How Secure Is Your Smartphone from Hackers?
Most have heard about the Central Intelligence Agency (CIA) hacking initiative and that the CIA has a mobile device hacking group who worked on breaching Apple’s iOS devices and Google’s Android phones. The CIA developed an arsenal of tools to infect and extract data from phones. The hacked data included location data, audio recordings, and text messages. They could also access a phone’s camera and microphone and had developed a few “zero day” exploits developed
What is a “Zero Day” Exploit?
A zero-day exploit is a term for coding flaws, unknown to the manufacturer or organization, used by hackers to access and control hardware, apps, or an IT system.
Mobile devices give internet users the ability to stay connected, work, shop, and socialize on the go. But endless connectivity also opens up unprotected devices and risky behaviors to intrusion by hackers and other cyber security threats. Many smartphone owners use a screen lock or other security features, but they don’t necessarily stay current with device updates. Still others are willing to leave a device unattended at a public charging station where anyone could grab it.
It is considered a best practice to keep a mobile devices safe and secure especially if you have any banking apps or use the device to make payments. Some of the best smartphone safety safeguards are free and easy to use.
Use Security Features to Lock Your Phone
Most smartphones come with security features that control who can unlock and use a device. The most basic feature is the use of a passcode. This can be a numeric code or a finger swipe pattern. Newer phones have biometric security controls that only unlock the phone for its registered user. Many smartphone apps can access the device’s fingerprints or biometric authentication and use that to secure the app as well.
The percentage of users using mobile devices, rather than desktop devices, to access the internet and shop online increases every year. Although it’s a minority, still 28% of smartphone owners do not use a screen lock or other device security features to control access to their phones. This includes biometric scans like facial recognition, fingerprints, or iris scans. Smartphones may have banking apps on them as well as stored payment information so controlling access with some sort of authentication is increasingly important.
With phone security locks, individuals are protected from intrusive federal searches. Previously, US courts had granted law enforcement authorities the power to force people to unlock devices using their own biometric scans, but not with passcodes. That changed earlier this year with a ruling from the US District Court for the Northern District of California. The new precedent is that government officials cannot compel anyone to incriminate themselves by using any of the security features on a phone including passcodes, facial recognition scans, fingerprint logins, or iris scans to unlock mobile devices.
Avoid Public WiFi Networks
Public WiFi connections such as those found at hotels, campus, coffee shops, retail shops, restaurants, and airports put private user data and banking information at risk. The majority of internet users (54%) of internet users use public WiFi networks while away from their home of office networks. This statistic is even more concerning when you consider that 21% are shopping online and 20% are handling their online banking!
Other seemingly innocent activities are not safe either. Logging into social media accounts and reading email using public WiFi is also an unsafe practice. Travelers are in a hurry to update loved ones or touch base with work as soon as they arrive at their airport or destination. Workers are under pressure to reconnect to thier office within minutes of landing and may do so using the first convenient WiFi network.
Logging into social media gives anyone using the same WiFi connection in an airport or cafe the ability the capture your username and password to whatever you log into. If you stop to post on Instagram, a hacker can sniff your email address and password. Check your email and the hacker has those credentials too. This is a very good start to launch a social engineering attack that leads to your bank or credit card account.
Do not use public WiFi for anything but web browsing, and only when you are not logged into the web browser. Google Chrome easily tracks users across all their apps by maintaining a single login. If you must connect to public WiFi for anything sensitive, then do so with a virtual private network (VPN).
Use a Virtual Private Network (VPN)
A VPN protects connected device’s data with encryption technology and offer privacy. VPNs allow users to securely access apps and web sites even when they are not on a secure network like free public WiFi connections.
A VPN protects your privacy online by using an encrypted network on its own private servers over any internet connection. A smartphone owner can download free and premium VPN apps to protect their personal and financial data online.
How Does a VPN Work?
When you connect to a VPN all data you send and receive is encrypted by the VPN app. A VPN can be used to alter your geographical location as it appears over the internet making them a tool for hackers. However, changing your location can also help you access web content – for example, religion – that is restricted in countries.
Keep Your Phone Updated
Some users forgo updating their phones altogether with 15% of smartphone owners reporting that they never update their phone’s operating system. While 10% never update their apps. Regularly updating your phone’s apps and operating system is one of the easiest steps you can take to secure your smartphone. It can also be one of the most maddening when your service provider pushes an update with new, unwanted features. The majority of smartphone do update their however, 40% only update their phone when it is convenient for them.
I’m guilty of this one but I have good reasons. I won’t take an update if I’m not on my home WiFi connection. I’ll also push off an update until nighttime. Unfortunately I routinely put it off for days trying to postpone some supposedly needed update that ends up making my phone harder to use. Whenever you take an update, be sure to revisit your privacy settings to ensure they have not been altered in anyway. Many times, I’ve had to turn down the data usage, and shut off location sharing after an update helped itself to my settings. If you take an update and notice a jump in battery consumption, then then data sharing is likely to blame.
Turn Off Location Tracking
Location tracking is used by hardware and app developers to track the physical location of a mobile device. Much of this tracking is conducted under the guise of improving user experience and making better devices. However, as we have seen with the string of Facebook scandals, location tracking is part of a broad tracking campaign to compile data on everything a person does with their smartphone. App developers and hardware manufactures track everything across devices from where you live, how long you spend at work, and of high interest is how much you spend on online shopping. This data is sold, in aggregate, for use by brands to market to internet users. However, the depth of tracking is not apparent to those being tracking mercilessly via their own phones.
Google tracks users across all of it properties including Google Chrome, YouTube, Google Maps, Gmail, and Photos. Maps compiles all your whereabouts in a creepy feature known as your Timeline. Facebook tracks its users across Facebook, Instagram, Messenger, and WhatsApp. Tech giants have compiled massive databases on user lifestyles, behavior, and personal information.
One of the best ways to stop tracking is to turn off location tracking. Shutting off location is trickier than it sounds. First the location tracking must be turned off at the device level. Then each app that uses location data must also be denied permission to access your device location. There are tradeoffs to disabling location tracking. For example, Google amps won’t be able to deliver driving directions as well. Be sure to disable location tracking on all apps, even if you don’t think the app is tracking you. Check to see what permission it has on your device.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers