As part of National Cyber Security Awareness Month, students from the Polytechnic Institute of New York University’s (NYU-Poly) Information Systems and Internet Security (ISIS) Lab are offering tips on how to keep information safe on you mobile device.
The students, a mix of undergraduate, graduate and doctoral candidate “white hat hackers,” named so because they will graduate to protect institutions from the bad, black hat hackers – offer the following advice for mobile device security and privacy.
“When using social networking sites from your phone, skip the native apps – which know far more about your life than web browsers ever could – and access the sites through your phone’s browser. Also, use a password-protected screen lock to keep your phone secure.” – Julian Cohen, Sophomore – Computer Science
“Beware the false “update” link for apps! Verify the link you’re using to download an app before you click on it, or go directly to the company’s site to download the update. Sending fraudulent “update” links is a common method for directing users to sites where personal information can be compromised.” Luis E. Garcia II, Graduate Student – Computer Science
“Clean up your apps regularly, removing those you don’t use. Some apps may be able to monitor and access various types of data on your phone, including your contact list. And if your phone has a SIM card, set a PIN code for the card — if the phone is ever lost, nobody can use the card.” – Efstratios Gava, Doctoral Candidate – Computer Science
“Read the reviews of apps before you download, and choose reputable apps. Apps without many reviews and those that have been recently uploaded to the app market or app store are more likely to contain privacy and security problems.” – Michael J. Harris, Graduate Student
“Don’t trust Bluetooth! If you use a hands-free device to make cell phone calls, always use a wired headset. Bluetooth devices can be compromised and your personal data can be accessed or corrupted. If you do use Bluetooth, protect the connection with a longer, more secure password instead of a short PIN.” – Liyun Li, Doctoral Candidate – Computer Science
“Watch out for apps that ask for too many permissions – if you’re installing a calculator app and it requests Internet and contacts permissions, that’s a bad sign. One way cyberthieves exploit smart phones is by creating a good app with some extra code and overreaching permissions.” Sankar Ponnusamy, Master’s – Management Science
“Log out of all web services every time you’re finishing using them, or you may stay logged in indefinitely – even to sensitive sites like banking and email. On desktops, there’s a timeout period if you remain inactive, but not always with mobile access. If the phone is lost, anyone can access the sites you’re logged into.” – Jeyavijayan Rajendran, Graduate Student – Electrical and Computer Engineering
“Think twice before answering calls or text messages from unknown numbers, especially if you’ve received a call more than once. Phishing scams are often initiated through cell phone calls or texts. Google the phone number that’s calling you, and see if anyone has reported it as linked to a scam.” – Sen Yang, Graduate Student – Computer Science
NYU-Poly, founded in 1854, is the nation’s second-oldest private engineering school and was one of the earliest schools to introduce a cyber security program, receiving National Security Agency (NSA) approval nearly a decade ago. NYU-Poly was recently selected by SAIC to help build a cyber security powerhouse, delivering Master’s Degrees to more than 600 of its employees.
< Be Informed. Subscribe to SecurityWeek’s Weekly Email Briefing Here >