Apple’s Trusted-Boot-Routine “iBoot” leaked on GitHub

iPhone 11: Seven steps to secure your device

Let’s be honest: No matter if you are an iPhone user already or plan on buying a new iPhone 11; looks (and features) aren’t everything. It’s very important to know that these devices can be vulnerable to cyberattacks and therefore your online privacy and security can be in great danger. Yes, even with an iPhone!

A recent report from Google revealed a malware attack on iPhone users that lasted two years and affected most operating system versions between iOS 10 and iOS 12. The attack targeted the Uyghur Muslims and there are sources mentioning that China’s government is the main actor behind this attack.

The Google Project Zero’s team discovered a collection of hacked websites that delivered malware to their visitors. The number of ‘victims’ remains unknown but according to the report, only “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.“

The attackers had access to encrypted WhatsApp messages, iMessage texts, and Telegram messages but also to location data and other private information of the iPhone users. Apple managed to fix the vulnerability in February when they released iOS 12.1.4.

This however is not the first time this year that iPhone users are the victims of a malware attack. In May Whatsapp rolled out a security fix after an Israeli cybersecurity and intelligence company developed surveillance software and installed it on iPhones by using their call function.

How to secure your new iPhone 11?

When it comes to security, iOS has been known as a very secure operating system, but the most recent attacks seem to prove that nothing is bullet proofed. Because of the increasing number of iOS exploits Zerodium, a company that buys previously unreported zero-day exploits, now reduced their reward for a zero-click attack on iPhones to $500,000 while a zero-click hacking technique that fully takes over an Android device is rewarded with $2,500,000.

But fear not – there a couple of things that you can do to make sure your device is secured. So, go ahead, buy that new iPhone 11 and follow these 7 simple steps afterwards:

1. Keep your device updated

It sounds as easy as it is: To protect your iPhone from unwanted attacks just make sure that it’s up to date. Make sure to use the most recent operating system because updates are often specifically designed to close loopholes that hackers have found a way to exploit, such as bugs, vulnerabilities, and zero-days. Google normally releases security patches quite regularly, as does Apple with its “minor updates” for iOS. The real value of these updates is in their potential to protect your device more effectively – so make sure to patch your mobile as soon as one of them is available.

2. Use public Wi-Fi networks with caution

Connecting to public Wi-Fi doesn’t come without its risks. To minimize them as much as possible a good VPN is a valuable tool. It lets you communicate securely on those insecure public networks (e.g. airport, coffee shop, etc.) and allows you to pick your own GEO-IP, unblocking content regardless of where you might actually be.

3. Use fingerprint login

Gone are the days where you needed to enter your username and pin to access your mobile. All you need to do now is put your finger on your phone’s sensor or scan your face (Face ID on iPhone X, for example) to enter it. “And its not only easier but – at least to some degree – more secure”, says Alexander Vukcevic, Director of Protection Labs & QA at Avira.

4. Create strong passwords

Weak passwords are one of the top reasons for breached accounts. Make sure to always use strong and varied passwords for all of your online services. Also remember to change your passwords regularly. If you feel like that’s too much work, you might consider using a password manager that creates, stores, and remembers unhackable passwords for you.

5. Download only official apps

Another simple way for hackers to gain access to smartphones is to modify the code of certain well-known apps and hide their own malignant strings. There’s only one way to minimize this risk of infection, and that is to only download applications hosted by the original stores and avoid all other sources. A security app will add another layer of protection against malware and other threats.

6. Get a hold of your privacy settings

Most of the apps you have installed on your phone will ask for your location and/or access to your camera and microphone. For some apps this makes total sense, but others use this access for advertising purposes or even worse, like to deliver spyware. Have a closer look at which apps you have given permission to access your mic and camera by going to Settings > Privacy. iPhones also have an option to limit ad tracking, so you might want to make sure it’s turned on. To do so go to Settings > Privacy > Advertising.

7. Create backups

Another important step is to make regular backups. Doing so means that you still have access to your information (or at least most of it) even if your smartphone goes missing. Apple conveniently offers iCloud which basically makes a 1:1 backup of your iPhone that can be transferred to a new phone. You can find a detailed explanation available on Apple’s support page about how to configure automatic backups.

This post is also available in: German

Avira logo

Get our free privacy and security app for iOS