As Smartphones gain in popularity they are becoming all-in-one devices for e-mailing, instant messaging, texting, Web browsing, and online collaboration, as well as placing calls; they’re morphing into mini PCs. And just as security is a major concern when using a desktop or laptop computer so should it be when using a mobile phone. Smartphones are potential points of attack for malicious social engineering, phishing, malware, trojan horses, and other hacking invasions.
Here’s a look at some of the security threats that users of Smartphones face and safeguards for avoiding them.
Wireless and Bluetooth
Whenever doing anything sensitive on a phone like making payments, banking, sharing privileged employer related files, or any type of e-commerce transaction, avoid using free Wi-Fi access points, always use a password-protected connection. Using unprotected connections leaves a person vulnerable to what is known as a man-in-the-middle attack during which information can be intercepted by a third party.
There is also vulnerability when pairing a Bluetooth device such as headset with a mobile phone; software can be used to capture or otherwise compromise information, and maybe even infect the phone with a virus.
Worms, Trojans, Viruses
These typically infect via emails but can arrive by means of games, screen savers, pictures, text messages, tweets, audio clips, slide shows, or in some cases even through URL shortening services. Smartphones need security software, several commercial security products are available that are specifically designed to protect mobile phones; be sure to download all security updates for these products as soon as they are made available.
This is a type of electronic fraud or trickery through which thieves manipulate users into divulging private information, Pretexting or Phishing are examples. The scenarios may include sending an email containing a link to a website that appears to be from a company that the user is familiar with and instructing them to click on the link in order to verify their identity, when in actuality the link goes to a bogus website where their personal information is captured, or malware is installed on their phone. In a similar scenario a recorded audio message is sent, purportedly from a service the phone owner trusts, which instructs them to call a phone number to verify information, at the number their information is captured or malware is installed. In all such cases the user should disregard the initial message and contact the referenced business or service directly to verify any requests.
One of the biggest threats to the security of a mobile device is the user themselves. How many stories have you heard about a misplaced phone left in a taxi, dropped in a lake, or lost in a club or restaurant for example? The best protection for instances like these is to not store sensitive information on a phone, back up everything regularly on a computer. Think of a Smartphone as a briefcase containing life’s most important information and guard it as such. If private data must be stored on a phone then use data encryption and passwords to protect it; always use strong passwords.
If a phone is stolen contact the mobile service provider immediately, the provider can remotely lock the phone and in some case wipe (delete) the data that is on it; this may also clear the owner of any charges that may have incurred following the theft. There are several commercial web-based products available that can locate a phone via GPS, then remotely back up and wipe its data.
Jailbroken (Open) Phones
In their earliest conception Smartphones were sold with a closed system so that they would run exclusively on a particular mobile service carrier’s network. Eventually a method was found for opening (jailbreaking) these phones so that they could operate on a variety of service carriers. Newer Smartphones are offered with the option of being purchased “unlocked” to run on a variety of service carrier networks. Unlocked phones are highly susceptible to being hacked and their sales have possibly opened the window for a flood of new attacks targeted for Smartphones and PDAs. Always check with your phone’s mobile service carrier and any network that you connect with routinely to determine what security features if any they may have in place.
Use of Smartphones At UH
The University is supporting on a best effort basis some Smartphones, PDAs and pocket PCs for connecting to the UH mail server. Instruction for set up are contained in this Ask Us knowledge base article: Accessing the University of Hawaii Email System with your PDA/Pocket PC/Smartphone