Historically, iOS hasn’t been a prime target for hackers. For one, it’s pretty secure. Second, hackers seem to think they have bigger fish to fry than the average iPhone user. However, 2021 has shown that, while iOS security weaknesses are rare, they can be extremely damaging if exploited properly.
Make patches a priority – really!
‘Less is more applies’ perfectly to exploits targeting iOS. They are rare, but can inflict major damage.
The infamous zero-click exploit dubbed FORCEDENTRY and leveraged by NSO Group’s Pegasus spyware in 2021 has prompted a massive US undertaking to re-establish the security of iPhone users worldwide.
While Pegasus and other spyware have been typically used to target journalists, activists, dissidents, academics and government officials, the US government believes every citizen needs to be aware of these abuses.
Apple, for its part, has fought the abuse through software fixes and by suing NSO.
As an iPhone user, you shoulder some of the responsibility. Patch up every time Apple issues a security fix! No exceptions!
While some iOS updates may seem less than exciting, almost all of them include at least one security amendment. iOS 15 and newer versions include significant upgrades to the way iPhones handle potential attacks. No successful (remote) Pegasus attacks against devices running iOS 15 and later versions have been found. But that doesn’t mean malicious actors won’t make similar attempts soon. And dozens of other types of threats are out there as well. So stay up to date with the latest security fixes – always!
Make device access impossible for strangers
According to the Bitdefender Cybersecurity and Online Behaviors Global Report, poor password and passcode practices are still common. Half of the consumers surveyed said they use the same password for all online accounts, and 32% use just a few passwords across multiple accounts.
As far as device access goes, 27% of respondents admitted to using the simplest of formulas, like 1234 and 0000, to lock and unlock their phones. 11% don’t even use one.
Set a strong passcode, preferably one that goes beyond the four-digit mark, to secure access to your device. Use a unique password for your Apple account and be sure to set up two-factor authentication to prevent account takeover. The longer and more complex the password, the better.
Combine these basic cybersecurity hygiene practices with your device’s built-in biometric authentication, such as fingerprint or face recognition. Now your phone is really hard – if not impossible – to crack.
As a general precaution, keep Find My iPhone enabled at all times. If it gets lost or stolen, you can use the service to try and find it or wipe its contents remotely with a click.
‘Request to track’
With so many apps and services on our phones, it’s hard to balance convenience and privacy. Luckily, iOS lets you force every app on your phone to ask before it tracks your activity.
Go to Settings -> Privacy -> Tracking. Here, you can control which apps can access your username or device ID, your device’s current Advertising Identifier, your name, email address or other identifying data. App developers have to comply with your choices, since they sometimes share this data with their partners as well. You can control the tracking permission on a per app basis or you can enable or revoke permissions for all apps using a single toggle.
It’s important to use this option since you never know when one of these developers or partners gets breached and loses your personal data to hackers. If your data is leaked, you can fall victim to phishing, fraud, account takeover and anything in between.
In fact, there’s no reason to switch this toggle off – other than the convenience of not having to answer a prompt every now and then. Also, you can do the same with Location Services (Settings -> Privacy -> Location Services).
Be sure to stay in control at all times!
Use a VPN to boost your security and privacy when out and about
VPNs are all the rage these days. A Virtual Private Network (VPN) serves as a tunnel between your device and the network you connect to, securing your connection, encrypting the data and hiding your IP address no matter where you are.
With a trusted solution like Bitdefender VPN for iOS, you can keep your data private every time you connect to unsecured wireless networks while in airports, malls, cafes or hotels. You can avoid data theft and access restricted content if, say, ISPs in your current location practice some form of censorship. And (you guessed it!) this means a VPN also lets you chill with your favorite shows and games when you are on vacation or on a business trip in a country that restricts access to that content.
With the built-in Ad Blocker, you can instantly block annoying ads and popups that disrupt your reading and browsing routine. This not only helps you stay focused and reclaim screen real estate, it also saves you actual bandwidth.
And Anti-Tracker helps you stay invisible to trackers that gather data such as your device type, location, web queries, shopping preferences, etc. It can even land you cheaper plane tickets.
Install a dedicated iOS security tool
Yes, you read that right. Mobile security tools are not just useful – they’re becoming necessary. That applies to the sturdy iOS as well.
As mentioned above, while iPhones are generally secure out of the box, weaknesses do crop up – and when they do, they’re exploited to the max. Attackers are willing to pay millions of dollars for a viable zero-day bug that would let them exploit these rare instances. And it’s these types of flaws that state-sponsored groups buy behind locked doors to use against iPhone-wielding targets.
While Bitdefender Mobile Security does protect against the nasty Pegasus spyware, remember that the threat landscape is much broader than a single threat. Bitdefender also protects your passwords, social and financial information, scans your device to achieve optimal security and privacy settings, checks your online accounts against data breaches, and even detects misconfigurations that might put your security and privacy at risk. It then offers recommendations to fix them.
Your traffic is protected too. Simply turn on Web Protection and it will block any dangerous connection going after your personal information – like your credit card or social security number. The same goes for ‘phishy’ websites. Bitdefender Mobile Security also includes the awesome VPN mentioned above.
Stay safe!
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 27, 2024
December 24, 2024
December 19, 2024