While many people protect their iPhones with big, bulky cases, they are less careful when it comes to properly safeguarding their data. This negligent approach risks much more damaging consequences than a cracked screen.
Attackers today are compromising iOS devices via a variety of sinister methods, including breaching victims’ Apple’s iCloud accounts and the Find My iPhone app. Here is a sampling of threats that, hopefully, will scare you enough to follow the tips my security tips.
Ransoms. In my native country of Australia, attackers are remotely locking iPhones and requesting a ransom (typically $100) to unlock it. Even more ominous than the ransom message is that attackers can alert users of the ransom by blasting the ringer at full volume, even if it is muted.
Personal data theft. More valuable than cash for many attackers is access to the extremely personal data stored in iCloud. Because many people back up their devices automatically to iCloud, an attacker with control over someone’s iCloud can restore one of these backups to their own devices, gaining access to the victim’s iMessages, emails, documents, photos, videos and more.
Cyberstalking. Attackers also have the ability to silently track the movements of the victim by accessing the Find My iPhone app. Clearly, this creates the potential for a serious invasion of privacy, particularly when you consider that families often have multiple devices under one iCloud account.
While these are frightening prospects, users can protect their digital assets through four easy steps. While security experts regularly cite these defenses, they provide simple, surefire ways each user can take to mitigate the risk.
1. Set a strong Apple ID password. Let’s start with online security 101. While “123456” and “password” are easy to remember, they are also easy to hack. When many of Sony’s services were compromised in 2011, I analyzed the breached accounts and found some alarming results: passwords were predictable (more than a third were in a common password dictionary), simple (less than 1 percent had a non-alphanumeric character) and relatively short (usually 6 to 10 characters).
Make your password long, random and unique. You’re just asking for trouble if you reuse the same password across multiple independent services, particularly when you’re protecting something as valuable as iCloud or as potentially costly as the App Store and the iTunes Store.
2. Use a PIN. Prior to the introduction of Touch ID, Apple’s fingerprint scanner, half of iPhone users couldn’t be bothered to set up a passcode. The added convenience of Touch ID has likely lowered that figure, but I’d wager that many iPhone and iPad users are still playing with fire.
Without a PIN in place, attackers have the ability to set their own PIN and hijack the device. The aforementioned ransoms taking place in Australia can only target users who failed to implement a PIN. One important thing to remember — even if the device is just meant for kids, it can still connect to iCloud, so you need to put a PIN on it.
3. Enable two-step verification for Apple ID. Apple makes this is an optional security feature, but I would advise users make it mandatory. It involves configuring the account such that any attempt to login from a Web browser or a different device requires users to verify the login request using “something you have” (a 4-digit verification code sent to a trusted device) and not just “something you know” (the Apple ID password). It’s a fundamentally sound practice that puts a dead stop to attacks that abuse credentials.
4. Never entrust your Apple ID password to a third party. Phishing attacks are enormously popular with hackers because they continue to be extremely effective. Never hand over your Apple ID and password to a third party website or in response to an unsolicited email and be especially wary of prizes, giveaways or other promises of free gifts in return for logging in with your Apple credentials. If you want to check your Apple account, type apple.com directly into your browser and navigate to their login page rather than following a link that has been sent to you.
While many treat these basic security measures lightly, they can thwart many of the attacks currently being directed at iOS users. If you don’t have all these four boxes checked across all your devices, get them in place as a matter of priority. They just might save you $100.