Monday, 19 September 2011

Mobile Security Week

This week is Carphone Warehouse's Mobile Security Week. I worked with the guys there to create some advice on security for users which you can find on their site. An extended version is on this page. As part of their research, Carphone Warehouse conducted a survey of over 2000 people which highlighted a lack of awareness amongst users about the importance of protecting personal data. It is interesting that only about 54% of those surveyed think that data on their phone is secure. That is lower than I expected and shows that people are at least concerned about mobile phone security, but maybe aren't sure what to do. The National Mobile Phone Crime Unit (NMPCU) have done some great work in the past few years behind the scenes to help prevent mobile phone theft and one of those is to create a database of property which you the user can use by registering at the link in the first tip. If your phone turns up, the Police can then easily identify it as yours. A lot of my readers are tech people, but most mobile users aren't and they don't necessarily want to be. Probably one of the most important messages I'd like to get across is for people to use their handset PIN lock - if you don't want people getting access to your personal data, this is a simple way of preventing that.

It's great to be able to get the message out this week to people to think about mobile security, so have a look at the tips and see if you and your family are safe and secure?

David's Mobile Security Tips


As phones become more and more sophisticated, mobile security becomes increasingly important for users. Here are some tips on how to keep you safe and secure when using a mobile phone.

Record your phone’s identity number in case it is stolen
The International Mobile Equipment Identity (IMEI) is what identifies your phone to the network and is located on the back of your phone underneath the battery. Another way to get your IMEI number is to type *#06# into your phone keypad to display it. When you get your new phone, it should be also on the side of the box. Keep the box label in a drawer just in case you need it. If your phone is lost, report the IMEI number to your service provider and they can block your phone so it can’t be used to make calls. If it is stolen, you should also give the IMEI number to the Police.

You can also register your phone’s details and IMEI number on the UK National Property Register at: http://www.immobilise.com/. This helps the Police to return lost or stolen property to its correct owner.

Secure access to your device and voicemail
PINs and passwords can be a pain as they put a barrier in the way of things you do repeatedly. These days it can be difficult to remember all your different PINs and passwords or be very tempting to use the same password for everything. Firstly, voicemail. The recent phone hacking scandal in the UK showed how important it is to have a PIN on your voicemail to prevent people listening into your private messages. Ring your operator and make sure you have one setup, or alternatively have the service switched off entirely. Don’t choose obvious PINs e.g. 1111, 1234, dates of birth etc.

Make use of the handset locks to protect your data and messages. With touch-screen phones, these are often gesture based, meaning that a convenient swipe is all that is needed to unlock your phone, whilst still keeping your phone safe.

Learn how to manage your passwords without having to remember lots of complex details. You can do this by using password safes which can store lots and lots of different passwords and generate random ones for you. Make sure these are also backed up in a safe place.

Learn how to remotely lock and wipe your phone if you lose it
Losing your phone or having it stolen does happen and when it does, what do you do to prevent someone getting access to your work or personal data? This is where lock and wipe services come in. Many handsets are now capable of running applications which you can stop someone getting access to your data and if you’re sure you can’t recover it, to delete your data. It is a service that can give you invaluable peace of mind if the worst happens. Some services can even help you locate your lost phone by using the GPS function of the device to work out where it is.

Be very wary of WiFi hotspots
However tempting it may be to connect to free WiFi when you’re out and about, take a moment to consider who is providing that service and why. If they’re charging, who are you giving your credit card details to?

By connecting to an untrusted network, you could potentially allow an attacker to get into your accounts for social networking sites, your email and banking details. In general if you are connected to a public WiFi network, don’t do anything sensitive such as internet banking or making purchases.

Know what you are giving applications permission to do
Always think about what an application is supposed to be doing, where it came from and who made it. Simple internet searches can often verify the validity of an application if you suspect all is not well. Inspect the permissions that an application requests. Does this application really need access to your phonebook? Does it really need to send SMSs? If not, just don’t install it. It should be said that some phone permissions aren’t very well done and can be difficult to understand, so even a legitimate application can give a misleading impression of what it actually does. There are some tools available to help you manage your permissions, for example only giving one application the permission to get to your location.

A common practice amongst hackers is to create a fake copy of a genuine application. This might be free, to entice people to download it. Sadly, the free version is a “Trojan horse” and will do nasty things. Mobile malware is still at a very low level in comparison with the PC world, but is definitely on the rise in 2011 and you should be extremely careful with applications you download. Many hackers see mobiles as an increasingly juicy target because your whole life is stored on there. You are putting yourself at increased risk if you ‘jailbreak’ your device or if you install untrusted applications. Anti-virus applications are now available for those people who want an added level of protection.

Be careful when clicking on web links and scanning 2D barcodes
Don’t be lured into clicking on an unknown link to a web page. A phone’s screen is much smaller and it is often more difficult to see a full link to a website and verify that it is what it says it is. Not only this, but links are often shortened so you can’t actually read the proper website it goes to. If you get messages or posts on facebook and twitter with links, stop and think. Do you know the sender? If you do, is this something that they would send you? If you do click, it is often too late once you realise that there is a problem. Don’t react to or reply to spam messages you may get over SMS or Bluetooth.

New technology allows barcode scanner applications to read 2D or Quick Response (QR) codes (kind of like square barcodes). These are often put in newspapers and on advertising boards. Be very careful – do you know and trust the source. Could the poster have been tampered with or be fake? The problem here is that you often can’t verify that the link is genuine or not, because you can’t decipher the barcodes with your own eyes. It could be linking to some very nasty stuff.

Always backup your data
This is something that is always on the to-do list but never quite gets done. Take a little time to think about what would happen if you lost your phone and phone numbers and how it would affect you. Then think about what you can do to mitigate that. There are lots of services and tools out there to help you do this on a regular basis without thinking about it. Choose one you trust, or if you decide to backup your data yourself, make sure you do it regularly and store it in more than one place just in case your backup fails.

Be careful when charging your phone on someone else’s computer or at a charge point
Be extra careful if you desperately need to charge your phone while out and about. A lot of phones combine a data connection with the charger so you could end up having your data stolen without realising it. Who is providing the service? Do you have to handover your phone to have it charged? Do you really need to connect to your friend’s laptop? At a recent hacking conference, a fake battery charging booth was setup offering free phone charge but then stole the data of the phones connected.

Protect your children whilst surfing
Kids often know more than their parents when it comes to new technology. Whilst a phone can give you peace of mind that your child is safe when out and about, it also has access to lots of functionality and content that you might not want to allow your child access to at home. There are some applications available that can be installed on mobiles to help you manage what your child can access or download. You can get a shop to set these up for you and set a password so that your settings can only be changed by you. Some great information on protecting your children online in The Carphone Warehouse’s Guide to Mobile Web Safety at: http://www.carphonewarehouse.com/mobilewebsafety  and also CEOP’s website: http://www.thinkuknow.co.uk/

Be aware of your surroundings when using your phone
Phones are an attractive target to thieves and whilst they’re with us all the time, they can be snatched or stolen easily. Think about your surroundings when you’re about to use your phone. Do you really want to turn your phone on, just as you walk out of the tube, or can you do it further down the street? If you’re sat in a cafĂ© or bar, don’t leave your phone on the table. It is a prime target for snatching or a distraction theft. Of course, make sure that any handbags or rucksacks are secured too; trapping a chair leg around a handle is a good way to prevent a bag being stolen.

When you’re walking along and browsing such that you haven’t noticed if someone is near you? You are particularly vulnerable if you’re tied up doing something else. Rather than walking home at night on the phone to a loved one, put the phone away so that you’re aware of everything going on around you.

2 comments:

  1. Thanks for providing such a nice information.

    Mobile security is really a big concern and should be taken seriously.

    ReplyDelete
  2. Now a days people not using mobile phone only for calling. They use it like a computer. They saved much data in mobile phone. So mobile phone security is very important and it will really helpful for new generation.

    ReplyDelete