Secure Your iPad 2 Now!
- Who Thought This Was a Good Idea?
- Control Your Services
- Now for the <em>Real</em> Security Work
Like so many others around the world, I really enjoy my iPad 2. The iPad 2 has a very flexible security model, designed to allow you to find the right balance of convenience and security for any information you store on your tablet. In this article, I'll help you to dial in your iPad 2's security to meet your specific needs.
Who Thought This Was a Good Idea?
If you have an iPad 2, you may be vulnerable to a documented security problem. If you want a reliable and immediate system-lock configuration, navigate to Settings, go to General > iPad 2 Cover Lock/Unlock, and slide it to Off.
Let me explain.
The Apple Smart Cover is a very attractive accessory for your iPad 2. The iPad 2 design team decided that pulling the Smart Cover from the iPad 2 must unlock it.
Whether you create a good login lock, a passphrase, or a simple passcode, a magnetic cover pulled from the side of this device can unlock access. Not worried? You don't have a cover? Others interested in your data can buy a Smart Cover and use it as a "skeleton key" to access information on anyone's iPad 2 if the overall configuration isn't secured well. In fact, any magnet—a kitchen magnet—can trigger the effect.
Spoiler alert: You don't see the setting? Read on to learn how to make the setting appear and configure it well, before any hacker can do so for you!
The story above explains why this article is necessary. Security is something you apply and don't buy with the iPad 2. Apple prefers that you think through your security needs and configure your iPad 2 for the right balance between security and convenience for you.
I like the iPad 2. I like its security abilities. With this amount of flexibility, I believe the iPad 2 can be made reasonably secure for most confidential data. But getting security right requires discipline, study, and work. Let's get to work!
There's No App for That!
Like Mac OS X, the iPad 2 has the App Store for software you want. Apple is so proud of the number of apps offered that the App Store has a sales slogan: "There's an app for that."
But not always. Try to find antivirus or firewall software for your iPad 2 on the App Store. There are very few alternatives. Apple consider these tools less necessary on the iPad 2. Apple is counting on the application "sandbox" (isolating an application from other applications) to prevent any virus from spreading throughout the system. Additionally, by keeping to a single user (for the most part and by keeping that user with little privileges over hardware or software settings), Apple hopes that a hacker can't find a way to escalate privilege and insert backdoor code into the operating system.
So far, it's working. Research "iPad 2" and "Apple iOS" at the Open Source Vulnerability Database and at the National Institute of Standards and Technology (NIST) National Vulnerability Database. Both sites show few vulnerabilities with current, patched versions of iOS. So why complain about too few firewall choices?
This is a potential fail-open security design. When a hack is discovered, there won't be an access-blocking tool that makes a network attack more difficult. This makes the security design a bit "shallow."
Now that you understand that the security model requires close compliance to Apple's design, here's the most important step for securing your iPad 2: Don't muck up the system.
Don't Muck Up the System
Don't jailbreak your iPad 2! "Jailbreaking" is a process that replaces bits of the operating system with other bits. These "bits" allow you to install all kinds of applications, enable all kinds of services, act with root authority—in other words, break out of the "jail" of a good, constrained security design. If you do break on through, you'll void the warranty, you won't find support for your iPad 2, and you'll pretty much guarantee that your iPad 2 will be far more hackable.
Internet scavenger hunt: What's the default passphrase for many a "jailbroken" iPad 2? Jailbreak your device, and your iPad 2 may offer hackers root access—total remote control over your iPad 2—via the default password.
All this is done to allow you to install applications, right? Now that you can install any application you want, now that you are free of the Apple application approval process, you, too, may install applications with hidden security malware!
Apple-approved software is digitally signed by Apple. You know that it's approved because the signing provides reasonable verification. The code-signing process also puts a "seal" around the code and files. Alter one bit, and the seal shows plainly that someone has tampered with the code—possibly a hacker adding some goodies, or maybe the network corrupting a file during the download.
Don't you want to keep all those great protections?
People love the iPad 2 because it's both convenient and easy to use. If you "open" your iPad 2, you wind up opening it to attack as well.
This article discusses an average user's security needs—that is, a person with an un-jailbroken iPad 2. Now let's discuss controlling your iPad 2's inner workings. (I'll discuss message digests, code-signing, and Time Stamping Authority servers in a later article.)