In rush for new iPhones, experts warn, don't forget mobile security

Today's launch of Apple's in-demand iPhone 6S has mobile-security pundits hitting the pulpits to remind mobile users that increasingly capable mobile-payments platforms carry novel risks on top of existing exposure to data movement and fluidity.

The device is already reportedly sold out locally, with long lines of people and even robots at Apple Stores around Australia and many purchasers having flown in from countries with a later launch date.

Enthusiasm over mobile devices is at record levels, but the increasing use of the devices for mobile payments has raised alarm bells at peak security-industry body ISACA, which warned in its new 2015 Mobile Payment Security Study that 87 percent of information-security professionals expect an increase in mobile payment breaches over the next 12 months.

Some 42 percent of those same security professionals said they have used mobile payments this year – despite 47 percent saying that mobile payments are not secure and only 9 percent saying they prefer cash over digital payments.

“ISACA members, who are some of the most cyber-aware professionals in the world, are using mobile payments while simultaneously identifying and contemplating their potential security risks,” said ISACA risk advisor and president of IP Architects John Pironti in a statement.

Asked to rank the major vulnerabilities associated with mobile payments, the 900 surveyed ISACA members nominated use of public WiFi (26 percent), lost or stolen devices (21 percent), SMS-based phishing (18 percent), weak passwords (13 percent), and user error (7 percent).

Symantec information developer John-Paul Power addressed many of these in his reminder that eager adopters remember the recent risks from iOS-based KeyRaider malware, which targets jailbroken iPhones, the XcodeGhost app vulnerability, the so-called XARA sandboxing exploit, and last year's iCloud-hacking scandal as a reminder that mobile devices require new vigilance to ensure data security.

Writing in a blog post, Power noted that the new iOS 9 operating system includes several improvements in overall security including 6-digit instead of 4-digit passcodes, VPN extension support, and two-factor authentication for iTunes and iCloud signins.

Users should match such controls with protections including the use of a strong, unique Apple ID password, use of Apple's TouchID fingerprint authentication, and turning off the Simple Passcode option to use passcodes with letters and symbols as well as numbers.

Other tips include disabling access to Siri from the lock screen; managing apps' access to data (through the Privacy section of iOS settings); disabling AutoFill; and turning off WiFi when you're not using it, as well as being careful to only connect to trusted and known WiFi hotspots.

Security has been a major focus for Apple's latest operating-system updates, with the company patching 101 security flaws in iOS 9 alone and telling iOS developers to use HTTPS “exclusively”.

The surveyed ISACA experts also offered some tips for making mobile payments secure, with 66 percent nominating the use of 2-factor authentication as the best approach. Some 18 percent recommended use of short-term authentication codes, while just 9 percent recommended using phone-based security apps.


Read more: Hands-on certifications defining, testing ideal traits of cybersecurity pros: ISACA

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?


Read more: Appointment of two Australians to ISACA board reflects regional security expertise: director

Join the CSO newsletter!

Error: Please check your email address.

Tags iOS 9iPhonesiPhone 6s PlusMobile Payment SecurityISACAmobile securityJohn PirontiApple Stores

More about AppleISACASymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts