Smartphones are much more than simple tools to make calls and take pictures. They have become our personal assistants. Storing everything about us. On the one hand, using a smartphone for our day to day living makes life much more convenient. On the other hand, storing all that info about our life on one device that we take with us on the go, opens us up to data theft. It’s nothing to be afraid of, its important for our society to be open. But its also good to be cautious. When a unwanted stranger gets ahold of your smartphone, or is able to siphon out your credit card information to make purchases in your name, it effects the trusted systems we have come to rely on. You can do something about that, you can protect yourself, and in the process, make our technology safer to rely on. Personal details about you, like your name, address, and phone number are like children, they become attached to your identity for a long, long time. If a shady character gains access to your mobile account or smartphone, they can gain access to other areas of your life as well.
When your bank asks you for your mobile phone number, to text you a code to view your dollars online, what happens if that message gets diverted? If some pilferer has a reason to do you in, your mobile account information can be a gateway for a smash and grab. One way this theft is perpetrated on you is through what’s called a “Sim Card Swap”. (No, this is not related to your Sim Game Character) If this looser gains access to your smartphone, details about you become a weapon. Then it becomes possible to attack your mobile carrier, and get them to transfer your mobile account to a new owner, a smartphone account thief.
During a assessment of a smartphone security breach, I spoke to a identity theft victim. The victim wanted to know if it was possible to gain access to a email account that was taken over by an identity thief. One night, over a period of a few hours, the victim had lost access to a smartphone. Later on, it turned up, but something strange started happening. Someone was attempting to impersonate the victim by posting messages to the victim’s Facebook account. The messages were self-damaging to the victims character. It turned out that the likely culprit was another party in a court case the victim was connected to. It’s a good chance the other party wanted to convince the court to question the victims character by making discrediting remarks through the vicims online presence.
After AT&T lost a $24 million lawsuit, many in the online services industry started questioning the use of text messaging for account access.
Two new technologies were release early this year to combat theses kinds of attacks, under the umbrella of what’s called 2-factor authentication: A Smartphone app called an “Authenticator App”, and a USB/Bluetooth flash-drive called a Security Key. The Smartphone app works by installing a authenticator app on your smart-phone. A few developers have release authenticator apps that you can find in your app store: Google Authenticator App, Microsoft’s Authenticator and FreeOTP. The USB/Bluetooth Security Key works by plugging in a flash-drive looking device into the USB port of your desktop, or laptop. Other security keys on the market work by pairing your smartphone to a bluetooth device, and using it to log-in to your accounts by pressing a button. These devices work in conjunction with your password, so if a thief gains access to it, they will need your password as well. These tools work well if a attacker gains access to you smartphone or mobile account. Those text message codes wont help the thief if the security key is not present for the secondary authentication.
In my mind both of these technologies are twins in terms of how they protect your identity, so you do not get locked out of your account, if your forget one of the two. Not all Security Key packages offer the same choices, so it’s a good idea to look at the options each package provides, to be sure the key you purchase is going to work with your particular setup. If you need help deciding, I can help you evaluate your options with a free 20 minute consultation.
Securing your smartphone is a insurance policy. You might never get attacked, but if you do, having a security key or an authenticator app in addition to you single password sign-on is a smart idea. Because of your password gets changed by an attacker you wont have much recourse to recover your account and you might have to spent a lot of time changing your passwords and setting up a new mobile account. As we put more and more of our life on-line, protecting your identity is going to increasingly become an issue.
How to protect your Smartphone from being attacked:
1. Don’t break-up with your smartphone
Don’t walk away from your Smartphone and leave it unattended. If you plan on upgrading to a new smartphone, or you just want to leave the smartphone high-life behind, check out my other tips on recycling your smartphone. If you do plan on continuing the high-life however, configure your smartphone to lock automatically after five minutes, or less. Don’t lend your smartphone to friends, family, or your cat. I know you trust your cat, but lending your smartphone out for even a few minutes, or hours adds to that “I lost something” feeling. No person is as careful with your stuff, as you are. If you need to demo a photo, video, or otherwise, make your smartphone a physical extension of your arm. I’m totally not kidding here, well mostly.
2. Mix those passwords up
Create a unique password, or PIN for your smartphone, don’t be a copycat. And make sure it’s one that you do not use anywhere else. Or better yet if you have a lot of password dementia going on in your life, consider hiring a manager, well I really mean getting a application called a Password Manager. Password Manager’s help minimize password dementia. These apps can generate complex passwords that you do not have to remember. I know, I know it sounds complicated. But think of a password manager as a typing assistant. It can type those pesky passwords of you. Many can type and remember passwords for you on your PC, Desktop, or mobile device. Contact me if you need help choosing, or setting up one of these baby’s.
3. Maintain your up-to-date-ness
Your mobile device is like your car. It only runs well when you keep it fine-tuned. Mobile OS’s and applications are updated on a regular basis. Ensure that you follow though with those updates.
4. Public hotspots are public
Be smart about how you use a unprotected network like a hotspot. It’s great for checking news, maybe not so great for logging into your bank. Unless you have a secondary way to authenticate using a authenticator app, or Security Key.
5. Stick to the tried and true
Don’t Jailbreak you smartphone, or let a friend convince that you need some rogue app that is not part of your app store.
- Do not modify the smartphone’s security settings: Check what permissions are required before installing any apps, and be careful that access to sensitive information is not being granted if it’s not necessary for the app in question.
- Apply encryption to the internal memory card and – if possible – to any sensitive data held; If you back-up your device to another location, make sure that backup is encrypted.
- Ensure ‘Bluetooth’ is switched off if not required.
- Think before clicking on web links, or attachments in emails, or text messages – if you are not sure who the message is coming from, or the message is coming from someone you know that would never send you that kind of information, or that person would never make this kind of contact with you, ignore the message and delete it.
- Secure Erase that Old Device: Ensure that the smartphone is securely recycled, donated or disposed of – e.g. erase all data first, reset it to the factory settings; remove the SIM card.
- Report a lost or stolen phone ASAP: If the smartphone is lost or stolen, report it as soon as possible to your mobile provider.
- Set a PIN on your SIM card: Most smartphones have the ability to set a PIN code on the SIM card itself. If your SIM card, or smartphone gets compromised, the attacker will be required to enter a PIN code to unlock the capabilities of the SIM card, unless the smartphone is powered on and unlocked at the time it has been compromised. (Shutting down or restarting your smartphone will require you to enter in this PIN in addition to whatever password you have setup on the smartphone itself.
In my experience, the best security (Smartphone or otherwise) is awareness. Being aware of what you know (and don’t know) about your technology is one step for man, and one giant leap for mankind. Have some peace of mind about where you stand with security. If you don’t know how to proceed on any of these areas, contact me and I can help you formulate a master plan. My goal is to is to be that troubleshooter for you, so you don’t have to figure things thing’s out yourself..