Overview
According to MobiThinking.com, there will be over 6.9 billion cell phone subscribers in the world by the end of 2013. And according to CNET over 84 million iPads have been sold by Apple representing 68% of the tablet market. Another 350 million iPods have been sold as well.
Virtually each phone, tablet or music device can represent some level of security threat to the user or business which allows them access to workplace computers, Internet and networks.
Less than a dozen years ago internal technology officers (CTOs) wanted company phones locked down, camera phones and iPods banned from the office. Now they are being compelled to address a bring-your-own-device trend, whether it’s a smartphone, music player or a tablet.
Meanwhile consumers and businesses alike are adopting a very casual attitude to downloading mobile apps – powerful computer programs that could potentially contain malicious code – from unknown authors, something few people would do on their PC.
However, 96% of smartphones and tablets do not have third-party security software installed, according to Canalys and Juniper Research. Further, if we’re talking music devices there may not be any security software commonly available.
The threat doesn’t seem to be hyperbole as BullGuard, an Internet and mobile device security provider, discovered 2,500 different types of mobile malware in 2011.
Let’s take a more detailed look at specific device/feature security threats.
Phones
Today our Android and iPhones have more computing power than was used on the Apollo 11 launch and moon landing. These tiny devices contain massive amounts of personal information along with many applications that assist us in different ways.
Always keep in mind that your mobile phone is not just a phone but is a powerful small computer containing a wealth of personal information about you your current location, your contacts and your calendar. We should be aware that it is easy for criminals to hack this information or infect the phone to get access to desired data.
Both the threat to devices and the threat to networks requires education. While many consumers read and digest information, many just ignore the threats. For example, how many people are aware of the need to PIN protect their mobile, lock their SIM and turn off Bluetooth (especially in discoverable mode)? How many actually know how to do this for their particular mobile phone? Basic mobile security like this requires a level of technological know-how that most mobile users don’t possess.
Passwords
With the above in mind be sure that you set a password for your voicemail. Do not use the default voicemail and password. Make hacking your voicemail more difficult by customizing your voicemail greeting and creating a new password. The default passcode for the iPhone is just four digits, which is easily hacked in about 20 minutes. Set your phone to require a longer passcode with alphanumeric characters. You can also set your iPhone to automatically erase all contents after ten failed passcode attempts. Turning off the “Simple Passcode” feature will allow for a longer password. Directions on how to do this are at the following address: support.apple.com/kb/HT4113. Android phones will allow you to create a swipe password feature which is more secure. Never store sensitive personal details, such as your ATM PIN number or account passwords, on your mobile phone.
Cell Phone Wallet
Cell phones are now becoming our wallets. Just by swiping your cell, you can purchase goods and services. This sounds great but be aware that Google wallet has already been hacked. There are easy step-by-step instructions on the internet on how to hack a wireless phone. Of course it’s a federal offense but it is very easy for criminals to infect a phone just by sending an email attachment or SMS message. The telephone function itself can also be hacked which can re-route phone calls. So if you think you are calling your bank, you may actually be talking to someone in Eastern Europe. Organized crime groups are aware of all the major banks phone numbers.
Most of us do not realize how much privacy we are giving up just by using a wireless phone. Your phone is tracking you 24/7 so your travel pattern can be developed over time.
Cell Phone Calendars
For those of us that use the calendar function on our phones, your phone knows where and when you are going. Don’t become paranoid but be aware of what the possible exposures are.
Blue Tooth
If you use Bluetooth technology, you may want to reconsider or be selective in it use since it is a weak technology and is subject to being hacked especially in large crowds.
You can reduce your overall risk just by turning off access to the technologies on your phone that you do not need. In particular, consider disabling Bluetooth, GPS and/or Wi-Fi. This is particularly important when using your phone in crowded areas, such as airports.
Find My iPhone
If you have an iPhone, you can enable a feature called “Find My iPhone” this is an app that can locate on a map a lost iPhone. If you are unable to find your phone, it also allows you to remotely wipe all data from the phone to prevent it from falling into the hands of thieves. You can restore your data to a new phone from iCloud or iTunes. You can find out how to enable this feature at the following web address: www.apple.com/iphone/built-in-apps/find-my-iphone.html.
“Jail Breaking” iPhones
This is a new term that has surfaced in the past few years, which enables an iPhone to run applications not available through the official Apple App Store. This sounds pretty cool but it exposes your phone to greater security risks and infections by computer malware. Probably most adults are not “jailbreaking” their phones but this seems to be fairly popular among the youth.
QR Codes
These are codes that you probably have seen on signs, posters and in magazines that can be scanned by our mobile devices to provide us with information about a product, service or other information. They look like a square full of dots, dashes and boxes. Please use caution with QR codes. Be suspicious of any that offer no context or description. Malicious codes often appear with little or no text, which can infect your phone with a virus. Never provide personal information on any web site that you arrive on via a QR code.
Microphones
This section may be more relevant to those in business but none-the-less it is good to be smarter about the mobile devices we have. Similar to the web cams on our computers all modern mobile phones have microphones that can be remotely activated without your knowledge and many have video capabilities that are similarly vulnerable. Consider it a bugging device whenever you are engaged in any sensitive conversation or take part in a sensitive meeting you can prevent having your discussion recorded by turning off the phone and removing the battery, if possible. If your phone’s battery is not removable, leave the phone in another room. Ensure that all participants in a given meeting take similar action.
GPS
Keep it on only when you need it. Follow the advice: “If you know where you are, they know where you are as well.”
Disposing of an old phone
When disposing of an old phone, whether recycling, selling or donating it, do a factory-reset to clear all your data. You will find directions on how to do this for the iPhone at the following web address: support.apple.com/kb/HT1414 and instructions for an Android phone at the following site: support.google.com/ics/nexus/bin/answer.py?hl=en&answer=1663708
Apps
Every app has its own specific privacy and permission requirements and settings. Verify that you are not providing any information to an app that is not needed to run the app. You should notice when a Flashlight app need access to personal information. Experts have concluded that flashlight apps contain more malware than any other app. Since I’ve learned about Flashlight apps they have now been removed from my iTouch. This was an application that I never used anyway.
Organized crime was the first to create some of the banking apps. People were entering their banking information but then the banking function did not work. You know the rest of the story.
You can investigate the privacy, source and security for apps you are considering to load on your mobile device by going to whatapp.org. This is a free service run by Stanford University.
Be aware that the apps available through online marketplaces are not necessarily vetted for security or quality. In some cases, no review at all is conducted on offered apps. Only allow automatic updates on trusted apps. The Android app store (Marketplace) has been particularly affected by security problems with its apps.
Be very wary of free versions of popular paid apps offered by unknown companies; they are often bait trying to get you to download spyware, and the chances that they contain malware are high.
What to do?
Many IT experts as also security experts that are trained and certified across all kinds of hardware, software and networks. Today’s multi-device environment invites serious security breaches. Only a computer expert with the right security credentials can help you get your arms around the problem.
If you’d like more help, please contact eMazzanti Technologies, www.emazzanti.net or call 201-360-4400.