Smart Phone threats and security measures

A smartphone (or smart phone) is a mobile device with an advanced mobile operating system. They typically combine the features of a cell phone with those of other popular mobile devices, such as personal digital assistant (PDA), media player and GPS navigation unit. Most smartphones have a touchscreen user interface, can run third-party apps and are camera phones. Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. Technical security measures, such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are not updated as frequently as those on personal computers. Unfortunately, many smartphone users do not recognize these security shortcomings. Many users fail to enable the security software that comes with their phones, and they believe that surfing the internet on their phones is as safe as or safer than surfing on their computers.People are using smartphones for an increasing number of activities and often store sensitive data, such as email, calendars, contact information, and passwords, on the devices. Mobile applications for social networking keep a wealth of personal information. Recent innovations in mobile commerce have enabled users to conduct many transactions from their smartphone, such as purchasing goods and applications over wireless networks, redeeming coupons and tickets, banking, processing point-of-sale payments, and even paying at cash registers. Many users may consider mobile phone security to be less important than the security of their PCs, but the consequences of attacks on mobile phones can be just as severe. Malicious software can make a mobile phone a member of a network of devices that can be controlled by an attacker (a “botnet”). Mobile phones can also spread viruses to PCs that they are connected to. Losing a mobile phone used to mean only the loss of contact information, call histories, text messages, and perhaps photos. However, in more recent years, losing a smartphone can also jeopardize financial information stored on the device in banking and payment apps, as well as usernames and passwords used to access apps and online services. If the phone is stolen, attackers could use this information to access the user’s bank account or credit card account. An attacker could also steal, publicly reveal, or sell any personal information extracted from the device, including the user’s information, information about contacts, and GPS locations. Take Steps to Protect Your Mobile Phone Although mobile phones are taking on more capabilities formerly available only on PCs, technical security solutions for mobile phones are not as sophisticated or widespread as those for PCs. This means that the bulk of mobile phone security relies on the user making intelligent, cautious choices. However, following best practices regarding mobile phone security can reduce the likelihood or consequences of an attack. • When choosing a mobile phone, consider its security features. Ask the service provider if the device offers file encryption, the ability for the provider to find and wipe the device remotely, the ability to delete known malicious apps remotely, and authentication features such as device access passwords. If you back up your phone data to a PC, look for an option to encrypt the backup. • Configure the device to be more secure. Many smartphones have a password feature that locks the device until the correct PIN or password is entered. Enable this feature, and choose a reasonably complex password. Enable encryption, remote wipe capabilities, and antivirus software if available. • Configure web accounts to use secure connections. Accounts for certain websites can be configured to use secure, encrypted connections (look for “HTTPS” or “SSL” in account options pages). Enabling this feature deters attackers from eavesdropping on web sessions. • Do not follow links sent in suspicious email or text messages. Such links may lead to malicious websites. • Limit exposure of your mobile phone number. Think carefully before posting your mobile phone number to a public website. Attackers can use software to collect mobile phone numbers from the web and then use those numbers to target attacks. • Carefully consider what information you want stored on the device. Remember that with enough time, sophistication, and access to the device, any attacker could obtain your stored information. • Be choosy when selecting and installing apps. Do a little research on apps before installing them, it could be a Trojan horse, carrying malicious code in an attractive package. • Maintain physical control of the device, especially in public or semi-public places. The portability of mobile phones makes them easy to lose or steal. • Disable interfaces that are not currently in use, such as Bluetooth, infrared, or Wi-Fi. Attackers can exploit vulnerabilities in software that use these interfaces. • Set Bluetooth-enabled devices to non-discoverable. When in discoverable mode, your Bluetooth-enabled devices are visible to other nearby devices, which may alert an attacker or infected device to target you. When in non-discoverable mode, your Bluetooth-enabled devices are invisible to other unauthenticated devices. • Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots. Attackers can create phony Wi-Fi hotspots designed to attack mobile phones and may patrol public Wi-Fi networks for unsecured devices. Also, enable encryption on your home Wi-Fi network.11 • Delete all information stored in a device prior to discarding it. Check the website of the device’s manufacturer for information about securely deleting data. Your mobile phone provider may also have useful information on securely wiping your device. • Be careful when using social networking applications. These apps may reveal more personal information than intended, and to unintended parties. Be especially careful when using services that track your location. Your smart phone is your priced asset, compromising it, can mean a great loss, therefore take adequate measures to protect your smart phone from the physical and digital vulnerabilities. Afterall it has become an indispensable part of our lives. This article is published by NIELIT Kohima as a part of the Digital India Week. Content provided by : Laishram Darmoni, NIELIT Kohima.