This pattern is draft, please comment in the OSA BB here
iPhone Pattern
Diagram:
Legend: This pattern is a high-level recommendation on how to secure an iPhone. The pattern is targeted both towards users as well as corporate security officers and managers.
Description: Apple’s iPhone is a smartphone with a closed eco-system. While many security advantages coming with this closed eco-system, once the system is broken, most users are without defense because they rely on the security of the closed system and do not deploy a second defense layer. This pattern shows how a user, app developer and corporate security officer should use the security mechanisms given by Apple and enhance these with further tools.
Assumptions: The recommendations below are suggested on top of accepted best practices that are independent of the device type.
Recomendations:
Corporate Security Officer creates a configuration profile adhering to the company’s security guidelines-
Configures access to corporate resources via VPN
Restricts iPhone-usage, for example restrict camera usage, apps usage or content type
Defines a passcode policy
Configures remote wipe
Define policy and provide measures for updating to latest iOS (allow iTunes on corporate desktop, or alternatively allow OTA updates (with iOS5)
Tracks current attacks targeting the iPhone and issues recommendations and/or restrictions to shield current attacks
Authors awareness material that covers below recommendations
App Developer
Enforces data encryption for all data that is stored (and backed up) on the iPhone,
Enforces the usage of SSL-secured protocols and only supports certificates issued by a trusted CA
Performs static and dynamic code analysis on her app
Lets 3rd party (penetration testers) make security testing on her app
Does not write critical information to the system pasteboard
Uses the KeyChain to store confidential data, or alternatively create an own crypto container that encrypts all app data stored on the iPhone with a key that is derived with PBKDF2 from a password
Uses secure password authentication standards (such as SRP) to avoid weaknesses of hash based password transmisssions/storage
Avoids writing sensitive information to the log files (NSLog())
Offers 2 factor authentication to protect confidential data
Lets the user decide if data should be stored locally
Regularly checks iTunes Connect for crash logs which may indicate app vulnerabilities
iPhone User
Sets up auto lock with password/passcode
If confidential data is stored locally on phone, uses "strong passcode" instead of a 4-digit lock code
Regularly updates all apps and the iOS
Activates the remote wipe switch
Activates auto-erase after 10 wrong passcodes
Regularly backs up the iPhone
Encrypts iTunes backup
De-activates location services where not needed
Does not join untrusted wireless networks
Typical challenges and threats: iPhone user faces several threats:
Criminals steal iPhone,
Jail-break it
Brute force passcode
Read out all information from iPhone and iTunes-backup
Criminals send phishing-text messages
Criminals place drive-by infections on websites that allow to
Jail-break iPhone
Install malware on the iPhone
Criminals perform well-known web-attacks such as MITM on the iPhone user in WLANs
Indications: Always apply the above suggested security measures if phone has private or confidential data on it.
Contra-indications: None.
Resistance against threats: Unless attacker is able to shield phone from data connections the combination of remote-wipe and data encryption gives the user a short time window to activate the remote wipe after phone has been detected as stolen.
The above methods protect the user from criminals with low technical understanding. Targeted attacks against a person’s iPhone with the apriori intent to steal data from exactly this person and this iPhone will require additional protection mechanisms.
