According to Apple the iOS platform is incredibly secure. The company even states: "Apple designed the iOS platform with security at its core. Keeping information secure on mobile devices is critical for any user, whether they’re accessing corporate and customer information or storing personal photos, banking information, and addresses. Because every user’s information is important, iOS devices are built to maintain a high level of security without compromising the user experience."

As a result, Apple's iPad and iPhone are generally considered to be safe and secure devices to use, however, a security flaw was discovered in late February 2014 that means that an attacker could intercept your data if you are using an unprotected hotspot, perhaps in Starbucks or an internet café.

Then in late May, some users from the UK, Australia and other countries reported that their iPhones were locked with a message claiming the device was hacked by a person or group named Oleg Pliss who demanded $100 or €100 to unlock it.

So, following these recent situations, can Apple maintain its stance that iOS is secure. Read on to find out...

What happened in the Oleg Pliss ransom case?

Back in May some people in Australia, the UK, and elsewhere had their Apple ID accounts compromised and their iOS devices held to ransom via Apple's Find My iPhone service.

Apple's Find My Phone feature allows iPhone, iPad and Mac owners to remotely lock and track their devices if they're lost or stolen. A custom message can be displayed on the lockscreen when the feature is activated. In late May, users reported that their iPhones were locked with a message claiming the device was hacked by a person or group named Oleg Pliss who demanded $100 or €100 to unlock it.

Apple said at the time that the incidents were not the result of iCloud being compromised and hinted that password reuse across multiple online accounts might be the cause of the hijackings.

BY mid June, Russian authorities revealed that they had arrested a man and a teenaged boy from Moscow under suspicion that they compromised Apple ID accounts and used Apple's Find My iPhone service to hold iOS devices for ransom.

It's not clear if the two Moscow residents, aged 16 and 23, were behind the Oleg Pliss attacks, but the crime referred to in the press release the Russian Ministry of Interior issued to announce the arrests was of a similar nature to the iPhone ransom attacks.

The two allegedly compromised email accounts and used phishing pages and social engineering techniques to gain access to Apple ID accounts. They are then accused of using the Find My Phone feature to lock the associated devices and send messages to the owners threatening to delete data unless the ransom was paid.

Another technique involved placing advertisements online that offered to rent an Apple ID account with access to a lot of media content. Once users accepted the offer and linked their devices with that account, the attackers then used the Find My Phone feature to hijack them, Russian authorities said.

What was the SSL flaw in Apple iOS

In February 2014, Apple issued updates to iOS 7 to protect against the security flaw. We recommend that users install the updates.

The SSL problem was with Apple's implementation of a basic encryption feature that shields data from snooping. Most websites handling sensitive personal data use SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which establishes an encrypted connection between a server and a person's computer. If an attacker intercepts the data, it is unreadable.

However, iOS's validation of SSL encryption had a coding error that bypassed a key validation step in the web protocol for secure communications. As a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. They could also supply fake data that makes it appear an authentic web service has been cryptographically verified.

There are also security risks in Mac OS X. Read more about them here: Do Macs get viruses? 

In the case of the SSL flaw, the danger is mitigated somewhat since an attacker must be on the same network as the victim. However, you could be open to attacks if you are using a shared network and someone is snooping on that network. This could be someone in your local Starbucks.

Secured Wi-Fi networks, such as home and business networks with encryption enabled, are not affected.

Read about how to keep your social networking private here.

Apple sent a notification of the iOS 7.0.6 update but if you haven't updated be sure to go to Settings > General > Software Update. You can find the information here.

If you are running iOS 6 you also need to update. Apple has provided iOS 6.1.6 - but this is only available for the iPhone 3GS, much to the annoyance of those who have refused to update to iOS 7. More on that below...

What to do if iOS 7.0.6 won't install, bricked iPhone issues

Reports are appearing of people applying the iOS 7.0.6 update and finding that their iPhone or iPad has been bricked. Calling these devices bricked isn't necessarily correct, it appears that the firmware update has been interrupted.

Some of these users have updated their iOS device on the move via 3G or 4G rather than over a WiFi network. After the update the iPad or iPhone has required a connection to iTunes before it can restart. Users are asked to "Connect to iTunes".

There is an Apple Support Community that addresses this iPhone bricking issue.

What to do if an iOS update bricks your iPhone

1. First connect your iPad or iPhone to a power outlet – either to your Mac or plug it into the wall. It is possible that your device ran out of battery when you were updating. You may want to leave it for a few minutes to charge so that you can establish whether that was the problem.

2. Reset your device: hold down the power button and the home button simultaneously. Eventually you should see the Apple logo and the device will boot up (it can take time so be patient, but if its ten minutes there's probably something wrong!)

3. Restore your device. Beware – this will wipe all the data from your device, so make sure you have a back up first. To restore your iPad or iPhone, first plug it into your Mac and open iTunes. Now click on the name of your iPad or iPhone in the left hand menu and click Restore. This will restore your iPhone or iPad with the latest version of the iOS operating system.

4. Restore from back up: presuming you have a recent backup you will be able to restore your device either via iTunes or over iCloud. It may take an hour or more to restore so be patient (again).

How to update your iPad/iPhone to iOS 6.1.6

Some people are angry that while Apple has released iOS 6.1.6 for iPhone 3GS and iPod touch (4th generation) users, it appears that they cannot update a newer iPad or iPhone running iOS 6 device.

There are people who had refused to update to iOS 7, perhaps because it would have caused their device to slow down considerably. Users have complained: "My iPhone 5 gives me no option to upgrade to any iOS other than 7.0.6."

Unfortunately it appears that it is not possible to update a newer device that is running iOS 6 to iOS 6.1.6 if it is eligible for the iOS 7 update.

We even tried doing so in iTunes, but, as you can see, from this screen shot the iOS 6.1.6 update is not available for these devices.

If you don't want to update to iOS 7.0.6 but don't want to leave your device open to snooping, how can you avoid the SSL bug without updating to iOS 7?

1. Don't connect to public Wi-Fi networks.

2. On the Mac it is possible to avoid it by using an alternative browses like Chrome and Firefox, but unfortunately on an iPad or iPhone alternative browsers still use the same underlying web kit and therefore are not safe.

More info:

Apple encryption mistake puts many desktop applications at risk

Major SSL flaw found in iOS, OS X

Does this mean that Apple's iOS isn't secure?

It's certainly not going to help the company convince people that they don't need to be protecting their devices. Many users coming from a desktop environment are already confused about security services for the iPad and iPhone, asking whether they need to install security software on their iPad or iPhone.

Generally these devices are safe because many security features are enabled by default and key features, like device encryption, are not configurable, so users cannot disable them by mistake. Other security measures include low-level hardware and firmware features that protect against malware and viruses. 

Apple also approves every third-party application that appears on the iPhone and iPad. As Apple explains: "Unlike other mobile platforms, iOS does not allow users to install potentially malicious unsigned apps from websites, or run untrusted code. At runtime, code signature checks of all executable memory pages are made as they are loaded to ensure that an app has not been modified since it was installed or last updated."

Another level of protection comes from the device passcode - which means that an attacker with access to your device cannot get access to your data. 

Read more: iOS Security (PDF download)

What iOS Security Software do I need?

What anti-virus program do I need for an iPad or iPhone?

Despite the security threats mentioned above, you don't need anti-virus software for the iPad and iPhone - not that there is any anti-virus software available for the device. iOS is designed and built to only accept and install software that has been approved by Apple and run through the App Store. As such Apple has pretty much guaranteed that you won't encounter any malicious software on your iOS device. Similarly security companies complain that Apple will not approve any security focused software for the iPad or iPhone, presumably Apple doesn't want to give the impression that such software is necessary.

Having said that there are a variety of security-themed apps on the App Store. Security specialist Symantec has a number of apps such as Symantec Mobile Encryption and Symantec Secure Email. These are typically designed to integrate the iPad with an enterprise environment, allowing iOS devices to communicate securely with enterprise servers.

But for the home user, the iPad (and iPhone) is one of the safest computing experiences you can imagine. It's combination of locked down hardware and software make it more secure out of the box than a Mac or PC with security software installed.

See: VirusBarrier iOS review and Symantec announces new Norton Antivirus tools

What security do I need for iPad and iPhone Safari web browsing?

The Safari web browser in iOS 7 is also protected against malicious software, although you can encounter malicious websites and you are vulnerable to so-called "Phishing" scams (where nefarious people send you emails requesting you to enter account and password details.

Safari iOS 7 has a "Fraud Warning" service built into it. This is activated by default, but it doesn't hurt to go to Settings > Safari and double-check that Fraudulant Website Warning is set to On.

Obvioulsy we now know that it is important to update your device to ensure that your safe from man-in-the-middle attacks made possible by the SSL encryption coding error, as discussed at the top of this article. As long as you are running iOS 7.0.6 or iOS 6.1.6 you should be ok.

See: Major SSL flaw found in iOS, OS X

See: Apple ID phishing scam warning

iOS Safari Security Settings

Is Javascript safe on the iPad and iPhone?

JavaScript is another area where you might want to be extra cautious. While JavaScript offers a number of additional features to websites, there are some concerns that it can be used to launch malicious attacks. It depends on the kind of website you typically browse on an iPad or iPhone. If you look at some of the less salubrious sites you might want to go to Settings > Safari and turn JavaScript to Off.

See: iOS 6.1 update fixes JavaScript bug

Are there any iPad/iPhone security risks at all?

The biggest risks with an iPad and iPhone aren't remote attacks, but up close and personal theft. Somebody either stealing your device or using it when your back is turned.

To protect somebody from accessing your iPad or iPhone without your knowledge be sure to set either a passcode or password.

  1. Open Settings > General and tap Passcode Lock
  2. Click Turn Passcode On
  3. Enter a four digit PIN
  4. Re-enter the four digit PIN
  5. Tap "Require Passcode" and ensure it is set to "Immediately"
  6. Tap Passcode Lock to get back to the Passcode Lock settings

You can use a password instead of a passcode. This will ensure a higher level of security, but you will need to enter the combination of letters and numbers to unlock your iPad or iPhone, so most people stick with the passcode.

  1. Tap Simple Passcode to Off
  2. Enter a password (a combination of numbers and letters)

Read more: Understanding iOS passcode security

Enable Find My iPad/iPhone

Find My iPhone is an app and service that you can install to locate an iOS if it has gone missing. It also enables you to remotely wipe an iPhone or iPad, or send a message to it in the hope of retrieving a lost iPhone or iPad.

  1. Click on Settings > Privacy > Location service
  2. Tap Find My iPad and click it to On
  3. Open the App Store and Find My iPhone. Install the app.

Open the Find My iPhone app on an iPad or iPhone and log in to see where all your devices are. Note that this service can also be accessed from Apple's iCloud website. (See: How to get started with iCloud).

Read more: Find My iPhone

Find my iPhone

Saving passwords and credit card details in Safari

The iPad can be used to save your passwords and credit card details. Before doing this it is considered advisable to set up a passcode first, as an additional security measure.

To set up Safari to save passwords follow these steps:

  1. Tap on Settings and Safari
  2. Tap Passwords & Autofill
  3. Tap the Names and Passwords button to turn it on (green)

When you next visit a website in Safari, and enter your name and password, a popup will appear asking if you want to save the password. Tap on Save Password and the password will be stored locally in the iPad.

  1. Tap Simple Passcode to Off
  2. Enter a password (a combination of numbers and letters)

iOS Safari Save Password

To access password details in Safari

  1. Tap on Settings and Safari
  2. Tap Passwords and Autofill
  3. Tap on Saved Passwords
  4. Tap on a password entry and enter your Passcode

You can now view the Website, Username and Password details on the iPad.

To delete a password from Safari

  1. Tap on Settings and Safari
  2. Tap on Passwords and Autofill
  3. Tap Edit
  4. Tap the selection circle next to the password you want to delete
  5. Tap Delete and Delete again in the pop-up window
  6. Enter your passcode

See also:

Save your credit card details into Safari

If you do a lot of shopping online you might want to enter your credit card details into Safari. They can then be used on a website to make a payment. Follow these steps to add a credit card to Safari

  1. Tap on Settings and Safari
  2. Tap on Passwords and AutoFill
  3. Tap on the button next to Credit Cards
  4. Tap on Saved Credit Cards
  5. Tap on Add Credit Card
  6. Fill out the Cardholder, Numbers, Expires and Description and tap Done 

When you are using a website and it requests your credit card information you can use the Autofill option in a pop-up window to fill in the information automatically. Note that you will still need your CVV (Card Verification Value) number to make a purchase. This is the three-digit number on the reverse of most credit cards. 

What is iCloud Keychain?

If you have multiple Apple devices and want to use Safari to save your passwords, then you can use iCloud Keychain to synchronise your passwords from one device to another. So if you enter a password into a website on your iPhone, it will automatically be added to your iPad.

You must have your passcode activated to use iCloud Keychain. Follow these steps to turn on iCloud Keychain

  1. Tap on Settings and iCloud
  2. Tap on Keychain and turn on the button next to iCloud Keychain
  3. Enter your iCloud password and tap on OK
  4. Move to another computer or device using the same iCloud. On the Mac open System Preferences and iCloud and details next to iCloud
  5. Enter your Apple ID and Password and click on Allow

Your iPad or iPhone will now have all the usernames and passwords that have been stored on your Mac (and vice versa). You can also do the same thing with your iPhone to sync between all your devices. If you don’t have a Mac you can use an iPhone to authorise the iPad or vice versa, just follow the Notification pop-up and enter your Apple ID and Password on the device.

Your passwords are generally secure on your iPad or iPhone, although you shouldn’t share them with other people. And, of course, anybody who has access to your Passcode as well as your device will then be able to view all your other passwords. So be careful about sharing your iPad and passcode with other people.

We have a lot of faith in Apple to keep our details secure on its server. Apple generally takes security of its back-end systems very seriously. But you will need to enter your passcode to use iCloud Keychain, so it often feels like you’re simply swapping one password for another.