My oldest son recently got an Android powered, 1 GB 3D smartphone. Now why you want a 3D camera and viewing capabilities on a phone, is beyond me. But after he treated me to a free 3D movie and took my picture in 3D, I was smitten. Naturally it led me to investigate the security aspects of these smartphones which today are as powerful as any PC.
Smartphones are now outselling PCs, according to the latest research, but more ignominiously are the increasing target of cybercriminals. People are using smartphones for an increasing number of activities and often store sensitive data such as email, calendars, contact information and passwords on the devices.
Mobile applications for social networking keep a wealth of personal information. Recent innovations in mobile commerce have enabled users to conduct many transactions from their smartphone, such as purchasing goods and applications over wireless networks, redeeming coupons and tickets, banking, processing point-of-sale payments, and even paying at cash registers.
Although mobile phones are taking on more capabilities formerly available only on PCs, technical security solutions for mobile phones are not as sophisticated or widespread as those for PCs. This means that the bulk of mobile phone security relies on the user making intelligent, cautious choices.
Even the most careful users can still fall victim to attacks on their mobile phones. However, following best practices, offered by US-CERT (Department of Homeland Security) regarding mobile phone security can reduce the likelihood or consequences of an attack.
- When choosing a mobile phone, consider its security features. Ask the service provider if the device offers file encryption, the ability for the provider to find and wipe the device remotely, the ability to delete known malicious apps remotely, and authentication features such as device access passwords.
- Configure the device to be more secure. Many smartphones have a password feature that locks the device until the correct PIN or password is entered. Enable this feature, and choose a reasonably complex password. Enable encryption, remote wipe capabilities, and antivirus software if available.
- Configure web accounts to use secure connections. Accounts for certain websites can be configured to use secure, encrypted connections (look for “HTTPS” or “SSL” in account options pages). Enabling this feature deters attackers from eavesdropping on web sessions. Many popular mail and social networking sites include this option
- Be choosy when selecting and installing apps. Do a little research on apps before installing them. Check what permissions the app requires. If the permissions seem beyond what the app should require, do not install the app; it could be a Trojan horse, carrying malicious code in an attractive package.
- Disable interfaces that are not currently in use, such as Bluetooth, infrared, or Wi-Fi. Attackers can exploit vulnerabilities in software that use these interfaces
- Set Bluetooth-enabled devices to non-discoverable. When in discoverable mode, your Bluetooth-enabled devices are visible to other nearby devices, which may alert an attacker or infected device to target you. When in non-discoverable mode, your Bluetooth-enabled devices are invisible to other unauthenticated devices
- Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots. Attackers can create phony Wi-Fi hotspots designed to attack mobile phones and may patrol public Wi-Fi networks for unsecured devices. Also, enable encryption on your home Wi-Fi network.
- Do not “root” or “jailbreak” the device. Third-party device firmware, which is sometimes used to get access to device features that are locked by default, can contain malicious code or unintentional security vulnerabilities. Altering the firmware could also prevent the device from receiving future operating system updates, which often contain valuable security updates and other feature upgrades
- Delete all information stored in a device prior to discarding it. Check the website of the device’s manufacturer for information about securely deleting data. Your mobile phone provider may also have useful information on securely wiping your device.