passwords on all accounts and enable two-factor authentication. Verify the URL is what it claims and make sure a website is encrypted before entering any personal information on it.