iPad the most secure platform for online. browsing? I hear that viruses won't compromise iOS

Hi There 'The Embassy',

I have been using the iPad since the first generation. I use it for school and buisness and gaming. I am often on the internet and often downloading files from the 'App Store' and 'Safari'. Never once have I ever recieved a Virus of any sort!, In safari settings it offers a fraudulent warning (turn this on).

An 'I' device can only be comprimised if its jailbroken, this is illegal for the iPhone, and in my opinion its not recommened.

Your files and confidential information is fine! if I was to provide you with one tip, it would have to be that to make sure that you are allowing trustworthy applications your location (if asked for). Don't give permissions to access photos or contacts if you don't know the source!

Apple seeks perfection within there products! You are safe!

The iPad is great! especially with it barely overheating, fully agree with you!

THe iPad is pretty secure in that, as of now, there is no known virus for the iOS system. Not to say someone isn't working on one. With a challenge like that I'm sure there are industrious little souls looking for bragging rights. But you should be fine on the virus front.

You do still need to practice safe internetting. Don't go clicking on links in e-mails that you don't know where they come from. Don't enter your personal data just anywhere.

As to charging, you shouldn't worry about it. You can't overcharge the device. IT will stop charging when it's full. My biggest issue with charging is simply making sure i set it somewhere safe or where the dogs can't knock it over while it charges.

Embassy

Here is an article on security related to different Browsers, it's worth a read and it may help you decide what security you will want to set up on your browser. I use Safari on all my Apple devices.

http://www.us-cert.gov/reading_room/securing_browser/

Cheers

As far as the Adware goes. Yes most free Apps in App store contain some form of Ads, however, since all Apps need to be certified by Apple before being released, all Ad content must meet Apple's standards. So no hidden data transfer, no redirecting to weird websites etc... Its an Ad, yes, but it will usually just link you to another App in the App Store, or an in App purchase at worst.

As far as the Lightning connector (I'm assuming this is what you have). It is thin, but I don't feel its that fragile. I'm careful when I plug it in and I don't just yank it out, and carefully but firmly pull it out. As long as you take care of it there should be no issue with it.

some things to consider

firewalls don't really help you vs. virus's

virus's are not cross platfrom so a virus have to be made for say windows or mac or linux say an android tablet is not compatible with a virus made for windows

many peoples reaction to a bug or an app crash is that they 1 got a virus 2 have been hacked by a hacker

there is always a chance of some kind of attack... it doesnt matter what system you are on....

lots of bad stuff happends on the interwebs....phones/pads/tablets/pc/mac/linux/freebsd/solaris/etc in ways you dont expect either.... just because your ipad is fairly secure doesnt mean your "safe"

should you worry?.... probably not..... but, how important is your data/privacy to you.... basically, make backups of important documents offline, or on a seperate cloud(s) (like dropbox, google, ubuntu one, etc alot of free cloud services). Dont "daisy chain" your website accounts together like the wired editor did below....

if your using public networks alot maybe you would want to get a VPN (virtual private network) otherwise you may susceptible to Man in the Middle attacks, Honeypots, arp poison routing, network sniffing, etc

im on public wifi quite a bit.... on my android phone, i have an app "WiFi protecter" that warns me of network attacks.... my alarm goes off about once a week.... these are network attacks... it doesnt matter what platform your on.

Safari/iOS6 was just comprimised at the pwn2own hacker contest in september:

http://securitywatch.pcmag.com/none/302865-iphone4s-hacked-at-mobile-pwn2own

you dont even need to click links in emails because apple products by default download the images in any viewed email... this attack affects your home router thru your idevice:

http://www.informationweek.com/security/vulnerabilities/iphone-ipad-email-attack -could-compromis/240142933

hackers deleted wired magazine editor's iphone/ipad/macbook remotely after Apple tech support *gave* the hackers access to his iCloud account..

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

many ppl got their itunes account hacked and their gift card money stolen, 120+ pages of PO'd people:

https://discussions.apple.com/thread/2665383?start=0&tstart=0

cross platform trojans are out there.... affect linux, mac and windows:

http://www.cwcs.co.uk/blog/2012/09/linux-hit-by-cross-platform-trojan.html

well that was fun feeding your paranoia...... important note: stay off the internet 😉

The Embassy wrote:

Thanks for sharing this.

The wired guy, the story he is telling, I don't doubt it's genuine. If I understand correctly (if not, correct me please), he was basically using one (1) email account for all online services he subscribed - like iCloud, Amazon, iTunes AppStore?; and hackers gained access to his AppleID because he also used the same credit card?

Again, please correct me if I understand this wrong.

But if so, a hacker needs a means to start with, like an email seems not sufficient enough to me to persuade Google "hey Google, I need my password".

He didn't really do anything wrong. He was just not careful enough to sperate his email accounts that hold sensitive data.

His Twitter linked to his website, which had his google address. From their they were able to determine he had a me.com account which automatically means there must be an AppleID associated with it. How they found out he had an Amazon account he does not say. But they used amazon to get the credit card info they would need to access his Apple me.com account and from there wreak havok with his digital life. Although all that was collateral, all they wanted was the twitter account.

As to how to pursuade google, there wasn't much persuasion required. As he mentioned, Google's recovery service on their website displays pieces of your recovery address. His was a me.com address which is associated with his apple id. Google shows enough of your address to make a guess.

Next thing is this remote wiping what I don't understand. Please explain to a dummy. So basically, in order to commence a remote wipe, the target platform must have a pice of software installed, without it, things are getting a bit harder for the hacker. Is my assumption correct?

If not, a counterpart software surely must exist to prevent any remote wipe. Correct?

Most Apple products have the remote wipe ability built in. It is a security feature found in iPads, iPods, iPhones, and most recently MacBooks. The remote wipe can be initated by a user from icloud.com by logging in with their apple id. since they already had that, they could initate the wipe in all the devices he had setup in icloud, including his Macbook.

Where is this info on The Wired Guy? I have never heard of him.

Check alanroth's links above. One of them is the Wired Guys post about the event.

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

yes, it was a social engineering thing (i used "hackers" as a catch-all phrase, as i didnt know how savvy you were).... i was just trying to warn of other "threats" other than virus as many non-techy ppl consider a "virus" really as a broadterm for anything from virii, trojans, malware, a program crashing 🙂...etc.

heres a quick breakdown of the social engineering scheme they did (from memory, i may be mistaken):

they got his email, name and they found his address online (possibly whois'd a domain of his?)

they called *amazon* and told them they lost their password... they only needed (at the time, its changed) his Name, Address, and Email to do a password recovery. after they got into his amazon account.... they could see the last 4 digits of his credit card number in his settings.

they called *apple* next and used Name, address and last 4 digits of credit card number for password recovery

after they were in apple account/iCloud they went to google.... and sent a password recovery to his apple address....which got them to his twitter account..... their main goal

keeping a private email account for a store vs a email address you give out (or is linked to) publically could help detur from being an easy target.

but really...i was just trying to convey that unfortuantely no system is "100% safe".... as many ppl get a false sense of secuirty using apple or linux... if your interested in this kind of stuff there are alot of intersting podcasts on information security....i listen to quite a few during work. its a scary place for the paranoid 🙂

its scary when kids with an app like "droidsheep" can hijack someone's (non-ssl) internet session on a wifi by clicking a freaking start button... http://www.youtube.com/watch?v=zsdccDVsHIc

it is reallly scary when malware targeting hundreds of diplomatic, governmental, and scientific organizations in at least 39 countries, including the Russian Federation, Iran, and the United States goes undetected for 5 years......

http://arstechnica.com/security/2013/01/red-october-computer-espionage-network-m ay-have-stolen-terabytes-of-data/