SP-024: iPhone Pattern

iPhone Pattern

Diagram:

Your browser does not support SVG files! We recommend you upgrade to the latest version of Firefox so you receive patterns with hyper-linked controls.

Legend: This pattern is a high-level recommendation on how to secure an iPhone. The pattern is targeted both towards users as well as corporate security officers and managers.

Description: Apple’s iPhone is a smartphone with a closed eco-system. While many security advantages coming with this closed eco-system, once the system is broken, most users are without defense because they rely on the security of the closed system and do not deploy a second defense layer. This pattern shows how a user, app developer and corporate security officer should use the security mechanisms given by Apple and enhance these with further tools.

Assumptions: The recommendations below are suggested on top of accepted best practices that are independent of the device type.

Recomendations:
Corporate Security Officer creates a configuration profile adhering to the company’s security guidelines-

  • Configures access to corporate resources via VPN
  • Restricts iPhone-usage, for example restrict camera usage, apps usage or content type
  • Defines a passcode policy
  • Configures remote wipe
  • Define policy and provide measures for updating to latest iOS (allow iTunes on corporate desktop, or alternatively allow OTA updates (with iOS5)
  • Tracks current attacks targeting the iPhone and issues recommendations and/or restrictions to shield current attacks
  • Authors awareness material that covers below recommendations

App Developer
  • Enforces data encryption for all data that is stored (and backed up) on the iPhone,
  • Enforces the usage of SSL-secured protocols and only supports certificates issued by a trusted CA
  • Performs static and dynamic code analysis on her app
  • Lets 3rd party (penetration testers) make security testing on her app
  • Does not write critical information to the system pasteboard
  • Uses the KeyChain to store confidential data, or alternatively create an own crypto container that encrypts all app data stored on the iPhone with a key that is derived with PBKDF2 from a password
  • Uses secure password authentication standards (such as SRP) to avoid weaknesses of hash based password transmisssions/storage
  • Avoids writing sensitive information to the log files (NSLog())
  • Offers 2 factor authentication to protect confidential data
  • Lets the user decide if data should be stored locally
  • Regularly checks iTunes Connect for crash logs which may indicate app vulnerabilities

iPhone User
  • Sets up auto lock with password/passcode
  • If confidential data is stored locally on phone, uses "strong passcode" instead of a 4-digit lock code
  • Regularly updates all apps and the iOS
  • Activates the remote wipe switch
  • Activates auto-erase after 10 wrong passcodes
  • Regularly backs up the iPhone
  • Encrypts iTunes backup
  • De-activates location services where not needed
  • Does not join untrusted wireless networks


Typical challenges and threats: iPhone user faces several threats:
  • Criminals steal iPhone,
    • Jail-break it
    • Brute force passcode
    • Read out all information from iPhone and iTunes-backup
  • Criminals send phishing-text messages
  • Criminals place drive-by infections on websites that allow to
    • Jail-break iPhone
    • Install malware on the iPhone
  • Criminals perform well-known web-attacks such as MITM on the iPhone user in WLANs


Indications: Always apply the above suggested security measures if phone has private or confidential data on it.

Contra-indications: None.

Resistance against threats: Unless attacker is able to shield phone from data connections the combination of remote-wipe and data encryption gives the user a short time window to activate the remote wipe after phone has been detected as stolen.
The above methods protect the user from criminals with low technical understanding. Targeted attacks against a person’s iPhone with the apriori intent to steal data from exactly this person and this iPhone will require additional protection mechanisms.

References:
http://support.apple.com/manuals/en_US/Enterprise_Deployment_Guide.pdf
http://images.apple.com/iphone/business/docs/iOS_6_Security_Sep12.pdf
http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf
http://www.heise.de/ct/inhalt/2011/15/154/
http://www.nsa.gov/ia/_files/factsheets/iphonetips-image.pdf


Related patterns: Personal computing devices in corporate network

 

Classification: To be specified

Release: 11.07

Authors: Tobias Christen, Michael Tschannen

Reviewer(s): Julien Bachmann, Russell Wing

Control details

AT-02 Security Awareness
IA-07 Cryptographic Module Authentication
PL-04 Rules Of Behavior
PS-06 Access Agreements
SA-03 Life Cycle Support
SA-07 User Installed Software
SC-13 Use Of Cryptography
SI-03 Malicious Code Protection