With the Ipad being hacked this past week, Apple issued an apology to it’s loyal users. Here are some tips to keep your Ipad secure:
Hold on to Your Ipad
“Most simply put, the single most effective thing someone can do to protect their iPad from any security issues is just to hang on to it. Keeping the device under your physical control means you also have control over device and data access. If you can keep the iPad in your physical control, many other security concerns do not come into play,” Heimerl said.
Have a Password On It
The passcode blocks unauthorized users from accessing your apps and information. However, the passcode only provides limited protection; it can be bypassed by users with long-term physical control of the device. “If someone has prolonged control over your iPad and access to a PC, they can connect to the iPad with a PC and remove the passcode, allowing them to log onto the device,” Heimerl said. “An attacker can also bypass encryption on the iPad the same way.” Even if they don’t get access to the data, the attacker can reset the device, destroying your data and converting the device to their own use.
Another limitation of passcodes: “The keypad you use to enter your passcode always appears in the same place on the screen,” Heimerl said. This may leave a tell-tale pattern of fingerprints on your screen where you enter your passcode. “Of course, if you never clean the screen and leave fingerprints everywhere this may not matter at all, but it is something to keep in mind in how you use the device,” Heimerl said. (Hear that, guy who never wipes down his iPad? You’re not a slob — you’re security conscious!)
Enable Automatic Data Erase
“You can configure the iPad to erase all user data on the device after 10 failed passcode attempts,” Heimerl said. “Whether this is good or bad depends on the quality of any data backups, and how likely you are (or your children are) to exceed the 10 failed passcode attempts.”
He added, “While the iPad does not really erase the data, it does erase the key to the data which is actually stored on the iPad encrypted. So, since you no longer have the key with which you can decrypt the data the end result is essentially the same.”
Restrict the capabilities of the iPad
“To add additional controls, the iPad allows the user to restrict certain functions on the device, Heimerl said. Users can restrict access to Safari, YouTube, installing applications, and explicit media content. “This function is also passcoded so it could be configured by a corporate administrator and not changed by the end user,” Heimerl said. Of course, it can also be configured by a parent for a child’s iPad.
Use a Virtual Private Network
The iPad lets you encrypt all your Wi-Fi traffic using a Virtual Private Network (VPN) service.
While a little bit pricey at $99 per year to start, Apple’s MobileMe service provides several tools for syncing, backing up and securing data, “including the ability to sound a tone and/or display a message on a lost iPad if you have temporarily misplaced it,” Heimerl said. “If your iPad is stolen or completely lost, you can access MobileMe from a computer and can display the location of the device on a map in order to help find it. You can also use MobileMe to keep information in sync across multiple devices, to share information through iDisk, and, when you get desperate, to initiate a remote wipe of the device, thus removing all information from the device, including all potentially sensitive information.
However, “If the remote iPad is not connected via cellular or [Wi-Fi] network, it will not receive the remote wipe commands, so a determined attacker would likely take the iPad off the network before they worked on the system.”
Heimerl added, “The iPad also supports Microsoft Exchange ActiveSync. The remote wipe can be triggered via ActiveSync. MS Exchange ActiveSync can also be used to enforce additional controls and extended password policies beyond what the iPad can support natively.”
Jailbreak with care
“Jailbreaking is hacking an iPad so you can install non-App store apps and have access beyond Apple control,” Heimerl explains. “[W]hile it does give the user more control over the end device, it also removes some of the controls that help make the iPad more secure than a PC. In any case, jailbreaking the iPad dramatically changes the controls in the device, so the best we can say about security on a jailbroken iPad is that your results will be unpredictable. Besides that, jailbreaking an iPad automatically voids any warranty.”
Don’t Share Your IPad
The iPad is “essentially a single user device,” Heimerl said. Unlike a Mac or PC, you can’t create multiple user accounts on the iPad and block access to information between accounts, everyone with access to the iPad has access to all the information on the device, including e-mail and browser and personal information. However, users can protect their privacy in some ways, by disabling the option to autofill browser fields, and regularly clearing browser history, cookies and cache, Heimerl said.
Install software updates
“[T]o make sure the system is current, it is necessary to regularly connect the system to iTunes on a computer,” Heimerl said. “If a remote system does not have iTunes available, or is not connected for some length of time, it is possible that the system would miss a critical update and therefore be exposed to a risk that had been patched. For long-term use of the device in a corporate environment, IT will need a means to manage appropriate updates.”
Let us know any other additional tips you have!