Security Experts:

Is Your Smartphone Safe?

The recent move by the FCC and major cell phone carriers to create a database of stolen phones is in response to the danger your smartphone is in from thieves who want to steal and then sell them for profit. What about the hackers who just want the information from your phone – and then hope you continue using it to make financial transactions?

The goal of cyber thieves isn’t always to hack into your computer, and it’s not to steal your phone. Instead, they seek to borrow it just long enough to embed malicious software that can steal your data. Crime follows money, and with the information on your phone representing access to potentially billions of dollars in the cyber crime world, you and your phone become a tempting target.

Smartphone Security TipsHere are a few tips to help keep your smartphone safe:

1. Setup the remote wipe feature - Most smartphones have a kill or wipe feature that can be triggered remotely with the correct codes. Some of these implementations are free, but even the paid versions are well worth the peace of mind if your smartphone is stolen or lost. The good news is that the feature works great. The bad news is that the phone must be turned on and connected to a Wi-Fi or telephone network for it to work. Hopefully, you’ll get lucky and the thief will be slow or technically inept.

2. Use GPS tracking - The remote kill or wipe feature often is combined with a GPS tracking feature that lets you remotely pinpoint your phone. A word of caution: However exciting it might be to track the thief to his hideout, don’t do it. A better use of the remote GPS tracking feature will be to discover whether you left your phone in a friend’s car, restaurant or the middle of the street after it fell off the roof of your car. The tracking feature is either free or quite inexpensive, and it will be worth every penny the next time you misplace your phone. As a side note, be sure to monitor your application permissions if you're concerned about privacy.

3. Safeguard financial features - Sure, do your best to keep the smash-and-grab thieves from taking your phone (they’re stealing them right out of people’s hands!), but don’t think it ends there. If your smartphone is stolen, immediately run the cancellation traps for whatever financial features your smartphone might contain – call your bank or credit union and block account access, etc. And call your service provider.

4. Use strong passwords - For those credible apps that you do download (only from major app stores and vendors), use strong passwords whenever possible – a mixture of numbers, letters and cases that aren’t easy to figure out.

5. Be cautious if you jailbreak your phone - At the risk of offending my geek friends, I strongly suggest you never jailbreak your phone, which means modifying the operating system to implement features or functions the vendor had not intended. The vendor (i.e., Apple, Google, Microsoft) has provided a relatively secure, tested OS for your use. Any jailbreak is guaranteed to reduce the inherent security of your smartphone.

6. Consider every app a potential security risk - Avoid the temptation to download an app just because it seems like fun or a friend recommended it. We should be past the days when we would install arbitrary software on our home or work computer – and today’s smartphone is a computer that just happens to fit in a pocket. Treat it with the same respect.

7. Keep your operating system current - Make sure your phone’s operating system is the current versions. Security flaws are being discovered and repaired all the time; it is important that you keep up.

8. Consider Installing a Mobile Anti-Malware Solution: Several vendors offer mobile security features to help discover and protect against malicious mobile apps. According to Juniper Networks' 2011 Mobile Threats Report, there was a 155 percent increase in mobile malware across all mobile platforms in 2011, and a 3,325 percent increase in malware specifically targeting the Android platform in the last seven months of 2011 alone. Installing a solution on your smartphone is something you should seriously consider. Many mobile security products offer features beyond mobile malware protection so it's a good idea to look around and see what may be a good fit for you and your device.

The recurring theme here is that for all practical purposes, smartphones are simply smaller versions of desktop and notebook computers. Thus, they suffer from the same security Internet-related issues, but without the public’s awareness. Do not assume that you’ll never lose your phone through inattention or theft. More and more criminals are targeting smartphones, and as the FCC has noted, they are getting more and more brash and insidious. Protect yourself now, before it’s too late.

Related Reading: The Scariest Thing about Securing Mobile Devices

Related Reading: Got Android? Some Considerations on Permissions and Security

Subscribe to the SecurityWeek Email Briefing
view counter
Alan Wlasuk is a managing partner of 403 Web Security, a full service, secure web application development company. A Bell Labs Fellow award-winner with 18+ years of experience building secure web applications, Wlasuk is an expert in web security - from evaluation to web development and remediation.
view counter