Secret Security Threat: Mobile Devices

SHARE

Overview

According to MobiThinking.com, there will be over 6.9 billion cell phone subscribers in the world by the end of 2013. And according to CNET over 84 million iPads have been sold by Apple representing 68% of the tablet market. Another 350 million iPods have been sold as well.

Virtually each phone, tablet or music device can represent some level of security threat to the user or business which allows them access to workplace computers, Internet and networks.

Less than a dozen years ago internal technology officers (CTOs) wanted company phones locked down, camera phones and iPods banned from the office. Now they are being compelled to address a bring-your-own-device trend, whether it’s a smartphone, music player or a tablet.

Meanwhile consumers and businesses alike are adopting a very casual attitude to downloading mobile apps – powerful computer programs that could potentially contain malicious code – from unknown authors, something few people would do on their PC.

However, 96% of smartphones and tablets do not have third-party security software installed, according to Canalys and Juniper Research. Further, if we’re talking music devices there may not be any security software commonly available.

The threat doesn’t seem to be hyperbole as BullGuard, an Internet and mobile device security provider, discovered 2,500 different types of mobile malware in 2011.

Let’s take a more detailed look at specific device/feature security threats.

Phones

Today our Android and iPhones have more computing power than was used on the Apollo 11 launch and moon landing.  These tiny devices contain massive amounts of personal information along with many applications that assist us in different ways.

Always keep in mind that your mobile phone is not just a phone but is a powerful small computer containing a wealth of personal information about you your current location, your contacts and your calendar.  We should be aware that it is easy for criminals to hack this information or infect the phone to get access to desired data.

Both the threat to devices and the threat to networks requires education. While many consumers read and digest information, many just ignore the threats. For example, how many people are aware of the need to PIN protect their mobile, lock their SIM and turn off Bluetooth (especially in discoverable mode)? How many actually know how to do this for their particular mobile phone? Basic mobile security like this requires a level of technological know-how that most mobile users don’t possess.

Passwords

With the above in mind be sure that you set a password for your voicemail. Do not use the default voicemail and password.  Make hacking your voicemail more difficult by customizing your voicemail greeting and creating a new password.   The default passcode for the iPhone is just four digits, which is easily hacked in about 20 minutes. Set your phone to require a longer passcode with alphanumeric characters. You can also set your iPhone to automatically erase all contents after ten failed passcode attempts.  Turning off the “Simple Passcode” feature will allow for a longer password.  Directions on how to do this are at the following address: support.apple.com/kb/HT4113.  Android phones will allow you to create a swipe password feature which is more secure.  Never store sensitive personal details, such as your ATM PIN number or account passwords, on your mobile phone.

Cell Phone Wallet

Cell phones are now becoming our wallets.  Just by swiping your cell, you can purchase goods and services.  This sounds great but be aware that Google wallet has already been hacked.  There are easy step-by-step instructions on the internet on how to hack a wireless phone.  Of course it’s a federal offense but it is very easy for criminals to infect a phone just by sending an email attachment or SMS message. The telephone function itself can also be hacked which can re-route phone calls.  So if you think you are calling your bank, you may actually be talking to someone in Eastern Europe. Organized crime groups are aware of all the major banks phone numbers.

Most of us do not realize how much privacy we are giving up just by using a wireless phone.  Your phone is tracking you 24/7 so your travel pattern can be developed over time.

Cell Phone Calendars

For those of us that use the calendar function on our phones, your phone knows where and when you are going.  Don’t become paranoid but be aware of what the possible exposures are.

Blue Tooth

If you use Bluetooth technology, you may want to reconsider or be selective in it use since it is a weak technology and is subject to being hacked especially in large crowds.

You can reduce your overall risk just by turning off access to the technologies on your phone that you do not need. In particular, consider disabling Bluetooth, GPS and/or Wi-Fi. This is particularly important when using your phone in crowded areas, such as airports.

Find My iPhone

If you have an iPhone, you can enable a feature called “Find My iPhone” this is an app that can locate on a map a lost iPhone.  If you are unable to find your phone, it also allows you to remotely wipe all data from the phone to prevent it from falling into the hands of thieves. You can restore your data to a new phone from iCloud or iTunes. You can find out how to enable this feature at the following web address: www.apple.com/iphone/built-in-apps/find-my-iphone.html.

“Jail Breaking” iPhones

This is a new term that has surfaced in the past few years, which enables an iPhone to run applications not available through the official Apple App Store.  This sounds pretty cool but it exposes your phone to greater security risks and infections by computer malware. Probably most adults are not “jailbreaking” their phones but this seems to be fairly popular among the youth.

QR Codes

These are codes that you probably have seen on signs, posters and in magazines that can be scanned by our mobile devices to provide us with information about a product, service or other information.  They look like a square full of dots, dashes and boxes. Please use caution with QR codes. Be suspicious of any that offer no context or description. Malicious codes often appear with little or no text, which can infect your phone with a virus. Never provide personal information on any web site that you arrive on via a QR code.

Microphones

This section may be more relevant to those in business but none-the-less it is good to be smarter about the mobile devices we have.  Similar to the web cams on our computers all modern mobile phones have microphones that can be remotely activated without your knowledge and many have video capabilities that are similarly vulnerable. Consider it a bugging device whenever you are engaged in any sensitive conversation or take part in a sensitive meeting you can prevent having your discussion recorded by turning off the phone and removing the battery, if possible. If your phone’s battery is not removable, leave the phone in another room.  Ensure that all participants in a given meeting take similar action.

GPS

Keep it on only when you need it.  Follow the advice: “If you know where you are, they know where you are as well.”

Disposing of an old phone

When disposing of an old phone, whether recycling, selling or donating it, do a factory-reset to clear all your data. You will find directions on how to do this for the iPhone at the following web address: support.apple.com/kb/HT1414 and instructions for an Android phone at the following site:  support.google.com/ics/nexus/bin/answer.py?hl=en&answer=1663708

Apps

Every app has its own specific privacy and permission requirements and settings. Verify that you are not providing any information to an app that is not needed to run the app.  You should notice when a Flashlight app need access to personal information.  Experts have concluded that flashlight apps contain more malware than any other app.  Since I’ve learned about Flashlight apps they have now been removed from my iTouch.   This was an application that I never used anyway.

Organized crime was the first to create some of the banking apps.  People were entering their banking information but then the banking function did not work.  You know the rest of the story.

You can investigate the privacy, source and security for apps you are considering to load on your mobile device by going to whatapp.org. This is a free service run by Stanford University.

Be aware that the apps available through online marketplaces are not necessarily vetted for security or quality. In some cases, no review at all is conducted on offered apps. Only allow automatic updates on trusted apps. The Android app store (Marketplace) has been particularly affected by security problems with its apps.

Be very wary of free versions of popular paid apps offered by unknown companies; they are often bait trying to get you to download spyware, and the chances that they contain malware are high.

What to do?

Many IT experts as also security experts that are trained and certified across all kinds of hardware, software and networks. Today’s multi-device environment invites serious security breaches. Only a computer expert with the right security credentials can help you get your arms around the problem.

If you’d like more help, please contact eMazzanti Technologies, www.emazzanti.net or call 201-360-4400.

 

 

 

UPCOMING VIRTUAL EVENTS

Demystifying Cyber Security for SMBs

sb-cyber-security-master-class

The continually changing threat landscape requires us to update best practices and add new concepts to keep your organization safe.

SESSION 4: Cyber Security Strategy
Watch On-Demand

SESSION 5: Cyber Insurance & MFA
Watch On-Demand

SESSION 6: Threat Detection | OCT. 16

Microsoft Copilot
Master Class Workshop

sb-microsoft-copilot-master-class

eMazzanti will host 60-minute Master Classes, that speak to how AI can help your business streamline and grow.

In each session, you will have Artificial Intelligence and Automation explained, view a live demo of Copilot, and see it live in action in a dynamic format.

RESOURCES

Cyber Security Awareness Hub

sb-Cyber-Security-Awareness-Hub

Cyber Security Awareness Kit, designed to be delivered to your team in bitesize chunks.

We are sharing the resources and highlighting services your organization needs, covering everything from multifactor authentication to software updates, showing your users just how easy it is to improve their security posture.

Resource Library

sb-resource-library

Insights to help you do what you do better, faster and more profitably.

> Tips to Stay Protected Against Phishing Attacks

> Understanding Ransomware 

> The 6 Known Wi-Fi Threat Categories Targeting Your Business and How to Defend Against Them

> Practical Advice for Avoiding Phishing Emails

Recent Articles

NEWSLETTER

Categories