Everything You Ever Needed To Know About Mobile Security
Mobile devices have seen tremendous evolution and upgrades over the years. Now it is not just a phone but is sophisticated to play the role of a camera, a GPS. A television, an alarm clock, a gaming console, and also an MP3 player. Mobile devices due to all the features they now come with are very capable of helping us with our day to day tasks and it takes away total dependence on the use of desktops and laptops to do those tasks. Now you do not need to be at home or in the office where you can have access to a computer in order to perform your tasks. All you need is a mobile phone and you can get a lot of things done on the go. This makes the connection with family, friends and colleagues a lot easier but while the use of mobile phones makes you execute your tasks with convenience, it can be dangerous too.
Table of Contents
The danger arises because a lot of information gets stored on your mobile phone and with increased usage, your risk of being hacked also increases. After all, your amount of privacy and security is as good as the device you are using. A mobile device is different from other devices because of the inclusion of a SIM card and the use of an IOS or Android operating system.
Important Mobile Safety Tips for You
With your mobile devices, a lot of things can happen, including getting hacked and having your data stolen. Today’s mobile devices like iPhone, iPad, windows, and android phones are very advanced and have a level of sophistication that makes it perform similar to a PC. This implies that these mobile devices have the same loopholes and security threats that computers have to.
These phones and tablets can easily be stolen or misplaced as they are small in size. You can also connect to the internet using a public network like 3G, 4G, and Wi-Fi, leaving you very vulnerable to attacks, so it is necessary to stay safe while using your mobile device.
Here are some important safety tips for you:
1 . Have a Passcode
Your mobile device contains a lot of personal information and contacts on it. All of this can be made readily available to anyone who has your phone except you lock your device. You can protect your sensitive information from getting into the hands of the wrong person by setting a passcode on your device that activates once you start your device.
Some mobile devices are more advanced and have more convenient ways of unlocking your phone like with a fingerprint or your face. It makes it easier for you to unlock your phone but it also has a downside as you can be more easily forced to unlock your phone by law enforcement officers.
2. Encrypt Your Mobile Internet Data
Not all internet service providers can be trusted with your security and it makes your connection to the internet very easy to be eavesdropped on. So to stay safe and have your data exchange secure from third parties, you need a VPN to encrypt your mobile internet data.
3. Choose Apps with Access to Your Data Carefully
Mobile devices have a lot of apps available for download as almost anyone can create an app and put it in the store. Some operating systems like an android, in particular, allows apps that are connected to the internet run in the background, so you don’t need to open the app or use it before it gets running. Such situations will allow the apps to have access to your information like location and photos and upload them online. It is a security risk you should try to avoid as you do not know who creates the apps and what bugs it may have. Besides it also wastes your data.
Interesting Read : The Top 10 best browsers for privacy and security in 2020
Before you grant internet access to apps, always ensure that such apps are from reputable developers and also review the permission to be sure that they have access to your data only when you want them to.
4. Protect Your Device against Malware
With the rise in the presence of malicious software that is intended to steal your personal information, there is a need that you protect your devices against it. Mobile malware often comes as clones of apps that are trusted and popular to trick you into downloading them. Once in, they may steal your information like account details, install other apps without your permission, or begin some actions on your phone that are unwanted.
To prevent this from happening, be careful of the apps you install and do not give your phone to just anybody. If you feel that your phone has malware, performing a factory reset will have it in good condition again.
5. Put Bluetooth Off After Use
Leaving your Bluetooth on can allow remote connections to your phone and it could pose a threat to your security. Only put on your Bluetooth when you have use for it and switch it back off. Apart from being a security threat, it also drains your phone battery.
6. Don’t Root Your Phone
Your device comes with default security which prevents apps from having access to your personal and private data such as your SIM card details and the antennas you connect to. Rooting or jailbreaking your phone removes such security and leaves your phone and stored information at risk if such malicious apps are downloaded into your phone.
What Information You Share By Connecting To Wi-Fi?
Having access to public Wi-Fi is a pretty great thing, but you have to know that it is not secure and doesn’t offer you privacy. Having a good understanding of what goes on when you connect to a public wife can be helpful with reducing your risk of having cyber-attacks, and allows you to configure your device according to your choice.
1. MAC Addresses Can Be Used To Identify Your Device
Whenever you connect to a Wi-Fi, your mac address becomes known. Every network interface has such addresses and they are used to identify a repeated user of a network. The address can also be used to identify you across a separate network.
Apple devices with IOS versions from 8 do not broadcast real mac addresses but random ones so as to protect the privacy and security of the user. This makes it difficult to trace users but it is still possible to identify the user as an IOS user. You can also use mac addresses to increase your home or office Wi-Fi. You do this by identifying the device you want to permit on your network with their mac addresses, whitelist them thereby blocking out other devices from having access to your network.
Your phone will transmit its name which is either the phone’s description or a name which you have set. To prevent personal identification, you can change the name in your device settings.
2. The Wi-Fi Router Can Read Your Data as It Passes Through the Router
After connecting to a Wi-Fi, you need to have it at the back of your mind that your data isn’t secure as the router can read it. Read data usually includes the destination IP of your traffic. With such information, the Wi-Fi operator can know what services are being patronized by each device and what sites everyone on the Wi-Fi network is visiting.
If you are connected to an unencrypted connection, the Wi-Fi operator can also have access to the content of your data traffic. This includes your chats, emails, passwords, and other personal information you transmit. TLS encryption will appear as a lock icon on the address bar to show that the connection is secure and if it is absent, never transmit any important information through the connection.
You can prevent such occurrences by using a VPN. This will encrypt your data and prevent the network operator from being able to read your traffic. The network operator will still be able to know the amount of data you consume even with this. The difference between Tor and a VPN is that Tor will protect your web traffic, while a VPN will encrypt your data both outgoing and incoming.
3. Unencrypted Wi-Fi Networks Expose Your Traffic
Wi-Fi networks have several protocols that are meant to encrypt your data traffic but not all of the protocols are secure. Some Wi-Fi doesn’t even encrypt the traffic and this is especially peculiar to that Wi-Fi that allows you to connect without the use of a password. Connecting to such Wi-Fi exposes all your online activities and they can be monitored by someone nearby who knows what he is doing. This is a strong risk to your security and privacy and you are exposed to attacks from all around you. Wi-Fi networks that allow you to connect and then ask you to log in do not protect you from this security threat either.
Places, where this risk is highly predominant, are locations with free Wi-Fi like parks, coffee shops, and airports too. When you want to set up your own Wi-Fi, always set a password no matter the location and choose a security protocol during set up. A good choice of security protocol is WPA2.
A VPN will protect you from attacks from someone nearby when you are connected to public Wi-Fi as your data will be encrypted. Choose a VPN that has a protocol with good encryption like, limeVPN.
4. The Wi-Fi Network Can Predict Your Location within a Building
The Wi-Fi operator can guess your location within a building by comparing your signal strength over time with that of other devices in the same building. This can be used to track your movements in an area and it can become particularly powerful when combined with other information gotten from your connection. With the right information, the owner of the network can match an IP address to a credit card number and a face too.
Defending yourself against such monitoring or surveillance can be difficult especially if you spend long hours on a particular network. Your best shot will be to blend in with a crowd of other users and avoid making purchases with your credit card detail over such a connection so as to protect your identity.
5. Connecting Automatically To a Wi-Fi Network Can Be Dangerous
If you leave the Wi-Fi of your phone on, it will constantly be searching for an available network in the area so that it can connect to. It will always connect automatically to a network it has connected to in the past and the only way you can tell if it has connected before or not is by the network’s name.
The network’s name can be misleading nonetheless as a malicious network can be set up and hidden behind a trusted name. For instance, a Wi-Fi network called Dominos isn’t necessarily run by Dominos and it will be programmed so that all devices that automatically connect to Dominos will connect automatically.
Once you connect to the network, the router sees your device name and since most services and apps run over Wi-Fi, there will become active automatically. At this point, every information that passes through the router can be read by the network operator except it is encrypted.
How to Keep Your Mobile Apps Secure?
The security of the information you have stored on your phone depends on the apps you have installed there. Apps could be a source of malware intended to steal your information and that is why you are advised to only download apps from google and apple stores. You can also build the application yourself if the code is open-source, or alternatively, you can find and verify installation packages directly from the app developers.
1. App Permissions
All operating systems for mobile devices give you the option of granting permission to your apps to have access to features like your microphone, camera, location, and others like this. When giving permission to apps, do it after good consideration and only accept permission that you think are necessary and not invasive to your privacy. For instance, an app that sends and receives messages doesn’t need to know your location, and a finance app doesn’t need access to your photos. An app for flashlight doesn’t need to request any kind of permission to function properly so all these need to be carefully considered before being granted to stay secure.
Apps are more easily used to spy on you and extract your information. For example, it is far more accurate and easy to get your location through an app with location access on your phone than to find your location by triangulating your SIM cards. Also, it is cheaper to upload your photos and contacts from your phone through an app than to hack it.
It is a safe practice for you to occasionally check your phone settings and go through the apps you have installed and the permissions they request. Are the permissions necessary and are they invasive? If you are not satisfied with the answer, withdraw such permissions or you can delete the app.
2. Warning Signs That Show Your Apps May Be Spying On You
When you notice that your battery drains fast, you use too much data, or your memory is getting filled up without any reasonable explanation, it could be a sign that you are being spied on. It is not conclusive proof of being spied on, but all these signs usually follow the installation and activity of spy applications on your phone.
Rely on your intuition and your phone’s built-in features to monitor and find the source of these changes in your phone. The use of other apps to help with battery optimization, free up memory space and help you save data rarely work and maybe spy apps themselves.
3. Does Your App Encrypt Your Data?
Without the use of advanced tools to analyze the performance of your apps, it can be difficult to access how the apps handle your data as they run in the background. Good practices like being mindful of the type of permission you give to your apps and also keeping your phone’s security up to date cannot completely keep you safe. You still need to be careful about the type of information you give to your apps.
It is possible that the information you give to an app isn’t properly stored in the cloud. Search for app providers that promise proper data encryption in the cloud and find out how they do this. Choose a good password to offer more security to your data and using a good password manager will help you generate a good password. It is important that your password is stored in the hash form in the app server. Not all apps do this and an indicator is limited password length or limited inclusion of special characters.
Every data you exchange needs to be encrypted to be secure using HTTPS. With an app, it is difficult to check that your connection is secure and encrypted unlike with the use of a browser, and it is also not easy to verify that certificates are being properly checked. The only thing you have is to trust the app developers and rely on the policy of platforms like apple store to enforce the use of encryption protocols like HTTPS for your security.
You can also judge to a certain degree the reliability of an app by looking at it. Judging by the frequency of updates (if they are regular), its changelog is detailed and appears to be free of bugs, it is highly likely that the app is well developed and provides you with security.
4. Two-Factor Authentication
You can also use two-factor authentication in addition to your password to encrypt your app data. It is a second password and is only valid for a short while. The password can be created by your phone or an external device and sent to you via email or SMS. It is generally safer when the code is generated from your phone or an external device but the downside to this is if you lose your device.
Know that the code you get via SMS can also be intercepted by someone else or by an application on your phone.
How Your Phone Gets Exposed To Risks When Charging?
For better aesthetics, smartphones have a common port for charging and exchanging data. It reduces the number of cables we need to carry with us but it also exposes our phones to risk. This is because both charging and data exchange can occur simultaneously and when we plug in our phones to a USB port to charge, we are exposing our phones to a computer we do not trust. A computer with malicious programs may attempt to have access to your data without your permission in the process.
USB outlets can be found in various places like in buses and train stations and while you may use it solely for the purpose of charging, they may be a computer behind the outlets. In an airplane, you will find USB outlets that allow you to charge your device, but you will notice that the plane’s computer will want to have access to your device. You can grant the permission if you want to play media on the screen before you, but are these computers really to be trusted?
To protect yourself from giving off your data in the process of charging your phone, always carry your charger instead of just a USB so that you can charge where there is a socket. You can also make use of electrical USB cables that allow only electricity and not data to pass through. Devices called USB condoms also exist and they ensure that you charge without transmitting any data.
The Dangers from Triangulating Your Location, Intercepting Calls, and SMS
Your SIM card opens up some vulnerabilities on your phone and also makes it possible to easily track you.
1 . Tracking
There are several base stations in a different location that exchange signals with your SIM card for continuous good connection in case you have a call or a message. So as long as there is a SIM card in your phone that is working, these connections are bound to happen. With the information on which base station you are connected to and the signal strength, your network operator can give a rough estimate of your location. Your speed and location will also help your network operator deduce if you are moving or stationary, and how fast you are moving. They can even know if you are high up in a building.
Such information is most times not protected and intruders can hack into the system and get this information. Some providers even sell customers’ locations to advertising companies and all of these shows that your location isn’t so private after all. Law enforcement can get this information also to track you but they will need an additional device to be able to track you more accurately and this device is similar to a stingray.
Stingrays are a type of IMSI (international mobile subscriber identity) catcher and due to their small size can be attached to a vehicle or even be easily carried about. They can be used for all devices that are connected to a GSM network and can retrieve phone numbers and get locations. Since they are not as effective on 3G and 4G networks, a subject who is on a 2G connection can have their calls or SMS intercepted by this device.
Since every phone with a SIM has to be authenticated with the nearest base station of its service provider, anybody who knows what he is doing and has the necessary devices can imitate a base station and nearby phones will automatically connect to it unknowingly. With such connections, the stingray operator can get a list of mobile phones nearby and in some cases, they can listen to the conversations and intercept text messages. This is what is called a man in the middle attack. It is not known for sure the agencies that make use of such tech to track mobile phone users and intercept their data but it is possible to do this.
3. How to Evade Being Tracked Through Your SIM
The only sure way to avoid being tracked by all these devices is to activate flight mode in your smartphone. Advanced phone and tech users can run special software that detects the presence of stingrays in the environment and shuts the phone down if you want. The use of public Wi-Fi, VPN, and VoIP services that are paid with bitcoin are good to keep your privacy for outgoing calls. VoIP doesn’t provide much privacy for incoming calls as the calls are not encrypted but can hide your location still. You can make encrypted calls using software like facetime and Signai but both parties need to have the software for it to work.
You may choose to switch your SIM cards frequently but it won’t stop your device from being tracked. At best, what it can do is limit the amount of information that can be gathered on you. While switching SIM cards however, it is important that you do not switch them too quickly or else the two numbers will be linked together conclusively by the fact that they are never both on at the same time.
Your SIM card is highly susceptible to hacking and here is why. Basically, your SIM is a small computer that runs and responds to codes even those that are not known to the phone manufacturer. This loophole has been exploited before and was discovered in 2013 by analysts who discovered that 750 million phones were using ciphers that were obsolete and could be easily figured out by an attacker.
If an attacker has this key, new software could be downloaded into the SIM module and actions could be carried out like sending messages to contacts, and also changing voicemail password.
5. SMS and Contacts
Even if you have complete encryption in place, your SIM is highly likely to be storing text messages and contacts. This leaves your personal information and data accessible to anyone who is in possession of your SIM.
6. SIM Cloning
It is not easy to clone your SIM but if an attacker has physical access to it for a while, it can be done as the private key could be extracted from it. This extraction is done by placing a reader between your SIM and phone and the only way you can detect this is by checking the SIM slot.
The easiest option to clone your SIM would be to impersonate you and ask the service provider for a copy, giving some valid excuses. Some service providers will readily provide a replacement copy of the SIM or mail it without asking for proper identification. The implication of this is that if someone can impersonate you properly, they can get access to a copy of your SIM and will receive your messages and take your calls. They can also send messages and make calls in your name.
Locking Your Device
There is every need to ensure that your smartphone is secure because they store our personal information like online passwords and credit card numbers. Activating a lock screen on your phone and using a secure password will make it difficult for unauthorized access to your phone by others. You can also make use of fingerprint security to make it easier for you to unlock your phone while making it difficult for others to have such access. But fingerprints can be cloned and it is legal in some areas for your fingerprint to be taken without your consent to unlock your phone.
1 . Encrypt Your Drive
From IOS 8, Apple has improved user protection by encrypting hard drives, making it difficult for your information to be found and extracted even after you have lost your device. Android also allows you to encrypt your drive but you will have to activate it yourself. The option for device encryption can be found in your phone settings.
Even though it may be a bit difficult, it is possible to get your personal information from your device if you do not encrypt your drive. Law enforcement with the help of google can unlock your phone also if there is an investigation going on that is linked to you.
2. Choose a Good Password
Even though both Apple and Google give a limited number of password attempts, and even go further to erase your drive if wrong passwords have been entered a few times, the best way you can truly protect yourself id by using a strong password.
Strong passwords have at least 12 characters and are a mix of characters, including lower and upper cases. You can utilize this random password generator to help you with a good password, or make use of Diceware to get a password of four to five words.
It is very easy to lose data stored on mobile devices because of their small size, and many loopholes. Since they are small and perform almost all the functions that are needed for our daily tasks, we tend to use mobile devices more and more, allowing them to store our contacts, addresses, credit card numbers, and make our location available. This can take a huge toll on our privacy and security as apps and SIM cards can be used by an attacker to get to a user. To stay safe, several practices like the use of passwords, encrypting your phone, and the use of VPNs have to be put in place. Also, care has to be taken to ensure that while you charge your phone via a USB port, your phone isn’t granting permission to be accessed by a computer. Scrutinizing the apps you install and being careful with the permissions you grant are also safe practices that will give you security with your mobile device.
A VPN encrypts your connection to a network and secures data transfer. Using a good VPN is a great way to ensure that your data doesn’t get intercepted even if you make use of public connections. Limevpn makes use of 256-bit encryption to ensure that irrespective of your location you are secure and all connections are safe. It is fast and keeps you anonymous online, so your identity remains private.