iPad Security – First Hours

21 02 2012

Dilemma

For Christmas my daughter gets an iPad 2 from her grandmother.  She’s eight so security is the farthest thing from her mind.  I on the other hand, think about it immediately.  I have no experience with Apple products but plenty with Microsoft.  So, what do I do?  Where do I start?  How do I keep her activities and those of anyone else using the device secure?

Built in security?

Under full duress by a house full of adults and other children who want me to get the iPad functioning I immediately begin the process of bringing it online.  It of course, comes with little or no directions because it is intuitive.  One of the first things the iPad wants you to do is setup an Apple ID and account so you can buy stuff.  This is where I pause, buy stuff?  Oh boy, how secure is this thing?  I spend an hour or so (remember under duress) trying to figure out if there is some kind of firewall or other security on the device.  I am disappointed.  So I do not setup the Apple ID account.  Of course there was a gift card provided to add to the burning need to set it up, more duress.  I do put it on the Wi-Fi and allow everyone to start surfing the web, etc.  I also provide a warning to put not any passwords into the device until I can figure out how open it is.  I doubt anyone really pays attention to me as I am crazy and have no idea what I am talking about.  This great toy couldn’t be unsecure.

Search for security

I have other things to do so it takes a few days for me to start looking up security on line.  I go straight to the Apple iPad support website1.  I find information about protecting the iPad from physical damage and restricting access to programs (e.g. YouTube) but nothing about malware.  Maybe there is information out there but I don’t see it.  I only have so much time because I am again under duress to spend the aforementioned gift card.  So, I figure I’ll try my luck with Apple support communities2 .  There was a lot of talk about how iOS has no vulnerabilities and Apple won’t talk to the big vendors like McAfee.  Also, there are a couple suggestions like Intego VirusBarrier which I research and come away with the feeling that maybe malware protection just isn’t necessary yet.

Discussions with experts

I have access to security experts at work so I figured it would be worthwhile to discuss iPad malware protection with them informally.  They basically told me not to worry about it given the small footprint of iOS which limits the attack vectors.  I also happened to have a meeting with one of the leading security product vendors and their lead had an iPad so I told him my dilemma.  He said it’s not a big issue yet but he runs a pilot version of their future iPad product on his iPad.  I asked for a copy to test on my daughter’s iPad.

Final thoughts

I’m still fearful that my daughter’s iPad can be compromised so I have told her and my wife to feel free to use it fully except don’t use credit cards on the device.  In the end, they don’t do any high risk tasks online anyway (e.g. banking) so I’ve probably been a bit more protective than necessary.  Given my research I would provide the same advice to others.  Secure your Wi-Fi and limit your financial transactions on the iPad.  Hopefully that pilot software will get to me soon so I can try it out.  Maybe it’s intuitive.