With new integrated security - from single sign-on to activation lock - iOS 7 has its eyes on the enterprise. Two days after Apple launched its new operating system, however, a German hacker group claimed it had already bypassed the biometric security of TouchID, Apple's new fingerprint sensor. The group claimed that a photographed fingerprint was enough to unlock the iPhone 5S, proving the feature flawed, if not useless.
To help protect from iOS 7 flaws, the Center for Internet Security (CIS) has released configuration guidelines: Security Configuration Benchmark for Apple iOS 7. Authored by David Skrdla and contributors, the benchmark provides guidance for establishing a “secure configuration posture” for iOS 7.0.2.
The guide is geared towards IT administrators, security specialists and others in preparation for deployment of iOS 7 devices. Topics include user interface, system settings, passcodes and mail settings, as well as networking related issues with WiFi, Bluetooth, Hotspot and AirDrop.
Founded 13 years ago, CIS, a non-profit organization, brings together experts from all areas, from public and private sectors as well as academia, from around the world. As a result, the group offers different points of view, all coming from different environments, the best and brightest, said Rick Comeau, Executive Director, Security Benchmarks Division, CIS, in an interview with Mobile Enterprise. Anyone can sign up for the consensus process, but experts are of course preferred.
As technology has evolved, so has the organization’s 14 different technology groups. Original reports addressed Windows NT and desktops; now mobile is growing. Since 2010, there has been an influx of volunteers who have mobile on their minds. “The digital age we live in is so diverse and complex. We are getting more critical data placed on the devices. Having that securely figured is the goal,” Comeau said.
The CIS Apple iOS 7 Benchmark
To mitigate IT security-related vulnerabilities, the CIS Apple iOS 7 Benchmark provides specific, step-by-step recommendations for securing numerous settings on millions of devices already running iOS 7, including the iPhone, iPad, iPad Mini and iPod Touch.
The free report, available as a PDF, builds upon the iOS 5 and 6 benchmarks previously released by CIS and leverages the expertise gained through those processes to ensure guidance was available for users as soon as the iOS 7 software was released.
The benchmark process itself is two-fold. First, the subject matter experts decide on recommendations as a consensus group. Once the benchmark has been published, feedback for the report is reviewed and incorporated when necessary.
All recommendations are designed to help mitigate configuration-related vulnerabilities associated with the passcode and lock screen settings, including the passcode bypass and TouchID. Also addressed are the vulnerabilities associated with the Safari web browser.
The report is designed to be practical, with each recommendation providing clear security benefits while taking into account functionality requirements.