Smartphone Security: Protecting Your Pocket
The first mobile phone call was made on April 3, 1973 from a device that offered a mere 30 minutes of talk time for each 10-hour battery charge. Though this was completely groundbreaking for the time, mobile phones have come a long way since then.
Now, we can do far more than just make phone calls — we can contact each other via text, email, social media, and even video chat with one another; access our bank accounts; shop for and sell virtually anything; control our TVs, tablets, and other devices; and much, much more, all on a device no bigger than a postcard. While this technology would’ve been unthinkable at the time of that first phone call, today, people of almost every age know how to use a smartphone.
Though a large amount of the population uses these devices, common knowledge of keeping them protected is not so common, as is made evident in the Pew Research Center chart (left), where more people fail to use any sort of screen lock than the number of those who use the simple PIN code lock. Before we even access our favorite apps on our phone, many of us are failing when it comes to cybersecurity. To make matters worse, not only is there a dishearteningly low level of user understanding of the cybersecurity needs for these devices, on the other end of the spectrum, cyber criminals and hackers are among the most skilled when it comes to the latest technology, as well as the vulnerabilities found in within them. Along with this knowledge imbalance, there are additional reasons why smart, yet vicious techies target our little pocket computers.
Why Cyber Criminals Target Smartphones
1.) Information stored on smartphones is plentiful and valuable. Unlike their more primitive ancestors (brick and flip phones), the information stored on smartphones is far more valuable and sensitive than the simple blurry photos or text and call history that could be found on these older models. Because of all of the advancements that make them so useful, we can do almost anything on or from our smartphones; however, these advancements are the very reason why cyber criminals target our smartphones. Though no one in their right mind would dream of writing down their bank account information or Social Security numbers, many of us store this highly sensitive information right on our phones.
How to protect against: Utilize the passcode lock feature on your phone; this is the first line of defense in protecting against someone accessing your data physically from your phone. In addition to this, avoiding storing sensitive data on your phone can help save you from stressing about your security.
2.) Autofill gives hackers access to anything not already stored in the phone. Those of us who are fortunate enough not to make the mistakes brought up in the last bullet point could still be making this huge, yet incredibly common mistake: autofill. Though you may not have a note on your phone listing your passwords to various accounts, having the password forms fill themselves out automatically is equally as bad, if not worse. Because we always have our phones on us, and they have the ability to make simple tasks easy, we have filled them with even more information, making them extremely valuable to any malicious actors.
How to protect against: This one is simple: Don’t. Use. Autofill. At least not on something as vulnerable as your phone.
3.) Location Services tracks you & gives hackers real time knowledge of where you are physically. Where you live and work
How to protect against: Limit your use of location tracking services only to those applications for which it is entirely necessary. If an app is asking for permissions such as this, which you believe are unnecessary to the use of the app, it is likely that it is illegitimate and malicious. Avoid those apps that require extensive permissions. When not needed, turn off your phone’s location services, bluetooth, and WiFi in order to avoid unwanted tracking. If you are very worried about this, leave your phone at home.
4.) Bluetooth & WiFi connections are insecure. Criminals have been quick to capitalize on a smartphones many points of entry and exit, such as Wi-Fi, 4G and Bluetooth. For several years now, Bluetooth has been a regular feature on smartphones and other mobile devices, and WiFi is provided in virtually every single public and private location; however, these features, like the Location Services features, are seen as potential entry points for cyber criminals due to their insecure connections.
How to protect against: Turn off Bluetooth and WiFi features when not in use; do not use unsecured WiFi connections when in public, as these are a battleground for hackers to gain access and take control of your phone.
5.) Companies are left vulnerable by BYOD and lax work cybersecurity. B.Y.O.D., or Bring Your Own Device, is a policy that some companies use in order to cut down on the costs of having to purchase technological equipment for employees; however, because of the lack of security used by most people, this can actually turn out to be even more costly in the long run due to a security breach or cyber attack.
How to protect against: Do not allow employees to bring personal devices to work or to access personal accounts while on company devices. Also, do not allow professional work to be done on personal phones/devices.
Most of us have these pocket-sized computers in our possession at all times, and just as we would take precautions to protect our computers and laptops, we need to take action against the vulnerabilities presented by our smartphones. To stay up-to-date on current threats to your smartphone or any other devices being targeted, follow Axiom Cyber Solutions on social media and keep up with our blog to stay educated on what threats are out there and how to protect against them.
Hailey R. Carlson | Axiom Cyber Solutions | March 27, 2017