Insulation Tape over webcam

Apple Cybersecurity basics – Securing your hardware

I’ve been planning on writing a series of posts on cybersecurity for a while now. I’ve been interested in computer security for decades & have always tried to secure my machines, data & online profiles. In the modern computing landscape, many aspects of basic cybersecurity have been lost. When I started out online, perhaps in the early 90’s, there was a strong culture of using online handles as opposed to your own personal details. We had an awareness that the internet was a public sphere which is universally accessible.

The internet is a public place, but it is also a place where you can’t control data flows. As soon as you upload information or data to the internet, you need to assume it is now on public record. Even if you believe your account is private and secure, there is a good chance that at some point, the data will be used, resold or even hacked & released into the wild. If you approach the internet with this in mind it is very easy to secure your information. I’ll come to internet security later, but let’s start with your hardware itself.

I personally have a lot of computers. I have two Macbook Pro’s and an iMac, I also have Raspberry Pi’s running various versions of Linux & also an old IBM Thinkpad X200 running Trisquel Linux. All of these machines use full disk encryption.

With apple products, make sure your software is up to date. All of my machines run OS Sierra which is a free upgrade. Sierra has a very good version of full disk encryption known as Filevault 2. Filevault 2 allows you to encrypt the entire contents of your hard drive with a password. This means that without the password, the contents of the Hard Drive can’t be read by a third-party. File Vault requires the disk password as soon as you start your machine, so anyone who steals your hardware will be unable to boot your machine to access information & also unable to wipe the hard drive to reinstall the OS on your hard drive. This is vital in case of loss or theft of your devices. We store so much personal information on our devices & their security is as important as securing your own home. Perhaps more important.

The same goes for iPhones. Make sure you use a strong passcode or passphrase to secure your device & consider not using fingerprint access. Your fingerprint is very convenient, but a strong passcode is much more secure. Also, backup your iPhone or iPad to an actual computer and not to iCloud. If someone hacks your iCloud, they could clone your iPhone from one of your own backups & access your entire iOS environment.

The passwords you use should be unique & strong. You should also ensure that your encryption password is never stored or used for any online accounts. Your encryption password should be unique from any other password you use. You can choose a way of codifying your password, for instance take your favourite book (paper back or hard back) and use your birthday to select a page and a line. For instance, pick up a copy of Harry Potter, go to the page number which relates to your day of birth and then on that page go to the line number which relates to your month of birth. Use the text on that line for your password.

You can use any method to code your password, that is just a single example. Whatever you choose, make sure you have a way of reminding yourself which is not obvious. Without your encryption password your data would be lost forever.

Also, on Macs, make sure you disable any guest accounts in Settings > Users & Groups. Turn on the Firewall in Settings > Security & Privacy. This menu also contains the settings for turning on Filevault.

While in Security & Privacy, make sure you choose to require a password after sleep or screen saver. This means that if you need to leave your laptop or desktop unattended, you can put it to sleep to lock the machine or set the screen to sleep after a certain amount of idle time. These are basics steps to secure your machine but will make a vast difference to the physical security of your Mac.

Set your mac to automatically lock
Set your mac to automatically lock

With my iMac I use a Kensington lock to physically lock the machine to my desk. Make sure any external hard drives for your mac are also formatted with encryption & set your encryption password on each of them. This means if any are lost or stolen, for example your time machine backup drive, they cannot be accessed by anyone but those with the encryption password. I encrypt all media including USB flash drives. It only takes seconds to mount them & enter a password, but it does mean that your data is always much more secure. Get into the habit of encrypting & you will massively reduce your exposure to hacking & identity theft.

Something else I always do is use a small roll of black insulation tape to cover up the webcams on my laptops and desktops. You can peel it off easily if you require the webcam for facetime or skype, but most of the time I tend to leave the cameras covered. The camera can be used for spying by both governments & criminals & there have been many cases of people being recorded on their webcams & then blackmailed. For the sake of a few pence, always have a roll of insulation tape and cover your webcams. You can even colour match the tape to your black Macbook/iMac bezel.

 

Insulation Tape over webcam
Insulation Tape over webcam

With regards to securing your iPhone my main advice would be to set a fast timeout on your automatic screen lock. Never leave your phone unlocked & make sure you get into the habit of locking the screen whenever you put the device down. Also make sure under your Touch ID & passcode options in iOS settings, that you opt to require the passcode immediately & that you opt to erase the device after 10 failed attempts. This means that in the event of loss or theft, the device will likely wipe itself before anyone can get your information & identity from the device. You can also use iCloud to remotely message & wipe your Mac’s & iOS devices.

iOS Touch id & Passcode.
iOS Touch id & Passcode.

Mac’s & iOS devices now increasingly rely on cloud services to sync & store your data. Ensure that you setup two factor authentication on your iCloud account, to make sure only someone with access to one of your physical devices can login to your iCloud account. Also, be aware that if iCloud is ever hacked & the encryption keys that Apple hold are accessed, your iCloud data can be decrypted. Ensure that anything you offer up to the cloud is information which isn’t personally identifiable or potentially damaging. The cloud is ideal for mundane documents and data which isn’t specifically personal, but if it is something you want to keep private, don’t ever upload it to cloud services. I’ll cover this more in my next post regarding securing yourself online.

Finally, never give out your encryption password, it is the key to all of your data. Never use it for anything but encrypting, never use it with an online provider. If you do need to make a note of the password, codify & hide it in a way that it can’t obviously be identified as a password. Always aim to physically keep hold of your devices. It is much harder to compromise your devices if they are always in your possession.

Never give out any passwords in email or over the phone. If someone calls asking for your account details, don’t give them out or ask them for their details and phone number & offer to call them back. You can then check the number & details online & call a verified number.

Finally keep software up to date. There are zero day exploits being discovered and utilised daily. You massively decrease your attack surface if you keep software, services & devices patched & up to date.

I will add to this post as & when I think of tips to help. If you have anything to add, please let me know in the comments. There will be loads that I have missed & I expect this post will constantly evolve. I’ve also tried to keep the post as straightforward and non technical as possible. I want the basics to be adopted by everyone, so I’ve left out the in-depth discussions on things like AES & encryption bit sizes.

 

John Large

John Large - Uber Techie!

Leave a Reply