Wednesday, August 20, 2014

Phone security

Mobile phones are fast becoming one of the easiest targets for thieves to pull personal information. Think about what all you can do with these phones – check email (who does email anymore?), chat, call, message, schedule, take pictures, record video, listen to music, do banking, etc.  You have access to virtually every aspect of your life through your phone.  But, how secure are these things?

I have heard people compare current day mobile security to what PC security was like back in the days of Windows 98, or more simply, NOT GOOD.  The underlying operating systems are starting to get more security conscious, but quite a few apps are anything but secure.  Just look at what permissions some of these apps want when you are installing or updating.  A few of the most popular social networking apps want almost full control of the phone.  Why?  Too much control by too many different apps makes for an inviting target.  There was just an interesting article talking about some researchers who were looking at potential issues with lifting audio and video from phones without the owner knowing.

So what are some things you can do to make your phone more secure?
  • Use a lock screen.  Even a simple pattern lock can keep people out of your phone if you leave it lying around.
  • Disabling the camera(s) might not always be a viable option.  Some of the newest phones use the front facing camera to control the screen and so forth.  So at the very least, pay attention to where the camera is facing.  What is visible in front of the camera(s)?  Watch how you are carrying the phone around.
  • Shut off the automatic location tracking.  Some people think that tracking where they were can be really cool.  Maybe, but do you really want others to know?  Especially if your locations point to a pattern, like always at this restaurant on Weds night.  So who is watching your house?
  • Take a good look at your apps and the permissions they require.  Then make decisions on whether each app is worth the risk.  For the apps you can control, that is.  Unfortunately phones come with so much bloatware that you can’t normally remove, so either disable those apps or change their settings to close up holes.
  • For those apps you really, positively, can’t live without (and aforementioned bloatware), please make sure to keep them updated.  Most reputable apps offer bug fix updates fairly often.
  • Don’t store passwords in the apps or stay logged in to apps.  If anyone does gain access to your phone, you don’t want them to have access to everything.
  • Really think twice before doing any kind of banking or financial transactions on phones.  Even with “official” apps from banks, there is still a high probability that anyone who has access to your phone can get access to your financial information.
  • The more apps you can set up with multi-factor authentication, the better you will be.  So instead of just a weak password, if the app offers a challenge/response message, turn that on.
  • If you are not using Bluetooth, turn it off.  No sense broadcasting and having the potential for others to connect to you.  Same with wi-fi.  And don’t enable automatic connections to either.  You definitely want control of what your phone is connecting to.
  • Avoid clicking links in text messages.  99.99% of the time they are bogus.  Most are just spam, but a few can lead you to sites that will download tainted apps.
  • Backup photos, contacts or other information on your phone that you don’t want to lose.

Yes, it may be annoying to do some of these things, but it is an annoyance that is much better than losing privacy or important personal or financial data.