Security is different in the Mobile First era. We live in a time where it’s assumed everyone has a mobile phone and that it is “smart”, meaning internet-aware, email-connected, and remote control capable. We carry more computing power in our pockets than was used to put Neil Armstrong on the moon.
With smartphones, information technology has been consumerized and data lives everywhere. Personal and business applications and data coexist on the same device. And, because possession of these devices usually equals control of device content, our risk of losing confidentiality, privacy and security has never been greater than now, in the Mobile First era.
Being smart about our smartphones includes realizing that attacks can come from more directions, or vectors, than any other technology we possess. First, let’s look at some of the attack vectors, vector meaning approach used or vulnerability exploited to gain access. Just as an airplane vectors in for landing, multiple vectors to your smartphone are available to cybercriminals.
Smartphones Attack Vectors
Small and handheld
Thus, much more susceptible to loss or theft.
- A Harris Interactive poll found that 1 in 5 consumers had a smartphone lost or stolen in the past year.
Your smartphone is built to connect easily. Connectivity is the reason you have it.
- Your smartphone connects using WiFi and/or Bluetooth technology.
- Unless you have a specific reason for a specific period of time, Bluetooth should be off. Bluetooth is like the single guy at the bar, broadcasting continually “Hey, I’m available”. It advertises your phone as available for two-way connections.
- In our search to be always-on and avoid using our data plans, we look for WiFi networks. The problem is, many of these are unsecured with unknown service providers. Yet we connect and send secured information over them. Hackers make it a point to stake out public places such as airports and coffee shops, broadcast networks usually with names like “Free WiFi”, and hijack your connection.
We decide we still like our phone but not our carrier.
- So we “jailbreak” from our carrier to move to a new plan.
- The problem is we are also breaking the phone’s security model. In addition to removing the phone from security updates, phones from the same manufacturer have the same default user ID and password. These credentials are exposed on jailbroken phones. For example, all IPhones have the same user ID that provide hackers access to everything on the phone.
- Going back to the “Free Wifi” network above, hackers look for jailbroken phones by trying the universal user account on every device they find.
Smartphones contain confidential data that can be pirated:
- To cloud services using copy, paste and forwarding functions
- Using the phone’s camera, or another phone, to take screenshots
Not all apps are what they say they are or disclose what they do.
- Some simply pirate your personally identifiable information for a hacker’s own use.
- Others provide your PII and location history to third parties without your permission. Which may explain why the birds are angry.
Smart Tips for your Smartphone
Record Your Phone Information
Send yourself a screenshot of your IMEI or MEID and serial number, and save this somewhere other than on your phone. This information is usually found on the About screen in your phone’s settings.
Be Aware Of Your Surroundings
Many mobile device thefts are crimes of opportunity. Using your device in public, particularly public transit, or leaving it out makes it an easy target for a grab and run thief. If you’re on a train or bus, put your phone down or away when the doors are open.
Don’t Let Someone Borrow Your Phone
This is a variation of the above. If someone asks to borrow your phone to make a quick call, be prepared to chase them.
Treat Your Phone Like Money
Exercise the same care with your phone you would with a $100 bill. You probably would not leave $100 at your table, or ask a stranger to watch it, while you retrieve your coffee order. The personal and financial data and account credentials on your phone are worth more than $100.
Report Mobile Device Thefts Immediately
To your carrier, local law enforcement, and the help desk (if your phone has access to firm technology).
Make sure your phone has a PIN and screen lock timer set.
We enforce these settings on phones accessing firm technology. These safeguards should be in place on all your mobile devices.
Use Security Apps
Apps like Find My Phone, Absolute LoJack and Lookout can help you locate, lock, and erase lost or stolen phones. Some apps guarantee recovery, allow you to set an alarm on the phone, or take a picture of the thief. Antivirus apps are also available and recommended for most phone models.
Regularly back up photos and personal data.
Back up photos, videos, contacts and other data you’d like to retain if your device is lost to USB drives or cloud storage like IPhone. Your smartphone probably has this service already installed. Most can be configured for automatic backups.
If you have a security app or a firm-managed phone and regular backups, erase it when you lose possession of it. If your phone is firm-managed, contact the help desk. An engineer will be assigned to remove your firm information and credentials. The longer your phone remains unrecovered, the greater your risk of financial and personal information loss. Remember, device possession almost always means control of the phone’s contents.