Pay Attention to iOS Security Updates

Posted February 05, 2015

By Larry Alton

Many people still regard Apple computers and mobile devices as immune from virus and malware infection. This mistaken belief is a holdover from back-in-the-day when the company implied that only Windows users had to worry about security issues. Remember this I'm-a-Mac-I'm a-PC security ad?

Today, security threats affect every operating system, and any small business that relies on mobile devices needs to pay attention to system updates. Case in point: the release of Apple's iOS 8—and its latest update, version 8.1.1—has been dogged by controversies ranging from feature glitches to major security concerns.

If your small business relies on iPhones and iPads, here are just a few reasons why it's vital to keep tabs on iOS security issues.

iOS Lock Screen Vulnerabilities

If you look through Apple's iOS 8.1.1 security content page, you'll notice two very specific updates regarding the lock screen. "In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit," explains Apple. This means that cybercriminals had the opportunity to force their way into a mobile device without having to worry about passcode limits that might make the phone's data permanently inaccessible to them.

This particular vulnerability serves as a reminder for small businesses to enforce complex passwords on iOS devices. Rather than using a simple four-digit passcode, it's important for employees to rotate passwords using a combination of letters, numbers, and symbols. Updating complex passwords on a regular basis reduces the chances that an attacker will force his way into an iOS device. Using mobile device management (MDM) software, IT administrators can require employees to update their passwords every few months.

Apple's security notes also describe a second lock screen issue that the iOS 8.1.1 update addressed. "The Leave a Message option in FaceTime may have allowed viewing and sending photos from the device. This issue was addressed through improved state management." This could be extremely problematic for companies that store images or screenshots of important paperwork, events, and other confidential information.

Unnecessary Query Information

Spotlight feature lets iOS users quickly locate and launch apps, conduct a Web search on different topics, and locally search their device for certain files. However, previous versions of iOS 8 sent out unnecessary location information with Spotlight's Suggestion servers when users typed a query into Spotlight's search field.

Apple issued a statement to iMore, an Apple technology blog, explaining, "Apple doesn't retain IP addresses from users' devices. Spotlight blurs the location on the device so it never sends an exact location to Apple." However, it's understandable why companies and individual consumers wouldn't want even their approximate location shared via Spotlight queries. You can disable Spotlight Suggestions completely from your iOS device by visiting the General settings menu, tapping on Spotlight Search, and unchecking the Spotlight Suggestions option.

Imposter Threats

A recently revealed iOS threat called Masque Attack is particularly sneaky. It installed unauthorized apps by disguising them as legitimate apps—a trick accomplished by using misleading bundle identifiers. FireEye, the security company that broke the news about Masque Attack notes that affected devices will sometimes have an extra, unauthorized provisioning profile installed on the device.

Masque Attack can pose as a legitimate, business-critical app—such as a banking app—and then collect user credentials. This includes leftover credentials and settings that remain on your device once you delete the official version of the app. You can examine your own iOS device for suspicious profile activity by opening the Settings menu, tapping General, and then selecting Profiles. Report any unusual mobile activity to your company's IT department, so that they can check your device for potential security breaches.

Unsafe Browsing Behaviors

Small business owners should have their IT professionals (either in-house or outsourced) craft careful technology rules regarding app installations and Web browsing to protect company mobile devices from digital threats. These should include strict protocols against jail breaking and attempting to use unofficial sources to download and install apps.

Additionally, employees should not plug unauthorized or outside devices into their computers, since doing so can result in malware infections. Encourage employees to work with their IT departments to find a safe resolution to their tech needs, instead of trying to circumvent current safety practices.

Recent iOS-specific security issues, vulnerabilities, and threats should have companies on guard and keeping a lookout for upcoming iOS updates. The bumpy road of iOS 8 releases reminds us all to be proactive when it comes to data security and risk mitigation.

Larry Alton is an independent business consultant specializing in social media trends, business, and entrepreneurship. Follow him on Twitter and LinkedIn.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date