The FINANCIAL -- With Edward Snowden lounging in a dacha, the US
National Security Agency sniffing through 70% of internet traffic and
the Black Hat Conference (computer hacker’s conference) just winding
down in Vegas, now is the perfect time to look at information security
for you and your business. This series of articles will focus on major
threats to your privacy and financial security. We will also cover some
easy things you can do to make your information – and your life – more
secure. This week’s article will focus on smartphones.
At the Black Hat Conference in the summer of 2009, security experts Charlie Miller showed the world that an iPhone could be compromised by sending it a simple text message. This particular vulnerability was a major security flaw in the SMS system and required no user interaction. In other words, the owner of the phone did not need to click on anything or download anything to the phone. A phone in a pocket or purse could be hacked.
The only indication that the phone was even compromised was the receipt of a text message that resembled a small square. Once the attacker takes control of a phone they can control the camera, microphone, Safari and more. They can even send messages from the phone’s owner to contacts in the address book.
This particular security vulnerability was not just isolated to iPhone devices. Android phones were just as susceptible to a variant of the attack. If you have an iPhone or Android device that has not been updated since 2009, you are at risk for this attack. Any competent hacker, from anywhere in the world can take over your phone, turn on your microphone and listen to all of your conversations without you even knowing it. This hack is not limited to ‘phone’ conversations. Hackers can listen to your in-person conversations as well. They can take picture of whatever your iPhone camera ‘sees’ and send mail from you to any of your contacts.
A more recent security flaw came to the public’s attention this summer. Criminal hackers have begun taking control of iPhones with 3rd party chargers. Once you plug your phone into one of these chargers, the hacker takes over. No one really knows how many of these malicious chargers are floating around in the world, or the extent of the compromised phones. In response to the vulnerability, Apple is asking customers to drop off all non-Apple USB adapters at any Apple Store for disposal. Apple will provide a new genuine charger for only $10. (Google ‘Apple USB adapter take back program’ for details)
Smart phones from all manufacturers are complicated computers that customers rely on for both work and play. Unfortunately, all of them are insecure. In addition to the two vulnerabilities already discussed, there are hundreds of other problems that have already been discovered. There are even more security flaws waiting to be uncovered in the future. Until there is a radical change in the way software is developed, all phones and tablets are at risk for compromise.
The good news is that by knowing these vulnerabilities exist, you can take steps to protect yourself. Here are 6 practical things you can do to keep your life private and your information secure.
1. Don’t store sensitive information on your phone. Think of your phone as a day planner that can be read by any stranger at any time. Applications like Dropbox that keep folders on your computer magically synced with your phone are very convenient. Don’t use them if the information they synchronize should be kept private.
2. The only ‘safe’ phone is a phone without a battery. Even phones that are turned off might not really be off. If you need to have a truly private conversation, make sure everyone participating takes the batteries out of their phones and piles them on the table. The upside of this approach is that participants won’t be continually distracted with the constant flow of messages streaming into the devices.
3. Update your device frequently. When your manufacturer sends you a security update, if you care about your privacy, take the update seriously and apply it to your device.
4. Ditch the smartphone in favor of a “phone only” phone. I know several leaders of major companies who carry a vintage cell phone along with a paper notebook and a pencil. It is hard for criminal to hack into a piece of paper. Another benefit is that this system can go for days between charges.
5. Protect your phone with a secure passcode, and have your iPhone erase your data if too many incorrect codes are entered. Even though there are 10,000 possible passcode combinations, New York researcher Daniel Amitay discovered that 15% of iPhone users use one of ten four-digit combinations.
• The top five codes in rank order are: 1234, 0000, 2580, 1111 and 5555.
• Following closely are: 5683 (or ‘LOVE’), 0852, 2222, 1212 and 1998.
• Also common are dates ranging from 1980 to 2000.
• The least used numbers in passcodes are seven (7) and six (6).
6. Install a good malware protection application on your phone and keep the virus signature updated.
A few signs that your phone may have already been hacked include:
1. An SMS message in the form of a square.
2. Batteries that discharge quickly. Malware programs are rarely battery life friendly.
3. A warmer than usual phone can indicate that the cellular network is in use surreptitiously.
4. A slight humming from the phone between calls can indicate that the microphone is turned on and listening to your every word.
5. A higher than average number of dropped can point to malware related traffic that is taking priority over your connection, especially in a weak cell signal environment.
Even though no iPhone or Android device is completely secure, if you take proper precautions you will be able to use your fantastic new piece of technology and keep your private life private.