Stay one step ahead of modern threats
With talk of security issues with smartphones gathering momentum, there’s never been a better time to increase awareness of the ways you may be putting your data at risk. Modern advances to mobiles mean that there’s often far more at stake than losing contacts and text messages if a mobile is lost or stolen, and even if you don’t use a phone to access the internet or store sensitive data, you could still be at risk if not properly protected. We’ve compiled eight key concerns and outlined the ways in which you might be putting yourself at risk, and how to ensure that you don’t become part of a rising proportion of users that are being targeted by malicious parties.
Use a PIN/key lock code
Recent research has shown that 54% of smartphone users in the US do not set up password security on mobile phones – either when turned on or woken from standby. The reasons for doing so are obvious – if a phone is lost, stolen or simply left unattended, anyone that picks it up will have unrestricted access. This could involve data being stolen, phone calls being made or unwanted services being registered for, and could result in considerable financial cost.
There are a number of ways to protect a smartphone. Many new phones offer a “pattern lock” – a personalised shape or pattern that is drawn on the screen to grant access, and this is often faster and less hassle than entering a password. Alternatively, a PIN code offers a numeric alternative to a standard password and can also save time. Obviously a password that is easy to guess is less secure – so avoid “1234”, “password” and other common phrases.
A screen lock is useful but won’t stop someone from removing your SIM card and using it on another phone. To prevent this from happening, set up a SIM card lock in the form of a PIN number that will need to be entered when a phone is turned on in order to connect to a network.
With both of these security measures in place, you can at least be safe in the knowledge that if your phone is stolen it will be of very little use to the average thief.
Protect sensitive data
While PIN entry and password locks were usually all you’d need to protect mobile phones a few years ago, these days you’re effectively carrying around a miniature computer with its own – often easily removable – storage. Simply preventing someone from being able to turn a phone on isn’t sufficient anymore, as it’s far too easy to retrieve data by simply plugging it into a computer or removing a microSD card.
Protecting sensitive data that may be saved to internal storage is therefore a must, and thankfully there are a number of solutions available. Most smartphone platforms offer software that can encrypt files or folders on a device with industry-standard protection, which means a code must be entered before a file can be viewed or copied. This also goes for information such as passwords, login details, account numbers and other information that may be saved for access to online banks or merchants. Ensuring that this sort of information isn’t easily accessible is obviously important, and it would be wise to install such protection and use it as common practice.
Much of this software is free to download and use and can work effectively with your phone to provide automated and seamless protection, so there’s very little hassle involved once it’s up and running.
In addition to this sort of software, some security vendors are recommending that sensitive data be stored remotely on secure online servers, rather than on the phone itself. This means that not only is there no physical data on a phone that could be accessed, but in the event of a handheld being lost or stolen it’s easy to change the login details for the server or remove the data altogether.
Watch your wireless
Most smartphones now have the option of connecting to wireless networks – be this a router in the office or home, or a wireless hotspot on the move. Opting for wireless is often beneficial for increased speeds or to save on data usage costs, so it’s easy to see why many prefer it when available. Any device that’s enabled to send data across the airwaves is a potential security concern, but thankfully modern phones are well prepared to help you mitigate this risk.
The first thing to remember is to always switch off a wireless connection when it’s not in use. Apart from helping you save on battery power, it ensures that malicious parties can’t connect to a device without your knowledge. It’s also worth taking a browse through a phone’s network security settings as it might be configured to automatically connect to a network when in range.
Wireless hotspots and unknown networks are by far the biggest risk when it comes to utilising this connectivity – assuming of course, that any more commonly accessed wireless router in the home or office is sufficiently protected by a pass code.
A (relatively) common threat that pervades unknown wireless networks and hotspots is called the “evil twin” attack. Here a malicious party might be offering access to a wireless connection that looks very much like a legitimate hotspot from a large company. If a user were to inadvertently connect to this “hotspot”, they may find requests for passwords, login details and other information that can then be recorded and used to access their accounts at a later stage. If a little care is taken it’s usually not too difficult to spot these attempts, and of course any requests for information that don’t seem entirely legitimate and typical should be ignored.
Finally, those who use phones to communicate in a corporate environment should consider the use of a VPN (Virtual Private Network) to set up a secured private network. This allows users to access specific sites and company resources on the move and significantly reduces the risk of potentially sensitive data being intercepted by malicious parties.
Unlike wireless networking, Bluetooth isn’t seen as a potentially risky venture for most mobile users, and the relatively short-range (around 10m) at which it is accessible does mean that it’s inherently safer. Attacks do still happen however, and it’s important to be aware of the pitfalls of leaving this technology switched on when not in use. Hackers have found ways to remotely access a phone (provided they are within range) and use it to make calls, access data, listen in on conversations and browse the internet.
To prevent this from happening, it’s a good idea to set default Bluetooth configuration to “non-discoverable” mode by default. This means that users around you who are searching for potential targets won’t see your device pop up on their list.
It goes without saying that any unknown requests that come through via a Bluetooth connection, such as a request to “pair” with a device or respond to a message from an unknown source should be ignored or declined. Bear in mind that the restrictive range of Bluetooth means that other users or devices must be within this radius in order to connect to your device, and as such busy places such as coffee shops, bars, trains and buses have traditionally been opportunist environments for the Bluetooth hacker.
Caution with applications
Recent press surrounding malware on the Android operating system has reinforced the need to be cautious when downloading applications, and to pay attention to the requirements this software demands upon install. It’s far too easy to simply breeze over these pages in an effort to get the app up and running, but users should exercise caution to ensure that realistic demands are being made on access to various features of a phone, particularly if the software isn’t well known. While the Android Market recently succumbed to a malware scare, it’s generally far safer to use these “official” channels to download applications, and any secured from alternative sources should be treated as a potential risk.
It’s also important to exercise caution with respected applications such as popular web browsers, as it’s often far too easy to simply accept qualification messages that pop up when you’re online. Agreeing to save user details and passwords when logging into websites for future access may be convenient, but makes it very easy for those accessing an unprotected phone to do the same. This is particularly important when it comes to online banks and merchants, as these sites often have bank account details saved automatically under your username and would make it easy for others to make unwanted purchases or transactions.
In addition, users should pay attention to any potential security warnings that may be displayed when viewing websites, particularly if accessing them through unknown wireless networks, and not just dismiss these without thought. Web pages that involve the entry of sensitive data such as a username, password or account details should always use encrypted protocols to protect this information. This can be confirmed by the presence of an “s” at the end of “http” at the start of a webpage URL (https://) or a visible padlock icon on the status bar of a browser to confirm that the connection is encrypted. It’s a good idea to get into the habit of looking for these when using any websites that have requested personal details.
Rooting your phone
One increasingly popular practice among Android users is “rooting” a phone. This essentially involves modifying the file system to allow users access to read-only files and parts of the operating system that the manufacturer or service provider don’t want you to change. Some of the advantages of rooting a phone include the ability to change or remove read-only applications that you don’t want to use, change the boot screen, back up the entire system, run specialised applications, and install custom user interfaces and alternative versions of the OS. Rooting is usually only done by “experts”, who should therefore be aware of the potential dangers, but if someone offers to root a phone for you while citing the benefits, it’s important to be aware of the security risks as well.
Since rooting allows a user access to system-level resources, it also opens these up for potential infection by malware. Part of the reason why this critical data is inaccessible is to protect it from such threats, and while you may benefit from more flexibility in the short term, writers of malicious code can also benefit from full access to your device if it becomes infected. Applications that have requested root access could, for example, record keystrokes entered on an on-screen keyboard, delete or copy data, make phone calls to premium numbers or install “pseudo” applications that look like the real thing, but have ulterior motives in mind.
This may sound like scaremongering, but it just goes to show the importance of being aware of the potential dangers involved with modern smartphones, particularly flexible, open-source platforms like Android.
Back up your data
Discovering that a phone has been lost or stolen is bad enough, but even when discounting the potential damage that could be done by sensitive data getting into the wrong hands, important documents, contacts, messages, appointments and other information could take a long time to replace. Ensuring that regular backups are made is therefore essential, and there are a number of ways to go about it. Most modern phones now allow users to “synchronise” information with a computer or website for productivity or backup purposes. This can include e-mails and contacts with Microsoft Outlook, photos uploaded to online storage or proprietary software supplied by the phone manufacturer to simply backup key data in the event of loss.
Some modern security suites designed for use on mobile devices also offer an automatic backup facility to take the hassle out of doing this manually. There are also a range of services that allow you to automatically backup specific data to an online resource, taking the hassle out of having to connect a phone to a computer. Provided you have a sufficiently healthy data plan, or are connected to a wireless network, this is an excellent way to safeguard against loss.
Security software can help you avoid many of the potential dangers associated with smartphones and modern suites are tailor-made to address issues that are unique to handhelds. As well as offering more standard malware, spam and firewall protection this software can help you control your phone from afar and if it has GPS capabilities, can show you the location of a device if it is lost or stolen.
Furthermore, it’s possible to lock a device remotely, requiring password access on the handset or a specific unlock request to enable it. If a phone has simply been misplaced in the home, an audible alert request can be sent to the device to signal its location, and it’s even possible to erase sensitive data remotely if you’re sure it has found its way into the wrong hands.
These are some of the more pervasive reasons to invest in a dedicated suite, since as well as protecting a mobile against the latest online threats; the user retains ultimate control of the operation of the device and the ability to render it all but useless in the hands of a thief.
Some of these security concerns are platform-specific, and may not be relevant to all smartphone users, but the ever-changing nature of threats to these devices is such that increasing awareness of the possible pitfalls is a growing concern. Since utilizing much of this advice often has additional benefits, such as saving battery power and automatically safeguarding and backing up key data, there’s very little reason not to adopt safe practices as standard when using a phone both at home and on the move. Hackers, malicious users, and thieves are usually opportunists, and would rather target those who have offered them an easy way to achieve their goals than spend time working around obstacles. Follow the advice offered above to make sure you and your phone aren’t easy targets and you’ll stay one step ahead of modern threats.