Mobile phones are a sought after items for criminals, because of their small size and ability to be sold easily. However phones are vulnerable in both the offline and online world. When properly setup you can reduce the chance of an online or real world criminal gaining information from your mobile devices.
The first step in securing your device is a passcode or password to unlock the device. Passcodes tend to be a 4 digit PIN which are easy to remember and quick to enter each time you use your phone. Passwords are longer and more complex so are a more secure option, although they are less convenient as you have to type the password in every time you use your phone.
Other security options include face recognition or finger print readers. These are better than no protection but are not as effective as passwords or passcodes. This is because some devices can be tricked by using a photo of your face or printed version of your fingerprint.
If you have email on your phone, a thief may reset the passwords on all of your online accounts. If you use online banking, a thief with access to your email and text messages may change your banking details.
Choosing a strong passcode is important and can greatly help protect everything stored on your phone including data, photos and emails. Many people tend to use a passcode that is easy to remember such as birthdays, postcodes or patterns on the screen. These are all bad choices as they are easy to guess. Most devices will lock for 30 seconds after 5 incorrect guesses. The time you are locked out for often increases for every 5 incorrect guesses. iPhones that have had too many incorrect guesses will lock and need to be plugged into iTunes on a computer that it has previously been synced with, something a thief is unlikely to have access to.
People commonly steal a phone just to resell it, rather than to steal your information. A useful tool to prevent this is ‘Find my iPhone’ a feature offered on Apple devices. This allows you to remotely track and wipe your device if it has been stolen. Find my iPhone is also useful if you have lost your phone. It will send a message to the device with a phone number to call if someone finds it. Even if you have just misplaced your phone in your house or car, Find my iPhone is handy; it makes your phone play a sound even if it is set on silent so you can follow the noise to your handset. Find my iPhone can work as a kill switch, rendering the phone useless until the original owner signs back in with their Apple ID. Find my iPhone can be tracked via the iCloud website https://www.icloud.com
If you are running a Google Device with Android 5.1 you can setup a ‘kill switch’ by using “Device Protection”. This is setup automatically when you sign into your device with your Google account and setup a passcode. Your Android device can be tracked by logging into the google website https://www.google.com and typing in ‘find my phone’
Security apps such as ESET Mobile Security also offer an ‘Anti-Theft’ option to protect older Google Devices that might not support Android 5.1. The anti-theft is activated when someone has entered the incorrect passcode, which locks the device until the correct unlock code is provided. Once setup, your device can be tracked via the ESET website https://my.eset.com
Because mobile phones can be targeted offline and online, sophisticated attacks exist which allow an attacker to intercept data via malicious WiFi access or charging points. Both of these attacks prey on people who use ‘open’ WiFi access points, or who plug their device into public USB phone chargers. As a rule of thumb any ‘open’ network should be avoided as data is transmitted without encryption, meaning attackers using the same free WiFi, can access all data being sent over the network. Untrusted charging points or USB ports should also be avoided as malware may be installed onto your phone via a malicious charging point. This may allow an attacker to gain access to your phone or data over the internet at a later date.
Even on a legitimate WiFi network protected with a password it is possible for an attacker to view data being sent over the network. The only way to protect against this is to have a VPN (Virtual Private Network), which you connect to before logging into banking, email, or browsing the website. A VPN service costs around $10 per month and protects you by encrypting all data from your device to the server so that it is not accessible to attackers.
Many holes have been found in mobile phone security, this is why you should update your phone’s software whenever an update becomes available. Security holes are found regularly. Some of these holes may be exploitable over the internet meaning the attacker doesn’t need physical access or be in the same locale as the phone. Updates for your devices should be installed whenever they are available. Even with up-to-date software, vulnerabilities may still exist.
If you have any questions regarding mobile security or would like assistance in setting up ‘find my phone’ on your device, Contact Us.