Harnessing NameDrop: Separating myth from reality in iPhone security.
A new iPhone feature caused considerable worry last week. But cybersecurity experts say that Apple’s NameDrop setting doesn’t pose nearly as big of a risk as many initially thought.
NameDrop, a part of the iPhone’s latest iOS 17.1 operating system, allows users in physical proximity to wirelessly share their contact information. That prompted police departments across North America to issue warnings about hackers and thieves using NameDrop to steal private information. Social media picked up on the trend, pointing out that NameDrop was turned on by default as TikTok users amped up the urgency about the safety threat.
Tech journalists and security companies quickly pushed back, however. First off, NameDrop requires two devices to be inches apart, reducing the chances of illicit use. Additionally, the feature requires consent from both users, who are prompted with an address card and a request to share or receive contact information. If either party walks away, the connection is immediately lost.
As PCMag said in its PSA about NameDrop, “Between proximity and consent requirements, it would be difficult for someone to force a contact into your phone, short of grabbing your unlocked phone. And at that point, you have worse problems than an unwanted NameDrop.”
Still, there are steps that users can take to protect their digital identity, their devices, and their data. Some are specific to iPhones, some are more general—but CMIT Solutions recommends all of the following:
• If NameDrop still worries you, turn it off. Although the setting is turned on by default, it’s easy to toggle off. On your iPhone, navigate to Settings > General > AirDrop and turn Bringing Devices Together off. If you want further security, particularly in crowded places like airports or coffee shops, turn off Bluetooth and turn on Two-Factor Authentication (Settings > [Your Name] > Password & Security > Two-Factor Authentication. This requires using a PIN or biometric login (like Touch or Face ID) to gain access to your phone, in addition to a separate verification code.
• Learn more about Lockdown Mode. Introduced with iOS16, Apple’s last operating system rollout, Lockdown Mode limits or disables key features on Apple devices in case a user realizes they are directly targeted by hackers. Lockdown Mode restricts access to text messages, FaceTime calls, shared photo albums, configuration profiles, and system preferences. This can mitigate or prevent catastrophic impacts from malware or spyware.
• Limit the amount of data shared with apps, especially social media ones. Like NameDrop, many apps come with data collection turned on by default. And since social media apps generate most of their revenue through advertising, they try to optimize their user targeting through the mining of search history, shopping activity, social media follows, and other activities. Adjust the privacy settings related to these apps by navigating to Settings and then the list of apps near the bottom. Click each one and pay attention to Location, which controls access to your geographic location (select either Never or While Using the App) and Live Activities (keep off as much as possible).
• Avoid public Wi-Fi networks at all costs. Unsecured Internet connections in coffee shops, libraries, and airports can put your information and digital identity at risk. If you must connect to Wi-Fi in a public place, use the personal hotspot feature on your phone, or browse the web using a virtual private network (VPN) that encrypts all of your data, whether it’s in transit or at rest. In addition, enhance the password protection of your home modem and Wi-Fi router by replacing factory default passwords with customized, hard-to-crack credentials.
• Create reliable backups of all data. No matter where information is stored—in apps, on laptops and desktops, in the cloud, or on mobile devices—it should be regularly backed up in a centralized, remote location. That includes onsite backups to convenient network drives, offsite backups to cloud services that quarantine your information in case of a hack, and redundant copies of that data stored in multiple locations. Social media apps also allow users to back up activity, media, and messages, usually by clicking Settings > Your Account > Download an Archive of your Data (exact wording differs depending on the app).
• Build awareness by providing employees with cybersecurity training. Want to empower staff members to identify fraud, detect ransomware threats, and prevent data breaches? Give them the education they need to stop, read, and think carefully before responding to or clicking on any links in an email, even when it looks legitimate. Additionally, all users should know to be suspicious of any requests to confirm private information via phone, email, or direct message. When employees know that they should never share account logins, security codes, usernames, or passwords, they can serve as your company’s first line of cybersecurity defense.
At CMIT Solutions, we understand the risks and benefits of new privacy settings, updated operating systems, and mobile device security. Our 250 offices located across North America work hard to understand fresh product rollouts and safety threats, advising our clients on identity management, cybersecurity training, and proactive protection for your business.
Need help enhancing your digital identity or understanding newsworthy privacy issues? Contact CMIT Solutions today.