SP-024: iPhone Pattern
iPhone Pattern
Diagram:
Legend: This pattern is a high-level recommendation on how to secure an iPhone. The pattern is targeted both towards users as well as corporate security officers and managers.
Description: Apple’s iPhone is a smartphone with a closed eco-system. While many security advantages coming with this closed eco-system, once the system is broken, most users are without defense because they rely on the security of the closed system and do not deploy a second defense layer. This pattern shows how a user, app developer and corporate security officer should use the security mechanisms given by Apple and enhance these with further tools.
Assumptions: The recommendations below are suggested on top of accepted best practices that are independent of the device type.
Recomendations:
Corporate Security Officer creates a configuration profile adhering to the company’s security guidelines-
- Configures access to corporate resources via VPN
- Restricts iPhone-usage, for example restrict camera usage, apps usage or content type
- Defines a passcode policy
- Configures remote wipe
- Define policy and provide measures for updating to latest iOS (allow iTunes on corporate desktop, or alternatively allow OTA updates (with iOS5)
- Tracks current attacks targeting the iPhone and issues recommendations and/or restrictions to shield current attacks
- Authors awareness material that covers below recommendations
App Developer
- Enforces data encryption for all data that is stored (and backed up) on the iPhone,
- Enforces the usage of SSL-secured protocols and only supports certificates issued by a trusted CA
- Performs static and dynamic code analysis on her app
- Lets 3rd party (penetration testers) make security testing on her app
- Does not write critical information to the system pasteboard
- Uses the KeyChain to store confidential data, or alternatively create an own crypto container that encrypts all app data stored on the iPhone with a key that is derived with PBKDF2 from a password
- Uses secure password authentication standards (such as SRP) to avoid weaknesses of hash based password transmisssions/storage
- Avoids writing sensitive information to the log files (NSLog())
- Offers 2 factor authentication to protect confidential data
- Lets the user decide if data should be stored locally
- Regularly checks iTunes Connect for crash logs which may indicate app vulnerabilities
iPhone User
- Sets up auto lock with password/passcode
- If confidential data is stored locally on phone, uses "strong passcode" instead of a 4-digit lock code
- Regularly updates all apps and the iOS
- Activates the remote wipe switch
- Activates auto-erase after 10 wrong passcodes
- Regularly backs up the iPhone
- Encrypts iTunes backup
- De-activates location services where not needed
- Does not join untrusted wireless networks
Typical challenges and threats: iPhone user faces several threats:
- Criminals steal iPhone,
- Jail-break it
- Brute force passcode
- Read out all information from iPhone and iTunes-backup
- Criminals send phishing-text messages
- Criminals place drive-by infections on websites that allow to
- Jail-break iPhone
- Install malware on the iPhone
- Criminals perform well-known web-attacks such as MITM on the iPhone user in WLANs
Indications: Always apply the above suggested security measures if phone has private or confidential data on it.
Contra-indications: None.
Resistance against threats: Unless attacker is able to shield phone from data connections the combination of remote-wipe and data encryption gives the user a short time window to activate the remote wipe after phone has been detected as stolen.
The above methods protect the user from criminals with low technical understanding. Targeted attacks against a person’s iPhone with the apriori intent to steal data from exactly this person and this iPhone will require additional protection mechanisms.
References:
http://support.apple.com/manuals/en_US/Enterprise_Deployment_Guide.pdf
http://images.apple.com/iphone/business/docs/iOS_6_Security_Sep12.pdf
http://www.heise.de/ct/inhalt/2011/15/154/
http://www.nsa.gov/ia/_files/factsheets/iphonetips-image.pdf
Related patterns: Personal computing devices in corporate network
Classification: To be specified
Release: 11.07
Authors: Tobias Christen, Michael Tschannen
Reviewer(s): Julien Bachmann, Russell Wing
Control details
AT-02 Security Awareness
IA-07 Cryptographic Module Authentication
PL-04 Rules Of Behavior
PS-06 Access Agreements
SA-03 Life Cycle Support
SA-07 User Installed Software
SC-13 Use Of Cryptography
SI-03 Malicious Code Protection