All iPads SERIOUS Security Question For All New iPads?

[BeautifulWoman_1984]

Hey guys,

I hate to be making a thread about this, but security is my number one priority so this is a very important question for me.

I need to buy a new iPad.

What I like about my current iPad Mini 3 is that it's very secure as it seems that it's "locked down" as I can only install Apps from the iOS App Store and there are only two ports: the headphone jack and the re-charging port.

I love MacOSX on Apple's Mac Mini, Macbook Pro and Macbook Pro and the other computer models, but my iPad Mini 3 just feels more secure because of its locked down nature.

However, I've looked at all the new iPad models and ALL of them have this "smart connector".

I just want to know how I'll be more vulnerable with this "smart connector" and how this "smart connector" changes my iPad's security?

Thank you for any advice!

 

[secretk]

As far as I know currently this smart connector (not all iPads newer than yours have it) is used only to connect Apple keyboard to the iPad. I am not aware of any other device that can connect to the iPad via this connector.

 

[casperes1996]

The smart connector provides close to no security risk at all.

It can provide a small amount of power as well as bidirectional data, but only interpreted by the OS. The operating system validates and accepts/denies input from the smart connector. It is not a free direct-memory-access connection. It is primarily just a connector for the magic keyboard and such.

You’re at no real extra risk with this connector, at all

EDIT; Addendum note:
If security is a huge concern, remember not just to consider your physical I/O access, but also your wireless “ports”. There have been firmware issues with some Broadcom chips in the past allowing DMA access from the wireless chip. Apple has of course shipped software updates to patch it, but the key takeaway here is to stay up to date software wise, and remember also considering the security of wireless interfaces.
Apple’s devices are generally very well secured though. If you have concerns I recommend watching some of their presentations from Black Hat. They do quite a lot to ensure security, also for physical ports. On Macs with a T2 chip they even (mis)use the Intel BCM system for setting up memory isolation between attached devices and the pre-boot system to ensure that connected devices can’t modify the kernel or any firmware.

 

[ericwn]

The smart connector with the current can only be used with the Apple keyboard options to supply them with power and data.

I don’t think anyone can further mess with your data unless you let them log in.

 

[BeautifulWoman_1984]

I forgot to mention that my current iPad Mini 3 has been in use for over 5 years now so I'm not sure how much longer it'll keep working and I'm also worried because it only supports iOS 12...

 

[AutomaticApple]

Hey guys,

I hate to be making a thread about this, but security is my number one priority so this is a very important question for me.

I need to buy a new iPad.

What I like about my current iPad Mini 3 is that it's very secure as it seems that it's "locked down" as I can only install Apps from the iOS App Store and there are only two ports: the headphone jack and the re-charging port.

I love MacOSX on Apple's Mac Mini, Macbook Pro and Macbook Pro and the other computer models, but my iPad Mini 3 just feels more secure because of its locked down nature.

However, I've looked at all the new iPad models and ALL of them have this "smart connector".

I just want to know how I'll be more vulnerable with this "smart connector" and how this "smart connector" changes my iPad's security?

Thank you for any advice!

Those three pogo pins are completely harmless. Buy an iPad mini 5 if you don't want the smart connector.

 

[zhenya]

I forgot to mention that my current iPad Mini 3 has been in use for over 5 years now so I'm not sure how much longer it'll keep working and I'm also worried because it only supports iOS 12...

Running an outdated version of iOS is basically the biggest security risk you can take with an iPad...

 

[pldelisle]

Running an outdated version of iOS is basically the biggest security risk you can take with an iPad...

Lol. Definitively.

 

[chrfr]

I forgot to mention that my current iPad Mini 3 has been in use for over 5 years now so I'm not sure how much longer it'll keep working and I'm also worried because it only supports iOS 12...

Newer iPads are assuredly more secure than yours.

 

[Thirio2]

Bluetooth external keyboards are not secure. A smart connector keyboard eliminates that insecurity. My computer security relative actually recommended an iPad with the smart connector.

 

[Shirasaki]

If someone is genuinely concerned about security, probably they should not use Apple device or Google device in the first place. Even if so, rigorous security audit should be in place to eliminate possible backdoors installed on those devices. The cost of being secure could be very high.

On the other hand, for your concern, my take is you don‘t need to be paranoid and worry too much. Aside from installing latest software and not visiting random sites, general personal internet safety tips are still going to be applicable, including setting up a strong online account password and 2FA (though this can create its own issue as well, depending on how 2FA is implemented). Above all, being vigilant online is probably going to help you a bit more than just using latest device and software. Let’s face this: if someone manages to let you know you have been hacked, then his/her job of hacking into your device/account has failed already lol.

 

[ericwn]

Bluetooth external keyboards are not secure. A smart connector keyboard eliminates that insecurity. My computer security relative actually recommended an iPad with the smart connector.

How would you hack into a Bluetooth keyboard? And without pairing it to another device. Chances for your Bluetooth keyboard to be hacked are probably as high as someone breaking into your house and looking right over your shoulder while you’re typing.

 

[casperes1996]

If someone is genuinely concerned about security, probably they should not use Apple device or Google device in the first place. Even if so, rigorous security audit should be in place to eliminate possible backdoors installed on those devices. The cost of being secure could be very high.

Are you suggesting Windows is more secure than macOS? Or not to use any computing device at all?

 

[secretk]

Are you suggesting Windows is more secure than macOS? Or not to use any computing device at all?

I would say if we really want to be anal about security we should not have any device at all. If we want to be semi obsessive we could have a device that is never connected to anything - like no internet, no bluetooth etc. You get my point. But then do we really need those devices?

I am all for people not using the same password for everything or use 1234 but at certain point of time we should accept that there is some risk when we access the Internet.

 

[VineRider]

If you are interested, the link below is Apple's security overview. This gives you some good detail on how Apple implements security, both from a hardware and software perspective. As you are very concerned (rightly so) with security, I would recommend reviewing this document. It will give you some perspective on how seriously Apple takes security, and the lengths they've gone to to protect user data.

Obviously, no system is 100% secure, but in my view (having spent decades in the IT industry), Apple is one of the best at security these days, and it is why I chose Apple over Android as mobile platform when I moved off of Windows Phone (I know, I know ?)

System security overview

Apple maximizes its operating system security without affecting usability—from boot-up, to software updates, to the online operating of the operating system.

support.apple.com

 

[Shirasaki]

Are you suggesting Windows is more secure than macOS? Or not to use any computing device at all?

Ok, my bad, forgetting to exclude Windows devices as well Lol.
The best case scenario for the security would be to not using any device at all, like someone mentioned. One more device, one more point of potential vulnerability. However, this is both impractical and unnecessary. My main point is to let OP know it is not worth paranoid about the security of a smart device as our control over them is extremely limited if we can control at all. And no, the level of control I am talking about here is the level jailbreaking community usually wanted: to let their own device to do whatever they like, good or bad.

 

[casperes1996]

Ok, my bad, forgetting to exclude Windows devices as well Lol.
The best case scenario for the security would be to not using any device at all, like someone mentioned. One more device, one more point of potential vulnerability. However, this is both impractical and unnecessary. My main point is to let OP know it is not worth paranoid about the security of a smart device as our control over them is extremely limited if we can control at all. And no, the level of control I am talking about here is the level jailbreaking community usually wanted: to let their own device to do whatever they like, good or bad.

Gotcha. Was confused for a moment about how to take your message .
I do think though that it makes sense to consider security even or perhaps even especially when you do something to open you up to a new attack vector. Not to obsess or go overboard, but to consider how something could be attacked, and how to best mitigate it.
With that said, frankly even though we are some very knowledgable people on here, if you have a major security concern about something, I'm not sure asking MacRumors is the best way of assessing its security. In this case people generally seem to agree not to worry about the Smart Connector for security, which I'd say is the correct approach, but people could say anything on here and there could be conflicting opinions as well, which would just put the OP back to square one of not knowing what to believe. The best idea is always to get to a point where you feel you have the knowledge to assess the security yourself.
That said, worrying about a physical connector; Even a fairly easily exploitable one, isn't something I'd do or recommend anyone unless they're a high priority target like a government official or CEO of a Fortune 500. If that's what you are; Sure, disable your Thunderbolt ports in the BIOS or put hardware protectors on them to block off the port for passers by and such. But other than that, if you're not a high priority target, attack vectors that require physical access aren't that bad since it requires someone being close by, with the skill set to exploit it, the desire to exploit it, and you being their target. All without you catching them physically handling your device.
Greatest risk is phishing and human vulnerabilities. Be vigilant against that kind of attack and you've filtered out the vast majority of threats. Avoid using the same password everywhere and you've taken out another huge portion

 

[BeautifulWoman_1984]

Thank you all for your replies!

I really want to start reading .PDF files on my iPad Mini 3.

What's the best way for me to transfer .PDF files to my iPad Mini 3 while making 100% sure that the .PDF files aren't altered in any way? I'm just worried that the .PDF files will be altered in some way and I won't be getting accurate information???

I'm not doing anything illegal, but is it possible for Apple to see the .PDF files I'm reading on my iPad Mini 3?

Is it possible for Apple to see the .PDF files I'm reading if I buy a new iPad since it'll be running iOS 14 and my iPad Mini 3 is running iOS 12???

Newer iPads are assuredly more secure than yours.

Really? I thought the extra "smart connector" port made the newer iPads less secure???

EDIT:
I'm still under a lot of stress because of the pandemic situation so I'm sorry if I come across as strange, but I'm completely genuine in my need for help with this question.

 

[Mr_Brightside_@]

Thank you all for your replies!

I really want to start reading .PDF files on my iPad Mini 3.

What's the best way for me to transfer .PDF files to my iPad Mini 3 while making 100% sure that the .PDF files aren't altered in any way? I'm just worried that the .PDF files will be altered in some way and I won't be getting accurate information???

I'm not doing anything illegal, but is it possible for Apple to see the .PDF files I'm reading on my iPad Mini 3?

Is it possible for Apple to see the .PDF files I'm reading if I buy a new iPad since it'll be running iOS 14 and my iPad Mini 3 is running iOS 12???


Really? I thought the extra "smart connector" port made the newer iPads less secure???

EDIT:
I'm still under a lot of stress because of the pandemic situation so I'm sorry if I come across as strange, but I'm completely genuine in my need for help with this question.

What's the best way for me to transfer .PDF files to my iPad Mini 3 while making 100% sure that the .PDF files aren't altered in any way? I'm just worried that the .PDF files will be altered in some way and I won't be getting accurate information???
Using iTunes/the Finder
I'm not doing anything illegal, but is it possible for Apple to see the .PDF files I'm reading on my iPad Mini 3?
No
Is it possible for Apple to see the .PDF files I'm reading if I buy a new iPad since it'll be running iOS 14 and my iPad Mini 3 is running iOS 12???
No

Really? I thought the extra "smart connector" port made the newer iPads less secure???
Completely wrong/made up

 

[casperes1996]

What's the best way for me to transfer .PDF files to my iPad Mini 3 while making 100% sure that the .PDF files aren't altered in any way? I'm just worried that the .PDF files will be altered in some way and I won't be getting accurate information???

Most options are secure, really.
You could use a USB-C drive / flash stick
You could send the pdf to yourself using iMessage (mail would technically *not* be a secure option though I'd still argue it's not a high risk, mail would still carry some risk, since email is not encrypted or authenticated)
You could use the Finder as Mr Brightside suggests
You could use iCloud for which I will refer you to this page:

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

support.apple.com

regarding the security
Another option is to use AirDrop which is point-to-point so the data would never leave your local vicinity.

Is it possible for Apple to see the .PDF files I'm reading if I buy a new iPad since it'll be running iOS 14 and my iPad Mini 3 is running iOS 12???

Apple neither can n'or wants to read your PDFs. - They'd have to be reading the PDF files of over 250 million people if they were going to keep track of all of that, and their business is not that of personalising ads through user data. If you have enabled crash reporting, some information may be available in crash reports to help identify why a crash occurred like, and this is purely a theoretical example, number of pages.

Really? I thought the extra "smart connector" port made the newer iPads less secure???

Any Input mechanism can be thought of as an attack vector but first of all, the Smart Connector is not remotely exploitable. You'd need physical access to the device to attack something to it. Second, no known exploits using it exist to my knowledge, and third, the potential for an exploit using the Smart Connector is outweighed by the newer generation Secure Enclave and OS updates with security enhancements

 

[Lemon Olive]

I can't even imagine what kind of "security" you're concerned with. Undoubtedly, the fictional kind.

 

[retta283]

Really? I thought the extra "smart connector" port made the newer iPads less secure???

Whoever told you that is spewing absolute Rubbish designed to scare non-techies into thinking their device can be hacked. No point what so ever in believing that Nonsense. Smart Connector is just as safe as any other port (and it's many times more secure than Bluetooth/Wifi which will be main points of attack more than likely) and not many data-based accessories are really using it now.

iOS/iPadOS 14 is more secure than iOS 12 in the overwhelming majority of security cases.

 

[rui no onna]

Really? I thought the extra "smart connector" port made the newer iPads less secure???

Iirc, the Lightning port can be hacked with a modified cable. No need to bother with the Smart Connector which only a small percentage of Apple devices have.

 

[rui no onna]

I would say if we really want to be anal about security we should not have any device at all. If we want to be semi obsessive we could have a device that is never connected to anything - like no internet, no bluetooth etc. You get my point. But then do we really need those devices?

I am all for people not using the same password for everything or use 1234 but at certain point of time we should accept that there is some risk when we access the Internet.

For US residents, if one has a social security number, one is still at risk of identity theft regardless of whether or not they use the internet. ??‍♀️

 

[BeautifulWoman_1984]

Thank you for your replies!

I can see more of my options now.

It's great that there are multiple options for me to transfer .PDF files to my iPad Mini 3 so that the .PDF files can't be altered, but what is the most secure way?

I just had an idea: I could try using 3 different ways of transferring .PDF files to my iPad Mini 3 as a way of "cross-checking" and then check that the .PDF files haven't been altered?

For example, I could transfer the same .PDF file to my iPad Mini 3 using the following methods: iCloud, AirDrop and one more method.

What do you guys think?

To use iCloud I'd simply need to copy the .PDF files into my iCloud Storage on my Mac/Win PC and then just open it on the iPad Mini 3 right?