10 Ways To Beef Up iPhone Security

teksquisite wrote this piece for the Cocoon blog.

I'm a coffee shop connoisseur; the most frequent mistake I see with fellow java-lovers is the ease with which they leave their iPhones or iPads lying on the table when they go to retrieve their order. My iPhone is like a third hand when I am in public space; I never let it out of my sight.

When I am in the city (or a high crime rate area), all my devices are carefully concealed. I never give criminals an open invitation to mug me. My Jeep never announces that any semblance of technology exists within.

After pressure from Congress, regulators and police departments the FCC and four major US carriers (AT&T, Sprint, T-Mobile & Verizon) have agreed to form a national joint blacklist database so that stolen devices will not be able to obtain new service. This service should be available sometime in October 2012.

Verizon currently does not allow devices that are stolen to be operated on their network. Sprint cuts off phones that have been reported as stolen and T-Mobile suspends accounts that report stolen phones. AT&T was slow to jump on the bandwagon -- but was pleased to join the blacklist initiative.

iCrime

There is a certain mindset that dances to the tune "This could never happen to me!" Get over it already because iCrime could easily happen to you. Gadget theft is big business. My daughter recently experienced the bitter reality of iPhone theft when Siri danced away from a neighborhood BBQ in the arms of a stranger. She was devastated. I couldn't say "I told you so," because sometimes people think that the world is made up of entirely nice people.

How can you beef up your security?

Within one hour, Mat Honan of Wired lost his entire digital life to hackers -- why? Through the use of social engineering tactics, hackers tricked Apple service reps into granting access to Mat's iCloud account. Unfortunately, two of his online accounts was daisy-chained -- enabling the hackers to gain access to his Gmail and Twitter account. It was a difficult and extremely harsh lesson for Mat to learn and many of us on Twitter sympathized with his pain.

Learn from Mat.

Security comes with a price

You are going to have to make a choice between security and convenience. I have learned that inconvenience is one giant step toward fighting iCrime. Backing up data, using complex passwords, disabling services that could open the door to stolen devices -- is mandatory when it comes down to proactive versus reactive.

I never want to place myself (or my devices) in a "reactive" position! I am the type of person that often plans ahead for security disasters. It is the same reason that I use digital surveillance (to upload real-time office images to a remote server) -- I take the necessary time to configure and manage my digital assets in order to make life miserable for a potential thief or hacker.

The Top Ten

1. Backup your iPhone and check the option to encrypt data. You won't know how much you miss until your iPhone becomes wiped or stolen.
   
   The simplicity of iPhone is that all you have to do is connect your iPhone to iTunes and let it do its magic. I use a Windows laptop to back up to the cloud and a Mac to backup locally. I don't take any chances that either the cloud or the local backup is going to screw me over. Be paranoid -- it's worth it.
2. Use a complex password and set auto-lock on. Strong passwords are still key.
   
   Strong passwords are the first roadblock against thieves and hackers. Don't bother using a "simple" passcode (4-digit numeric) -- though there are 10,000 possible combinations for a simple passcode' the complex password offers the strength of 77 to the 37th power.
   
   How do I do it? Navigate to your Home Menu > General > Passcode Lock On > [enter your 4-digit passcode] Select Turn Passcode off > [enter your 4-digit passcode] Enter Your New Passcode > Click on Next > [Re-enter your new passcode] and click on DONE.
   
   Also, be sure to Set Auto-Lock to ON: Settings > General > Auto-Lock > Choose 1-5 minutes. Auto-lock is not a strong security function by itself, but when combined with a strong password -- it becomes part of a strong security feature.
3. Enable Erase all data on this iPhone after 10 failed passcode attempts. Go to Settings > Passcode Lock > Enter Your Passcode > Click on Done > Erase Data = ON > Enable
   
   If someone steals your iPhone and tries to brute force it, they will be out of luck on the tenth attempt, (when trying to break your passcode) and your phone will be wiped and returned to factory defaults.
4. Enable Find My iphone. You can download Find My iPhone from the app store or access it through iCloud. You will need to enter your Apple ID and password to access it.
5. Keep your iPhone updated at all times! Simply plug it in to iTunes or download Lookout Mobil Security from the app store.
6. Download apps that come from reliable sources -- Such as the App Store. If your phone is jailbroken, Cydia might be the only answer.
7. Disable Bluetooth. Only turn it on when you need it. Go to Settings > General > Bluetooth > Off
8. Turn off SMS preview. This option is not critical but it can stop a thief from viewing your incoming messages!
9. Manage location settings. Use location settings on a per-application basis only. Go to Settings > Location Services > Turn off all unnecessary apps.
10. Secure your Internet connection. Public Wi-Fi may appear convenient but an unsecure connection can leave you vulnerable to attack. Never allow your iPhone to automatically connect to a wi-fi network. Go to Settings > Wi-Fi > Ask To Join Networks > OFF
    
    Risky behavior on potentially unsecure wifi
    • 67% access personal email
    • 63% access their social network acct
    • 31% shop online
    • 24% access their bank account

Cocoon and its iOS app GetCocoon create a barrier between the user and the Internet, leveraging secure, SSL-encrypted connections to each Internet activity (similar to what banks use). Cocoon eliminates tracking, "man-in-the-middle" attacks and WiFi sniffers.

Nata's Corner

A friend of mine had her wallet stolen, and while she reported it to her bank, the person who stole it used Google Wallet to charge a bunch of purchases to her card. She's not so much worried about the charges -- her bank told her that they would make sure they weren't charged to her -- but it was the lack of support she got from Google. Google told her that unless she had the login and password to the Google account that made the purchases, Google was going to process the orders and have the merchandise shipped, and wouldn't give her any information about where it was going. The story is still playing out, but I'll keep you up to date on it. In the meantime, be very careful with your cards, and if you lose them somehow, make sure you cancel them right away.

I think I have a pretty good idea of what the hot electronics toy will be this Christmas: the Nintendo Wii U at about $300. They'll be here just before Black Friday. I'm going to hold out for a new tablet, though.

I don't do a lot of tweeting, and my time on Facebook is usually limited to sending pictures posted by my other half's family to him; I've pretty much gotten tired of all of the "features" that get shoved my way by Facebook, and the time it then takes me to go through and make sure they haven't undone all my privacy and security settings. But one of the things that has really gotten to me is all the requests to be friends from people I barely new back when I was in high school, or cousins I didn't hear from when I was 100 miles away when now I'm 2,000. And heaven help me if some of the things they post got passed on to, say, my mother-in-law. So it's worth taking the time to read the art of unfriending people that The Guardian had last week.

We use all kinds of browsers around our house, in part because we have all these devices; there are three laptops, a couple of desktops, a couple of iPads, and of course, there are the phones (though I haven't opened the browser in mine yet). Because of that, we're pretty interested in Do Not Track (although maybe we'll just wind up confusing the heck out of everyone). Google has finally included it in the latest version of Chrome, joining Microsoft, Mozilla and Apple.

Speaking of phones, I think I've mentioned my Motorola Droid, but I don't really do anything with the data part of it (who needs it? we have the iPads and a GPS), but the other half does once in a while. He keeps telling me that he checks to see if we're ever close on our data plan, but now I'm going to bug him more often about it. He'll probably still tell me the same thing, but it gives me a good reason.

Finally, I don't know about you, but sometimes it's pretty hard to figure out exactly what the little icon on the taskbar is, and while I know I can hover over it, it would be a lot easier if I could tell what they are at a glance. With Windows 7, you can actually change them:

1. Log into the computer using an account that is an administrator.
2. Right-click on the icon you want to change, and select "Unpin this program from the taskbar".
3. Look for the program's shortcut on your desktop. If it isn't there, navigate to the program or folder in the "Start" menu. Click and drag the icon over toward the desktop until "Move to Desktop" appears underneath the image, then release the mouse button to move the shortcut to the desktop.
4. Right-click the shortcut and click "Properties".
5. Click the "Change Icon" button.
6. Click the picture you want to use, then click "OK" and then "Apply".
7. Right-click the new shortcut icon, and then pin the program back onto the taskbar.

Remember that you can only use .ico files as icons, so if you're thinking of using a .jpg or .gif image, you'll have to convert it first. There is a free converter tool at IConvertIcons.

In Brief

An Apple a day: Yeah, there's a new iPhone (and to keep the price up, the supply is short) that won't be available until Friday, if not later. What's not in short supply is the griping about its shortcomings. The explanation seems a little weak, but hey, the stock is still up.

The taxman cometh: If you buy things from Amazon, they're getting a little more expensive, as California joins seven other states (including New York and Pennsylvania) in requiring the company to collect sales taxes. While everyone recognizes that it's public agency greed and ineptness that is causing goods to increase in cost, Amazon has come up with a low-tech solution: distribute the goods from a closer location, which improves service, and if it lowers shipping costs as well, then consumers might not even notice long term.

This hasn't been going on as long as SCO v. Novell, but it's getting there: Jammie Thomas-Rasset, the woman sued by the recording industry for downloading songs from KaZaA (remember them?), lost her case and has to cough up $220,000... unless the US Supreme Court decides to hear it.

Happy birthday, Roald Dahl: "A little nonsense now and then is relished by the wisest men."

StopDaddy: If you can't actually do something that shuts down a big network, then the next best thing is to take credit for it and watch the company try to deny it.

Rocks and hard places: YouTube has blocked videos deemed to have provoked the attack on the US consulate in Libya, and is catching flak for it. Our take: it's their company, and they're not beholden to anyone.

Maybe it's a transporter: Nobody knows what the Pluto switch is, but it's a good bet it didn't belong in Shelby.

Stop the presses: Tunisia has decided to stop censoring the Internet. Guess which country tops the list of requests to Google to remove content, though. Odds are good you're wrong unless you're way too cynical.

Time sink of the day: Letters to Powerball.

Like the man said: If you don't want someone to see the stuff you write on the Interent, don't post it. Maybe that's a little paranoid, but as Freud noted, "The paranoid is never entirely mistaken." The good news: Twitter has hired a new security guy; the bad news: he's not a lawyer; the fun news: he makes Apple nervous.

Best new Twitter account: @InvisibleObama. Best new email scam: a Nigerian astronaut. We wish we could make up this stuff.

But there are so many of them, and they have so much money: Which explains why we keep selling to them what they're not stealing, and buying their cheap machines.

Signs of the Apocalypse: Up for sale: the document that banned Pete Rose from baseball. Hermione is the world's most dangerous celebrity. Cheating at chess. Steve Wozniak uses a Samsung Galaxy.

Milestones

New Geniuses: Congratulations to apache09, who earned his second Genius certificate -- this one in Microsoft Exchange -- and to sujith80, whose first 1,000,000 point t-shirt comes in Oracle.

My First Million: Members who made it into the 7-digit Club in August were Rancy, Exchange_Geek, gr8gonzo, pgm554, lwadwell, Olaf_Doschke, davorin and ComputerTechie. Outstanding!

Milestones:

• leew has become the eighth member of EE to reach 15,000,000 points overall. He has earned points in over half the topic areas at Experts Exchange, more than any other member.
• Ray_Paseur has earned over 13,000,000 points since joining Experts Exchange.
• CEHJ has earned 13,000,000 points in the Java topic area.
• TechSoEasy has reached the 10,000,000 point level.
• CodeCruiser has earned 3,000,000 points in the .NET topic area to go along with his Savant certificate in VB.NET. Only two other members -- angelIII and capricorn1 -- have accomplished that feat.
• RobWill has earned 4,000,000 points in the Small Business Server topic area.
• boag2000 has earned 9,000,000 points overall.
• alanhardisty has earned 2,000,000 points in both the Exchange and Small Business Server topic areas.
• slightwv is the 56th member of EE to earn 7,000,000 points.