iOS Security Checklist 2018 for Noobs Part II | Lucideus Research

Hope you guys had a great month. I had an awesome month with many new assessments leading to new findings and learnings across the whole month. I might be starting a new blog series on finding vulnerabilities and pentesting the applications, so watch out for that! If you missed out on iOS Security Checklist for Noobs Part I, I recommend you to go through it once. Without further adieu, let’s get started.

Setting Up Privacy: Unlike Restrictions, which operate on a global level across the device, Privacy works at the individual application level. You can allow/deny services to applications using Privacy.
  • Go to Settings.
  • Scroll down to Privacy

A bunch of services can be seen here. For instance, you want to disallow an application from using Camera, click on the Camera service and turn off the switch for that application. That application from that point on, won’t be able to access Camera or take pictures or videos.


Changing the Default SIM PIN: Changing your SIM PIN after purchasing SIM can be helpful if your device ever gets lost or stolen. SIM contains contact numbers (if synced), which can be accessed easily if one does not change the default PIN. The default PIN is usually set to “1234” or “0000”.

  • Scroll down to Phone.

  • Go to Settings.


If you ever set PIN onto your SIM, then you will see the SIM PIN will be activated. By default, it is OFF.



Turn the SIM PIN to ON, enter your default PIN  and you will be presented with an option to change your default PIN.

Hardening Safari: Browsing web on your devices is now an everyday activity, thanks to superfast networks on cellular and Wi-Fi. Being safe on the web is an art and your browser plays an important role in that. Your browser can become an open door for malicious scripts and attacks if proper precautions are not taken. Here, I list down some of the common things to look out for in your Safari Settings.

  • Scroll down to Safari.

  • Go to Settings.

In General, section, tap on AutoFill.


Turn the Credit Cards option to OFF.

Coming back to the options, turn on Block Pop-ups.


In Privacy & Security Section
Turn ON Prevent Cross-Site Tracking to protect your privacy. This feature is particularly helpful, where you don’t want organisations or company to know of your browsing habits.

Turn ON Ask Websites Not To Track Me. This is helpful when you don’t want websites to keep track of your browsing activities and customise the content or ads they present to you.

Turn ON Fraudulent Website Warning. This disables any user to visit any site which is suspected or blacklisted, including sites which are under phishing attacks or are being forged, sites which are not safe to visit and can steal your credentials including names, passwords and credit cards information. That’s also one reason, why one should always keep Credit Cards option to OFF.
Turn OFF your Camera and Microphone Access. This prevents scripts to access camera and microphone without your consent, running on the websites.


Go to Advanced,  and turn your Javascript OFF, if you want to take a step further in your device security. Note that, this can render many sites useless, as almost all of sites use javascript. Use this with caution.

In the meantime, We hope you could take away some key points in securing your device. If you enjoyed this post, We will be very grateful if you’d help to spread this knowledge by emailing or WhatsApp to a friend or sharing it on Twitter or Facebook. Thank you! Cheer!!

No comments:

Powered by Blogger.