For iOS7,and 8.
Securing your iOS Devices
Section 1: Introduction.
In order to display customized text to meet your needs VoiceoverEasy.net needs to know if you want to learn about iPhones or iPads.
DeviceNumber = -1
DeviceType = iOS Device
In this lesson you will learn about techniques to operate your iOS Device in a more secure manner designed to prevent the loss or theft of your device and the data that is on it. At the end of this lesson you should be able to:
- Understand terms used in internet security today and how they may impact you.
- Know how to set up a password for your iOS Device.
- Find or protect your iOS Device in the event that it is lost or stolen.
- Backup the data on your iOS Device
1.1: Security vs. Convenience.
Does your front door lock? Does it have one lock, two locks, or maybe three? Why not eight? Eight locks is certainly more secure than one or two, but it would be awfully inconvenient to unlock and lock them again every time you go in and out of your house. You’ve got to find the balance of security and convenience that’s right for you. Of course, you could simply stay inside and never leave your house. It’s very secure, but not very practical or healthy.
Digital security works the same way. There are many things you can do to make all your iOS devices secure. You have to decide which ones are right for you, and how much security you need.
1.2: Turtles and Ostriches .
Sometimes hearing about cyber threats can be pretty unnerving, but remember as of 2012 over a billion people use computers, smart phones and tablets all the time. By being aware of some simple rules and protection techniques, most of them do so without incident. So shutting yourself away from these devices is no more practical than sealing yourself in your home. You'll miss out on a world of information, and quite possibly a whole lot of fun.
On the other hand burying your head in the sand and ignoring the threats that are out there is very dangerous. With a few simple steps you can protect yourself, those you communicate with, and your data. The key is to understand the most common risks and how to limit them.
I have been lucky enough to work in information technology support for over 30 years. I have taught a number of technology classes on and off during that time on a variety of subjects, including security, but I am NOT a security expert. I have had the opportunity to acquire good general knowledge, and to work with security experts in network, server and personal computer security, and I have been an iphone user since June of 2013. I hope some of my experiences can help you use your iOS Device in an informed manner and feel a little more comfortable in its use.
SECTION 2: Terms you should know.
Before we talk about security for your iOS Device, you’ll need to understand some basic terms and how they relate to the digital world. As you read this, you may wonder if we are talking about things to help with your Smartphone and tablet, or things related to your home and office computers. The answer is “Both.” After all, what is a Smartphone or tablet but a very portable computer?
A hacker is someone who attempts to gain access to digital systems without the knowledge of the system owner or user. A “white-hat” hacker is someone who does this to expose security flaws in a system and to get manufacturers to initiate a correction. On the other hand “Black-hat” hackers do it to prove to their peers that they can do it, steal money or information, destroy or corrupt data, send a message, or prevent digital systems from working properly. This last is called a “denial of service” attack. Hackers are not just kids anymore. They are well funded criminal organizations, thieves, business men and agents of governments. They even have conventions!
Viruses are segments of digital code which can replicate themselves. Although there are not yet as many viruses for cell phones as there are for computers, the number is growing. Viruses can send emails, corrupt or destroy data, get your iOS Device to do things without your knowledge, and transmit information on the system to a hacker. Software to detect and block these viruses is called Anti-virus software.
SpyWare is software designed to hide in your iOS Device or other computer and gather information about you. It then makes that info available to companies, individuals or governments. It does this without your knowledge. SpyWare can track browsing habits, how you spend money, your location via GPS, and other things as well. SpyWare usually enters your iOS Device through a piece of downloaded software such as a game, but it can also be installed when you browse a disreputable web site, or when you view email messages designed to look like web pages.
Viruses, SpyWare and other software designed to do harm is collectively known as MalWare.
2.5: Public and Private Wireless Networks.
A public wireless network is one that you do not need a password to join. Simply being in the geographic area covered by the network is enough to gain access. Airports, hotels, and cyber cafes are examples of public networks. You never know who else is on them monitoring for unprotected devices or traffic. You can join them, but you should make a conscious decision to do so. It is more secure to let your iOS Device prompt you to join networks. See Section 6.6 below.
Private networks are secured by passwords. They transmit data using encryption and are more secure than public networks. The security of the network depends on the strength of the entry password and the strength of the encryption.
2.6: Social Engineering.
Not all attacks are made by hidden software. Often hackers and criminals will try to trick you into doing something to hurt yourself. For example, a web link might say “Click here to protect yourself from viruses.” When you do, you get one.
Often hackers and criminals will pretend to be people or companies you do business with. They try to get you to reveal passwords and other private data. Sometimes they pose as charities or people who are down on their luck to get you to donate money. These are all forms of social engineering.
HTML stands for Hyper Text markup Language. It’s the language that web pages are written in. While this is not a “security term,” it helps to understand that it’s there. Did you ever wonder when you review web sites how the page knows to make some text a heading, other text simply plain, and some text an active link? How does your iOS Device know to play music when the page opens, or to run an animated clip? The answer is that in addition to the text and images shown when the web page is displayed, there are hundreds of hidden commands that tell the web page to appear or act just so. Many companies also use HTML when they send you emails so they can embed links or make the message more fancy. Unfortunately, unscrupulous web site owners and hackers can embed other commands in the hidden HTML code as well.
SECTION 3: General Security Tips.
There are many safeguards you can implement, but your alertness is the first, best line of defense against security threats. This section contains security tips for operating your computer, smart phone or tablet. They will help you make an informed decision on which specific iOS security settings discussed in later sections are most important for you to implement.
3.1: Using and Choosing Passwords.
Passwords are the most common way to protect your data and accounts, but weak passwords afford minimal protection, if any at all. The stronger your passwords are, the harder they are to guess or crack. Here are some rules to help you choose strong passwords.
- Whenever possible passwords should have at least 8 characters.
- Passwords should contain a mixture of upper case letters, lower case letters, digits and at least one special character like an underscore, ampersand, percent sign, number sign, at sign or exclamation point.
- VoiceOverEasy.net recommends that your passwords should NOT contain spaces, slashes, back slashes, apostrophes, periods, or stars.
- Passwords should be difficult for someone else to guess, but easy for you to remember. DO NOT choose passwords that are easy to guess based on information about you. Examples: Avoid your birthday, Anniversary, address, telephone number, family members’ names, combinations of family members’ initials, pets names, and things like “ABCDE” or “123ABC.”
- If you use the four digit PIN, see below, stay away from codes that make shapes like “1 3 9 7,” four corners, or “5 6 9 8” which make squares.
- Try not to use the same password for everything. Having a mix of two or three spread among your accounts is best. If one is guessed, at least some of your data is still secure.
NOTE: In researching this lesson VoiceOverEasy.net came across some information on the ten most commonly used four digit passcodes. One out of seven people use them. Most are covered by rules one and two above, but here is the cream of the crop.. “5 6 8 3” which spells “Love”, “0 8 5 2” or “2 5 8 0” which make a line up or down the phone respectively. “0 0 0 0”, really!? And the number one worst lock code is……, wait for it . . . Over 9,000 people in the test group had it, 1, 2, 3, 4! In one of the most inspired, thought provoking science fiction movies ever made, Space Balls, Mel Brooks said it best. “Sounds like the combination an idiot would have on his luggage.”
3.2: Safeguarding Passwords.
You should NEVER share your passwords or account numbers. No reputable company or technician will ever ask you to divulge your account password. They don’t need it to troubleshoot a problem you may be having. If you get an email asking for your password, delete it. If you get a call supposedly from your bank or credit card company, hang up and call them back on their customer service number to ensure you are speaking with a legitimate company representative. You’ll usually find the number on your statement or on the back of your credit or debit card.
If you must write passwords down, keep them in a locked drawer or other secured place. Storing them under your keyboard or in a file on your computer is like leaving your front door key under the mat.
3.3: Phishing Attacks.
Spelled with a P H instead of an F, a phishing attack is one designed to trick you into revealing some key piece of information, like a password or account number. Let’s consider the following situation:
It’s a very pleasant morning. The sun is shining, the birds are singing, and there’s not a cloud in the sky. Old Blue Eyes is singing on your stereo, when suddenly the phone rings. A man on the other end says, “Hi, my name is Steve, and I’m from the on line service department of your credit card company. There’s been some suspicious activity on your account and we need your username and password to check it out.”
The sun is still shining. The birds are still singing, but hopefully there are some alarm bells going off. What should you do?!
The call just described is an example of a phishing attack. Once Steve gets your user id and password to whatever system he's calling about, he can use the credentials to steal money, impersonate you, or acquire secrets from your employer.
Signs of phishing attacks
- The email or caller claims to be from your employer, Bank or other plausible location and asks for information they should already have.
- The caller or email is non-specific. Note in the call above Steve never said which company he was from. Actually, had you continued with the call he might have said, ”Let me confirm which card you are looking at” and waited for you to fill in the type.
- A link in an email directs you to a website that looks real, but often has a subtle flaw in the address. For example www.MahsterCard.com. Your screen reader probably didn't pronounce it, but there was an extra "h" between the letter A, and the letter s in MasterCard. It's a good idea to check the spelling on these links a character at a time at least up through the .com, .net, or .org extension.
- An email or caller claims that you must update or validate information and threatens dire consequences if you don't act.
- Often fraudulent emails have bad grammar or spelling.
- Remember, no reputable company will ever ask for your password via email or over the phone.
Protecting Yourself from Phishing Attacks.
- Don't open links from email. Retype them or use bookmarks.
- Contact your bank, employer or other organization using a number you know to be legitimate. It's the best way to find out if the email or call you received is valid, and it's a good way to help the company find out if someone is sending fraudulent emails or making phone calls pretending to be them.
- Delete suspicious or unexpected emails. If the subject looks suspicious, don’t even open them. Remember the HTML we talked about earlier? The email could contain hidden code that activates when you open the message.
- Never give out organization, personal or financial info to anyone via email or to an unsolicited phone caller.
3.4: Social Networks.
Sites like Facebook, MySpace, linked in and the like are great tools for keeping in touch with friends and colleagues. These are called social networks.
Social Networking Protection.
- Before you post, use the “Mom test.” If you wouldn’t want your mom to review it, don’t post it! Don't count on your privacy settings to protect it.
NOTE: Many prospective employers make it a regular part of their hiring process to check social media sites for information about you. If you like to post stories about how "wasted you got" last weekend," or how terrible your current employer is, this is highly likely to adversely impact your chances of getting that new job.
- Check Your privacy settings often. Sometimes social networks upgrade their software and change the settings without your knowledge. Limit access to your page to the smallest group possible, usually friends.
- Use strong passwords
- Don't give away your location through GPS or location links.
- If possible, validate all "friend" requests via phone or email outside of the social network before accepting them.
- Beware of links to games, quizzes and other applications. These applications can contain tracking software or virus infections.
- Be careful what personally identifiable info you post, Never post SSNs, Mom's maiden Name, your Place and date of Birth, or your exact street address. These types of information can be used to steal your identity.
- Don’t post information that indicates you or your home are vulnerable. For example : "I’m independent and single," "I’m enjoying my trip. Be back in two weeks,” "I’m going to the bank,” or, "my spouse is away this week on a business trip. These can make you a target for burglars and worse.
3.5: Traveling with mobile devices.
- Keep your screen locked when you are not using your device.
- Be careful what's visible on your screen. This is especially true for low vision users who use magnified fonts. If possible, sit in airports or restaurants so that people are not able to stand behind you and read over your shoulder. It's almost impossible for a blind or low vision person to detect this type of behavior. Totally blind users can use the Toggle Screen Curtain gesture to turn their screen completely off.
- If you are not using the Bluetooth features of your device, turn Bluetooth off. This will also save your battery.
- Only join wireless networks when you need to. A hacker can gain access to your device through unsecured networks.
IMPORTANT! Banking, shopping, and other transactions involving personally identifiable information over a public (unsecured) WiFi network, such as those found in cafes, airports, hotels and so on may not be safe. If you use one of these networks, take the time to check with the staff in the area to ensure you are joining the correct network. Anyone can create a public network and make it look official with names like "Airport_WiFi," "Starbucks1," or just about anything else. For mor info on the dangers of using public WiFi for banking and shopping see Why public wifi is a hacker's playground for stealing information.
The remaining sections of this document are specific to your iOS Device. Model specific features will be noted in the heading preceding each section.
SECTION 4: Theft and Loss Protection.
There are several things you can do to prepare for a lost or stolen iPhone or iPad. First you’ll want to ensure that the person who finds or steals your device can’t access your personal data. Second, you should be sure your data is backed up. Then if you have to get a new device, you can restore your data. Third, you’ll want to be able to locate your device if it goes missing, and fourth, you’ll want to give an honest person who finds it a way to return it to you without giving too much information.
This setting controls the maximum amount of time your iOS Device will remain inactive before the screen is locked. It works in conjunction with the "Require passcode" setting. If you use only this setting to lock the screen after a certain time of inactivity, your iOS Device can be unlocked by anyone. The only advantage to a locked screen without requiring a passcode is that it prevents accidental button presses. The AutoLock options can be found in the Settings application by doing the following steps.
- The Icon for the Settings app is on the Home Screen. You can use an Activate gesture on it to launch the app.
- Explore down the left side of the displayuntil you find the General" button and Press it. The General Settings Screen appears.
- Explore down the General sub menu until you find the "AutoLock" button.
- Activate the button. The Autolock options screen appears.
Alternatively, if you have a good 3G, 4G, LTE, or WiFi internet connection, you can activate Siri instead as discussed in Unit 5: Siri and say, "Display AutoLock Settings."
From the AutoLock Settings Screen you can choose to have your iOS Device lock the screen after 1, 2, 3, 4, or 5 minutes. You can also choose the "Never" option. Choose the option you want by Exploring down the screen until the option you want becomes the Current Item and then using the Select gesture to lock in your choice.
If you set this option to “Never”, then your iOS Device will lock only when you push the lock button. If you do this, you should get into the habit of manually locking your screen with the lock button when you are not actively using your device.
4.2: Setting a passcode for your iOS Device.
IMPORTANT! If you do not set a passcode, all data stored on your device is NOT encrypted! This means that anyone who steals your device will have access to all the data including contacts, emails, Text messages, photos and any other data you’ve stored. Setting a passcode is the single most important feature you can implement to protect your security and privacy.
To access the Passcode options, launch the Settings app from the Home Page, then activate the "Passcode" button from the Settings main menu.
Alternatively, you can activate Siri and say "Show Passcode settings."
NOTE: If you previously set up a passcode, you will be prompted to enter it before proceeding.
At the top of the screen just below the Status Bar is a heading which reads "Passcode Lock."
Turning on Passcodes.
The first button on the screen below the heading toggles the passcode on and off. If it says “Turn Passcode On,” activate it. When you do, you will be prompted to enter a new passcode. You must enter it twice to confirm it. When you finish, skip the “Change passcode” button and go to the Require Passcode button.
The Require Passcode Button.
This feature allows you to set the maximum amount of time your device can remain on the locked screen without requiring the passcode. The shorter you make this time, the more secure you will be. Entering the passcode often can be inconvenient, but choose the shortest time span you can manage.
- Press the Required Passcode button.
- When the Require Passcode options appear, use the Select gesture to choose the delay you want.
- Use the Back button to return to the Passcode Screen.
IMPORTANT! If you require a passcode but do not set your screen to autolock or lock it manually as described in Section 4.1 above, the passcode feature will not engage. The device must be on the locked screen in order for the passcode to be required.
4.3: Adding letters and Special Characters to Your Passcode.
By Default when you first add a passcode to your iOS Device, you can enter either a four or six digit number. These may be easier passcodes to enter, but they are not Strong passcodes as described in Section 3.1 above. You can create stronger passcodes by adjusting the setting described below.
The Change Passcode Button.
Below the "Turn Passcode On/Off button there is a Change Passcode button. In addition to allowing you to change your passcode, it also gives you several options for its length and format. Follow these steps to strengthen your passcode.
- Activate the "Change Passcode button.
- Enter your current passcode. Touch ID will not work here. If you enter your passcode successfully, the Change Passcode screen appears.
The Change Passcode Screen has an Action Row at the top with a Cancel button on the right. The keys for typing your new passcode are at the bottom, and centered just above the keys is the Passcode Options button.
- Activate the Passcode Options button. The typing keys will be replaced by four buttons.
- Press the button which reads Custom AlphanumericCode.
- The standard typing keyboard appears in place of the numeric keypad. Also note that the Cancel button has now moved to the left side of the Action Row, and a Next button has appeared on the right.
- Enter a strong passcode as described in Section 3.1 above.
- When you are finished, press the Return key or the Next button.
- Confirm your passcode by entering it again. Note that the Next button is now a Done button.
- Press the Return key or the Done button to complete the change.
The table below describes all the options found when the Passcode options button is pressed.
Replaces the numeric keypad with the standard typing keyboard. You can enter passwords with upper and lower case letters, numbers, and special characters like punctuation marks. Whenever you are prompted to enter your passcode, the standard typing keyboard will now appear.
Custom Numeric Code.
Allows you to enter a passcode of variable length composed only of digits.
Four digit numeric code.
This is NOT recommended by VoiceoverEasy.net. This allows you to set a four digit passcode.
Returns you to the Change Passcode Screen without changing any passcode options.
NOTE: If you choose either of the "Custom" options, You must press the Return key or the Done button each time you finish entering your passcode. The Done button appears on the right just below the Status Bar.
Restricting Access to Some Features While Your iOS Device is Locked.
The next set of buttons can be used to restrict access to various functions from the locked screen. When the function is off, it cannot be accessed while your device is locked. Unfortunately, VoiceOver neglects to tell you that these are buttons. It may be less convenient to unlock your phone to gain access to these features, but it is far more secure to limit at least some of these functions.
Denying Functions from the Locked Screen.
||When this setting is On, the Today section of the Notifications Screen is visible from the locked screen. Anyone who picks up your iOS Device can see your schedule and reminders for the day, or for each new day that they have your device. They will know when you are home, when you are away from home, and where you may be at any given time you have a scheduled appointment or event. VoiceOverEasy.net STRONGLY recommends turning this feature off.
||When this setting is On, any alerts and updates your iOS Device has received can be seen from the locked Screen.
Since Siri can do many things with your iOS Device that would reveal information to thieves including; allow them to place international calls, turn off VoiceOver, and display Emails and contacts, VoiceOverEasy.net STRONGLY recommends that you turn Siri OFF from the locked screen.
4.4: Erase Data
If this setting is ON, all data will be wiped from your iOS Device after 10 consecutive failed passcode attempts. The data cannot be recovered, Unless you have made a backup. VoiceOverEasy.net recommends that you turn this feature ON. However, you should be careful that you regularly back up your iOS Device. See Section 5 below.
4.5: Find my iOS Device.
If your iOS Device is lost or stolen, you can attempt to locate it. This feature won’t tell you which room it’s in, but it should get you to the right address. This is a two part process. For Part 1 you need to go to the iCloud Options Screen.
Part 1: Setting Up Your iOS Device.
If your iOS Device is not set up to log into your iCloud account, please set it up to do so now. If you don't have an iCloud account, follow the prompts to create one.
Set your iOS Device to report its location to your iCloud account. You must set this up BEFORE your iOS Device becomes lost. Once activated, you, or a thief, cannot turn off this feature without your Apple ID and password.
- Find the button that Voiceover reads as, "Find my iOS Device, button, followed by either "On", or, "Off," which is near the bottom of the list of options.
- If VoiceOver said, "Off," then Press the "Find my iOS Device button."
- If you are asked to enter your Apple ID and password, please do so.
The button should now read, "Find My iOS Device, On, button," and you have completed Part 1.
Part 2: Accessing your iOS Device's Location.
When you discover that your iOS Device is missing, You have two ways to locate it. You can search for it from any computer that can access the web, or if you have access to another iOS device running iOS 8 and later, you can use the "Find My iPhone application. Don't wait too long to try, because the battery in the missing iOS Device may run down. After that, neithr of these techniques wil work.
From the Web.
- Start the web browser and Navigate to http://www.icloud.com/find.
- Log in with your Apple ID and password.
Once you’re logged in, Apple uses a Map to show you the general location of your device. You may need a sighted person to help you determine the location. The location’s address does not appear in text anywhere on the page.
Using the Find My iPhone App from Another iOS Device.
The location of the Find My iPhone icon varies according to the iOS version you are running. You can look for it, or use Siri to launch it by saying,"Open Find My iPhone." Once you start the app, you must sign into your own iCloud account to track your iOS Device. If you're using some one else's iPhone or iPad. Remember to log out of your account when you are through.
The Find My iPhone app displays a map indicating the location of the device you are looking for. It may be necessary to have a sighted person work with you to determine your iOS Device's location.
Causing Your iOS Device to play an Alert Noise.
Once you arrive at the location of your iOS Device, you can use Find My Iphone to get your device to play a loud noise. It will play the noise even if it set to vibrate only, or if Do Not Disturb is on. However, if Airplane mode was set to "on," then the tone will not sound.
- If you haven't already done so, Select your iOS Device from the list on the Find My iPhone start screen. An Actions button will appear at the bottom of the display.
- Press the Actions Button.
- Press the Play Sound button.
- Hunt for your iOS Device and hope you haven't scared the stuffing out of the poor person who was sitting next to it!
When you find the iOS Device, an alert screen will be on the display. Press the OK button to stop the sound.
One of the other actions accessible from the Actions button is Lost Mode. Placing your iOS Device in Lost Mode has these effects:
- You are asked to enter an additional 4 digit code which must be used to take your device out of Lost Mode.
- You can create a custom message with a name and phone number to call and place it on the Lock Screen.
NOTE: If the Screen Curtain is on, then no one will be able to read this message. This is why VoiceoverEasy.net recommends attaching a sticky label to the back of your iOS Device instead. It will also be available after the battery dies. See Section 4.6 below.
- Keep track of your iOS Device.
- If you added credit or debit cards to Apple Pay, the ability to make payments using Apple Pay on the device will be suspended.
Erase iOS Device.
This is another option available under the Actions button. Pressing this button sends a remote signal to your iOS Device to erase, or wipe, all data as discussed in Section 4.4 above. Remember, if you want to do this, you must do it while the batttery on your iOS Device is still active.
For additional tips on what to do if your iOS Device is lost or stolen you can check this page at Apple's support web site. https://support.apple.com/en-us/HT201472.
4.6: Label Your iOS Device.
If someone finds your device, you will want to give them an easy way to return it. The best way is to type up a label and affix it to the back of the device. The label should say something like “If found, please call” followed by a number you can be contacted at. Don’t put your name or other personally identifiable information on the label. Thieves might use it to fool your cellular carrier into thinking they are you. You can even add an In Case of Emergency (ICE) number to the label. Before you dismiss such a low tech solution, consider these advantages.
- Many people do not know how to operate an iOS Device when VoiceOver is active, and they do not know how to turn it off. If the Screen Curtain was on at the time the device was lost, then they will really be at a loss. There is no way to turn these features off remotely other than wiping the device. So even if you put a contact number on the Lock Screen, most people will be unable to read it.
- The label has the added advantage of being readable even after the battery dies.
SECTION 5: Backing up your iOS Device.
Backing up your device is important. It’s very easy for the device to be lost or stolen, and if the erase data option above is set, your device will auto-erase if someone attempts to tamper with it. Finally, if you have a backup, you can restore purchased apps to a new device without having to pay for them again.
5.1: Security and Privacy of Your Backups.
There are two ways to backup your iOS Device. You can back them up to iCloud, or to your home computer using iTunes. The advantage to using your home computer is that your data is not out on the internet. The drawback is that if something happens in your home that causes your computer and your iOS device to be damaged or stolen, your backup data is gone. If you backup your data to iCloud, it’s available from anywhere, but may be subject to governmental probes. This is a privacy issue you need to decide for yourself.
5.2: Turning on Automatic Backups to iCloud.
- Activate the “Settings” icon from the home screen.
- activate the “iCloud” button from the Settings Main Menu.
- If you are asked to log in to iCloud, please do so.
- Scroll down to "Storage and Backup," and turn on "iCloud Backup."
IMPORTANT! In order for backups to automatically take place your iOS Device must be plugged in. It must also be connected to wifi. Finally, the screen must be locked. All three conditions MUST be met for automatic backups to iCloud to work.
5.3: Manually Backing up to iCloud.
- Plug in your iOS Device to ensure you don’t run out of power during this process.
- Activate the “Settings” icon from the Home Screen.
- Press the “iCloud” button on the Settings main menu.
- If you are asked to log in to iCloud, please do so.
- Scroll down and activate "Backup and Storage."
- Then activate “Backup Now.”
- Don’t do anything to change data while the backup is running. With VoiceOver on, you can use the Read Top Down gesture to here the progress of your backup.
5.4: Backing up to Your Computer using iTunes.
- Connect your device to your computer via the USB cable.
- Start iTunes on your computer.
- Choose “File” from the iTunes menu on your computer.
- Select “Security” from the File menu options.
- Select “Backup.”
SECTION 6: Protection from MalWare and Hackers.
6.1: Mail, Contacts and Calendars.
Earlier we discussed how many companies use Hyper Text Markup Language (HTML) to make their messages more interesting and to embed links. Remember that HTML uses many hidden commands to control your display. Hackers also send emails using HTML. The HTML can contain hidden commands to load malware and do other harmful things.
Detailed instructions for setting these options can be found in Email: Lesson 1, Section 5, but it won't hurt to go over the reasons for these settings one more time.
When you have autopreview on, the HTML code in a message can run automatically when the autopreview displays from your inbox. In other words you don’t have the opportunity to delete a suspicious message without reading it. Turn autopreview off to protect yourself from this potential threat.
Load Remote Images.
Displaying these images after you open the message can also introduce malware. If you don’t need to see images, turn this feature off. Even with this feature off, you can always decide to download the pictures after you have reviewed the text of the message.
6.2: How safe are Apps from the Apps Store?
In October 2013 Apple announced there were over 1,000,000 apps in the apps store. If you downloaded and tested one app a day, it would take 2,738 years to examine them all, and new ones would become available all the time. Of course, if you tested 10 a day, you could do the whole thing in 274 years. Talk about job security!
Fortunately Apple can test a little more rapidly, and nothing gets into the App store without being tested. Apple’s test program is considered to be very good, but nobody’s perfect. In August 2013 researchers at Georgia Tech found a way to beat the system. There have been other breaches as well, but they have been very rare.
The odds of downloading MalWare through the Apps store are VERY low, but they’re not zero. You can increase your safety by downloading apps only from well known vendors. If you must download an app from a vendor you’ve never heard of, don’t be first. Let others download it and then read their reviews. Then on the remote chance that there is MalWare, Apple will have additional time to react to it.
NOTE: Apple has the ability to remotely remove software from any iOS device if that software is determined to have embedded MalWare.
6.3: Twitter and Facebook
You can set up your iOS Device to automatically log into Twitter and Facebook by activating the “Twitter” and “FaceBook” buttons under “Settings.” This may grant twitter and Facebook apps access to your contacts and other data. There are also some apps in the Apps Store that you can download to access these sites. When you use these apps, you can deny them access to your contacts and other sensitive data using the “Privacy Screen” detailed in the next lesson.
6.4: Control Center:.
The Control Center allows you to quickly access some settings like turning on or off Airplane mode, WiFi and Bluetooth. If this is enabled from the lock screen, a thief could steal your phone and turn on Airplane mode so that “Find Your device feature won’t work. To prevent this:
- Activate the “Settings” icon from the Home Screen.
- Activate the Control Center button from the Settings main menu.
- Press the “Access on Lock Screen” button to toggle the setting to off.
6.5: Limiting air Drop.
Air drop is a feature that allows to iOS devices within 20 feet of each other to share contacts, photos, documents, music and so on. When someone wants to give you an item via Air Drop, you should be prompted to accept it. However, you can set your device to only accept requests from people in your contacts. This is a good added protection, since transferred items can contain MalWare. You can also turn this feature completely off.
In order to turn off or limit Air Drop to contacts only, you must activate the Control Center Screen. Tap with one finger anywhere on the status bar and then swipe up with three fingers. Now with the Control Panel activated, do the following.
- Scroll down to and activate the button labeled “Air Drop”.
- Select “Off” or “Contacts Only from the options screen.
- Exit the Control Center by pressing the Home button.
6.6: Controling Whether to Join WiFi Networks.
This is one of those settings that's tough to balance between convenience and security. You can set your iOS Device to prompt you before joining any WiFi network. This means that your device will prompt you even to join a WiFi network that it has joined in the past. To ask to be prompted follow these steps.
- Launch the Settings App and Activate the WiFi Option from the Settings main menu.
- Explore down the WiFi options screen until you find the "Ask to Join Networks" button.
- If the setting is off, you can Activate the button to toggle it on.
SECTION 7: Exercises.
- True or False, The majority of hackers are high school kids who spend most of their day on the computer in their bedroom.
- True or False, There are no viruses that can affect iOS Devices.
- True or False, When hackers or criminals try to trick you into doing something harmful, this is called Social Engineering.
- Name three of the rules for choosing strong passwords.
- What should you do if you get a call from someone claiming to be a representative of a bank or other company asking for your account information? What is the name for this type of attack?
- What are some signs of Phishing attacks? What are some ways to protect yourself against them?
- What types of information should you avoid posting on social networking sites?
- What are the steps to set a complex passcode on your iOS Device?
- What is the purpose of the AutoLock setting?
- What must you do before you lose your iOS Device in order for "Find My iOS Device to work?
- What is the advantage of using a low tech label on your iOS Device?
- How do you set your iOS Device to back up to your iCloud account?
- What are some reasons you might want to restrict access to the Control Center, Siri, and your schedule from the Locked Screen?
- BONUS QUESTION: What does Triskaidekaphobia mean?
Click here for answers.
Congratulations! You have completed the lesson on basic security. Seems like a good time for a break. The next lesson will discuss some ways to protect your privacy. Again, you will have to decide which privacy protections are important for you. There is no requirement to update them all.
Before you go on to the next lesson, would you like to take the optional survey for this lesson?
Email the Web Master..
© 2014, 2017 VoiceOver-Easy.net