Friday, June 15, 2012

How Secure Is Your Smartphone?

Just a couple of years ago the biggest software concern you had about your cellphone was whether or not it could play Snakes. Today, smartphones have become a popular target among hackers and malware producers. It is a high-reward business because most people are unaware that their cellphone is just as vulnerable to cyberattacks as their desktop computer. Think about all of the things that you do on your cellphone, and then imagine a worst case scenario if somebody had access to all of the information that these tasks contain. At the least this would usually contain emails, online accounts, and your cell phone provider's accounts. At the worst it may contain online banking information or medical information. Either way, this is more than enough for a would-be identity thief to take advantage of. Luckily, with a few simple precautions we can keep our cellphones, and our data, safe.
The most obvious threat to the security of our smartphones is simply for the device to fall into the wrong hands. As silly as this sounds, most cases of smartphone data theft begins with a lost or stolen phone. The first line of defense is common sense. Don't put your phone down in a public place, and don't leave it where it is easily grabbed. In short, treat your phone as you would your wallet. In case your phone does get snatched by a passing evildoer, the next step is to make sure that you have a secure screen lock. For Blackberry, iOS and Windows phones use a secure password. Something that's easily remembered, but not easily guessed. If it includes personal information such as your name, birthday or address it is not safe. For Android users, make sure that your unlock pattern is relatively complex and crosses over itself. If not, somebody can deduce your pattern from the repeated smudge marks on your screen.
As with every computer, a good password alone is not enough to protect you. If your phone does get lost or stolen there is a line of software that will help you recover it, or wipe the data if you are unable to do so. The first step is a piece of software that will lock your phone down. This software will turn off the phone's screen and disable it, preventing an attacker from being able to easily access your information through the phone's operating system. Most of these programs will also be able to lock down the phone's communication ports stopping people from simply plugging your phone into a computer and downloading the information that way.
The next piece of software will turn on the GPS on your phone and lock it on. This way, as long as your phone has a battery with some life in it your phone will continuously broadcast it's location. This can be a huge help in a situation where you have simply lost your phone. Activate this feature and your phone will pop up on a map making it a simple matter to locate it. In the case of a theft, you can provide the location to the police department, vastly increasing the odds of recovering your phone.
The last ditch effort in the case of a lost or stolen phone is software that will completely wipe the memory. This is useful when other means of recovery have failed, and you have given up on hopes of recovering your phone. This software will remove all traces of personal information.
In addition to the threat of losing physical control of your phone, there is the threat of malware. Smartphone malware is similar to the viruses and trojans found on your home computers. Recently, Google had to remove 50 apps from their app store that they found to be malicious. These apps had already been downloaded to thousands of phones apiece. Apple and Amazon have also experienced malicious apps infiltrating their app stores. People get a false sense of security downloading programs from these large companies. They assume that these corporations have already weeded out all of the bad apples, and only post the good. While this is certainly the goal, it is impossible to be 100% certain 100% of the time. Oftentimes, a software programmer's account will get hacked. The culprit will take down their legitimate app and replace it with a copy that contains malicious code. This is usually discovered within hours, but by then the app has already been distributed to enough people to make the attack worthwhile. Another attack that has become popular is one in which a developer submits a legitimate program in order to get it approved for the app store. Once the app has been approved and downloaded by a sufficient number of people, the developer releases an update which contains malicious code. These attacks are much harder to control, as the updates will go out immediately to every person that has downloaded the app. For these attacks you need a good anti-malware program running on your phone.
Most of the major players in the PC malware game have mobile security suites as well. Familiar names such as AVG, Avast, Avira, Kaspersky, Norton, and McAfee all have mobile suites. Most of these suites include all of the protections that were mentioned earlier. However, the interface can vary greatly from provider to provider. Some will allow you to engage and interact with the anti-theft features via text messages to your phone, while others will use an internet browser. Some suites will be free and others will have to be paid for. You will still have to do your homework to determine which security suite will best fulfill your needs. Hopefully I've armed you today with the information you'll need to make an informed decision.  As always, if you are still unsure whether or not you're phone is safe consult a professional for their opinion.

No comments:

Post a Comment