Shutting down security gotchas in iOS 6

What to do if you have data on your iPhone or other iOS device that you want to protect

By Kenneth van Wyk, Computerworld |  Consumerization of IT, ios 6

I also recommend turning off access to Siri and Passbook when your device is locked. This will prevent an attacker from getting into a lot of your data; if Siri can be accessed from a locked device, then an attacker could just say, "Siri, what appointments do I have today?" for example. I write more about Passbook below, but if you're using it for anything important (such as payments or boarding passes), this setting will prevent an attacker from getting access to that data when the device is locked. Note that these are not the default settings, so you need to change them if you want to lock attackers out in this way. (Both of these things can be done on the Passcode Lock screen of General Settings.)

Now, how about all those whiz-bang new features in iOS 6? What are the security pitfalls for a consumer to avoid there? I'm glad you asked.

Let's start with Passbook. You can store movie tickets, boarding passes, payment credentials and a slew of other types of data in Passbook, provided that your vendor's app supports it. Passbook promises to be a convenient, single place to store things like that so that you can quickly access the bar-code data when you're at a movie theater, supermarket, airport and so on.

So how secure is Passbook? Well, it's brand new, so the jury is still out. Any application that touches our finances needs the highest levels of security. Encryption of the user data is a minimum requirement. Does Passbook adequately encrypt that data so your passes are protected on a lost or stolen device? Apple hasn't said. It needs to; with Passbook, it can't afford to display the cavalier attitude toward security that it sometimes has demonstrated.

In any event, the fact that a Passbook pass can be displayed on a device's lock screen means that Passbook isn't (at least by default) using the strongest built-in encryption supported by the platform. This reinforces my recommendations to use a strong passcode and to turn off access to passes on a locked device.

Until Apple is more forthcoming and the security community has done deep analysis on Passbook, it's probably best to use it only for things that you don't consider real money. I'll be testing it that way. And I would strongly suggest that you steer clear of Passbook if you aren't going to use a strong passcode on your device.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Consumerization of ITWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness