SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 174: Building a Safer Nest

Posted on February 20, 2020

This week on the Checklist, we’ll start off with a big list of tips to keep your iPhone safe and happy … and then we’ll take a new look at Google’s Nest smart home devices. 

Checklist 174 gets into:

 

iPhone care and feeding

We all love our iPhones. But these amazing devices sometimes need a little help from their owners to stay in top condition — and to be as secure as they possibly can be. Here are eight tips to keep your iPhone safe, secure, and running like new:

  1. 1

    Don’t trust the App Store

    Apple’s app review process is pretty sophisticated, using both software and human reviewers to filter out apps that don’t conform to the platform’s strict standards (as well as apps that are doing outright illegal things). They can’t catch everything though, so don’t just assume that because you found it in the App Store, it’s automatically safe.

    Before installing an app, do a little research first: Check to see if the app’s developers have other apps in the App Store, and look at what other users have said about their offerings. And when you install a new app, keep an eye out for suspicious behavior — if the app seems to be asking for things like location data or camera access when it has no real reason to need them, then something isn’t right.

  2. 2

    Enable automatic updates

    iOS is a secure platform. But it’s not an invincible platform — and part of the reason that it is so secure is that Apple developers are always on the hunt for potential vulnerabilities to patch. But those patches can’t protect you if you don’t update your OS, so make sure to set up automatic updates on your iPhone.

    To do this, go to Settings > General > Software Update > Automatic Updates, and toggle the switch to On. On newer iPhones, apps should be updated automatically by default, but it is possible to turn this option on and off. To make sure automatic app updates are still enabled, go to Settings > [your name] > iTunes & App Store. Look for the App Updates setting and make sure it’s set to On.

  3. 3

    For better privacy, back up to a Mac

    Backups are important. For most of us, the default iCloud backup method used by the iPhone will do just fine. But iCloud, while encrypted, isn’t protected by true end-to-end encryption — and that worries some folks who are really passionate about privacy.

    The good news is that there’s a more private way to back up your iOS device: by using an encrypted Mac.

    To do this, start by encrypting your Mac’s startup disk with FileVault. Then use your iPhone’s charger cable to connect it to the Mac. Once the devices are connected, go to Finder and look for the iPhone in Locations, then head to Backups > Back up all of the data on your iPhone to your Mac > Back Up Now. If you want this to happen each and every time you connect the two devices, you can set this up by going to Backups > Options > Automatically sync when this iPhone is connected.

  4. 4

    Use the Find My app

    Find My is the successor app to Find My iPhone. It lets you locate lost or stolen devices (even if they’re offline). Here’s how to set it up:

    Go to Settings and select your own name. Then head to Find My > Find My iPhone and use the toggle switch to set the app to On. There are also options that let you locate offline devices and that will send your phone’s location information to Apple when the battery is low. These are called Enable Offline Finding and Send Last Location, respectively.

    Lastly, please remember that if you think your iPhone has been stolen, you should never try to use Find My to go after it yourself. This, to put it bluntly, can be dangerous. Contact law enforcement instead and let the professionals do their jobs.

  5. 5

    Take out the trash and delete unused apps

    iPhones are computers, and like their desktop counterparts, their performance can suffer if they’re overburdened with processes or short on memory. To prevent this from happening, clear out old data storage locations regularly (but only after backing up your phone) and delete apps that you don’t ever use.

    You can free up space in memory by deleting things like old photos, videos, chat messages, and browser data. Any app that you simply don’t use should be deleted as well. To see which apps are using the most memory and may thus be good candidates for deletion, go to Settings > General > and then iPhone Storage. It takes a minute, but you should be able to see how much memory each app on your phone is using. If you see a few apps that seem to eat up resources but that you don’t really need, you can delete them then and there.

  6. 6

    Boost your battery life

    Though generally more of a convenience issue, having a well-charged device can also be a safety feature in certain situations. That’s why it’s prudent to do what you can to extend your iPhone’s battery life.

    Your screen is one of the biggest power users on your device, so give it a little help if you can by lightening its workload. One way to do this is by using Dark Mode, since black and dark colored pixels use comparatively little power, while white pixels use more. To turn on Dark Mode, go to Settings > Display & Brightness and choose Dark. You can also prevent your screen from using excessive amounts of power with auto-brightness, which will dynamically adjust the brightness of your screen to match the light levels of your surroundings. To find this setting, go to Settings > General > Accessibility > Display Accommodations.

    Another easy way to keep your battery charged longer is to use WiFi whenever possible, as this uses less power than a cellular network connection does.

    To keep your battery itself in good working order, avoid exposing it to extreme temperatures (especially anything hotter than 95 degrees Fahrenheit). Apple goes as far as to recommend that users remove cases during charging if they notice their phones heating up!

    Lastly, a very simple way to improve battery life is to use your phone a little bit less … just by being aware of how much you’re using it. Pay attention to those screen time alerts, which will help you think about whether or not you may be checking your phone too often — and give you a reminder to save the juice (and your sanity) by putting it away.

  7. 7

    Use a VPN

    Apple does a lot to make the iPhone secure. But it can’t do much about the security of public WiFi networks: That’s strictly in the hands of the people who set them up and maintain them. Unfortunately, you have no way to know if those people knew what they were doing … or if they cared. Since poorly secured WiFi networks can be a data security risk, you should treat any public connection as insecure by default. If you’re using your iPhone while on a public WiFi network, use a VPN to make sure that all data routed to and from your device is encrypted as it travels through the network.

    Also, bear in mind that VPNs themselves can pose a security risk, since your data is potentially visible to the people who develop and maintain the app. The key here is trust. We like Guardian Firewall + VPN for iOS, but there are plenty of other good choices on the market. Just make sure you feel you can trust a VPN before you install it — read customer reviews and technical review sites to see what others are saying, and take the time to read through the VPN’s own privacy policy so that you can be 100% sure about what they plan to do with your data (which will hopefully be as close to “nothing” as possible).

  8. 8

    Don’t ignore the pop-ups!

    If you’re using the newest version of iOS, iOS 13, you’ve probably noticed an increase in pop-ups and warnings telling you about what various apps are trying to do on your device. Some users get a bit tired of them at times, but they’re an important part of Apple’s attempts to respect your privacy — and to force app developers to do the same.

    Apple is doing this because some app developers have, quite frankly, done a terrible job of respecting their users’ privacy — for example, using Bluetooth data to infer a user’s physical location even when the person has specifically opted out of traditional location sharing.

    So when you see one of these warnings, realize that Apple is trying to help you take back control of your privacy, and don’t just click “Accept” without thinking about it first. Do you really want to share your location data, for example, with Facebook? Should your weight loss app be allowed to access Bluetooth data in the background (and does it really need to)? Do you actually trust the developer of a given app to respect your privacy and not, for example, resell your data to third parties?

 

The start of a safer Nest?

We’ve talked before about Google’s suite of Nest smart home products, discussing public dissatisfaction over the company’s failure to disclose the existence of built-in microphones in their home assistant devices and covering some disturbing stories in which Nest devices appear to have been hacked.

Google has pushed back against its critics, though, arguing that in those high-profile hacking cases, the blame lies mostly with users who failed to follow basic best practices for device security.

So what sorts of things were these users not doing? Pretty much exactly what we’re always talking about on The Checklist: changing factory default passwords; using strong passwords; keeping passwords private; and never reusing passwords across accounts. 

In fairness to Google, it is pretty hard to guarantee security for a device that’s protected with a password like “password”. We do think, however, that Nest could have done more to protect their users by making password requirements a bit more stringent from the get-go, or, even better, by requiring two-factor authentication for their devices.

The good news? Starting in the next few months, Google will begin requiring all Nest users to turn on email-based two-factor authentication for their smart home devices — which should go a long way to making them more secure.

Two-factor authentication, or 2FA, is something we’ve talked about quite a bit on the Checklist. As a brief refresher: The reason it makes accounts more secure is that 2FA requires both a traditional login and password as well as a second authentication factor, often a single-use code sent to your mobile device via SMS or an authenticator app. This way, if a user’s credentials are compromised, malicious actors will still be unable to access the account in question, since they lack that crucial second authentication factor. 

In this case, Google is compromising a bit by using email-based 2FA — sending the one-time code to the user’s email account instead of a mobile device. While this is admittedly less secure than sending a code to a mobile device, it is definitely better than having no second factor at all — and is, perhaps, Google’s attempt to slowly introduce a better security standard to users who may be new to the very idea of two-factor authentication.

As far as whether or not this makes Nest “secure enough” to use, that’s a call everyone needs to make for themselves. We will say that while this is absolutely a step in the right direction for existing Nest users, there are still valid privacy concerns about any technology owned by Google — concerns that might give potential users pause (and a reason to consider HomeKit instead). 

That takes us to the end of this week’s Checklist, but we’ll be back at it soon with another episode. Do you have a security or privacy question that you’d like to have answered on an upcoming podcast? Have you read an interesting news story lately or been wanting to hear more about a specific cybersecurity subject? Let us know! We’re always happy to receive emails with questions and suggestions for future show topics. You can reach us at Checklist@SecureMac.com.

Join our mailing list for the latest security news and deals