Security risks when using open WiFi with iPad?

Discussion in 'iPad' started by stanw, Apr 12, 2016.

  1. stanw macrumors 6502a

    Joined:
    Aug 29, 2007
    #1
    I'm going to use a 9.7 IPP as my mobile "computer" and will need to use open WiFi at random locations throughout the day. I am normally very cautious doing this with my Macbook Pro, though I'm wondering what security risks there might be with doing this with an iPP and iOS?

    1. On my Mac I turn on the firewall and stealth mode. Is there any sort of equivalent on an iPad?
    2. If not, does that mean someone can in theory get into my emails, photos or whatever on my iPad?
    3. I'm guessing any non-encrypted text sent via email, messages, web forms can be intercepted by someone. Besides that, is there any other risk of someone doing anything else?

    Thanks.
     
  2. Cascades42 macrumors 6502

    Joined:
    Jan 25, 2016
    Location:
    UK
    #2
    The stealth mode only prevents people from seeing your Mac on the network, and the firewall prevents people sending you things you don't want, neither have a direct equivalent on the iPad, but as the OS is locked down then you also don't need them as far as I know. People can only access things you give them permission to access.

    On iOS I would always recommend making sure your Airdrop is set to Contacts Only. If you're sending important data over a non https connection then I would recommend looking into VPN applications (on both iOS and OS X). Make sure your email is set up to connect with SSL or TLS or similar (as appropriate), and then that should be as secure as it can be.

    As I said, I recommend looking into VPNs, essentially this wraps your data in a layer and takes it somewhere safe to send it on. Naturally this slows things down, but security is better than speed.
     
  3. mildocjr, Apr 12, 2016
    Last edited: Apr 12, 2016

    mildocjr macrumors 65816

    #3
    Cascades is right, if you are trying to send/view confidential data you should look into a VPN solution, a good one will work on all of your devices, if it's any other kind of data you shouldn't be concerned.

    Most websites that would require login information use encryption so even if someone was using a tool to sniff the network the data they received would be almost useless. If you want a visual explanation I saw a good video on Diffie Hellman cryptography. You'll just have to keep in mind that with this video, a different color or number means the data is completely different. (i.e. "Some text" becomes "9d46b641c32ccdd45d810cde96abcf4b")

    That being said, if a black hat hacker were to try and grab data from a device, they'd probably do so through other means such as 0-day vulnerabilities. Your risk of being hacked is very low as long as you are using https sites. VPNs are nice for site to site traffic for businesses, and popular with the extremely paranoid or people doing illegal stuff online.

    At the time of this writing, there is no publicly known way of getting into an iPad without actually having the device in your hand.

    VPNs can be had for free, but most charge a monthly subscription fee that can get pretty pricey based on the level of security that you are looking for.
    --- Post Merged, Apr 12, 2016 ---
    To directly answer your questions:
    1. On my Mac I turn on the firewall and stealth mode. Is there any sort of equivalent on an iPad?
    No, your iPad is locked down using a system of "jails" that prevent applications from directly sharing data with each other, this level of security is pretty high and can prevent someone from hacking safari and getting your mail.

    2. If not, does that mean someone can in theory get into my emails, photos or whatever on my iPad?
    In theory yes, but that would require them to be able to get past the encryption that is provided by most mail services. An email is typically wrapped in the encryption provided by the https link to the mail server. SMIME (or secure email) encrypts the message before it leaves the application and is later wrapped in the mail server encryption, SMIME is only available on email providers who support it. When the email gets to the mail server the mail server unwraps the email and it's sent to the recipient along with a public key for that user to read the email.

    3. I'm guessing any non-encrypted text sent via email, messages, web forms can be intercepted by someone. Besides that, is there any other risk of someone doing anything else?
    iMessage uses 256 bit encryption when sent over a data connection, regular SMS messages only use the carrier data connection. Web forms can be intercepted but see above for more on that.

    To be honest, you have a higher chance of getting your computer taken over by posting in this unencrypted forum than you have getting your data looked at from using your iPad with iCloud services.
     
  4. sjleworthy macrumors 65816

    sjleworthy

    Joined:
    Dec 5, 2008
    Location:
    Penarth, Wales, UK
    #4
    general rule - when in public on public wi-fi dont do anything you consider confidential or risky to your own security if it bothers you. i personally wouldnt do banking for instance. you could do and in 99% of cases it wont be an issue, but the risk is there.
     

Share This Page