Mobile Security

Is your mobile phone secure from hacking?

Our phones have come a long way from being a keypad with a screen. Today our smartphones are practically miniature PCs. As miniature PCs, they suffer from similar problems and consequently need the same protection. Although all smartphones are exposed to risk, not all smartphones bear it equally. Below are some guidelines for protecting your mobile phones...

Set a password and make it strong. Having no password is like leaving your door unlocked… don’t do it! Making your password strong means length and obscurity – using your anniversary, date of birth, or favorite sci-fi reference is not recommended. Furthermore, don’t tell other people your password, doing so means you can’t restrict access to your device when you need to.[1]

Don’t forget to diversify your passwords. If you have apps that have their own passwords, make sure each one is unique. Attackers are smart and well aware that most people reuse passwords. They will try a password they know you have used before. [1] We recommend a password manager so you won’t have to remember a myriad of passwords. The added bonus is that you can get away with some really complicated passwords without having to worry about recalling them.

Don’t install random apps – even if they are from the app store. Do some research first to find out if the apps are secure, and are recommended by reputable sources (such as security researchers or websites). Stay away from apps that are rarely updated, and stick to ones that have been downloaded often. Any problems will become rapidly apparent with oft-downloaded apps. Apple is generally better about weeding out bad apps, but they are not infallible.[7] Don’t forget to remove apps you no longer use. Keeping your phone free of unused apps reduces the risk of malicious updates getting pushed to your phone.

Phone viruses are now a thing, so consider using an anti-virus or anti-malware app. An anti-virus is practically a must on Android devices. iPhones used to not require an anti-virus, but today this additional layer of security is worth considering.[4] There are numerous reviews online comparing AV suites for phones.

Install a permissions app. While Apple phones come with decent permissions management tools, Android does not. To remedy this shortcoming, or enhance the iPhone’s features, there are apps that enable you to adjust permissions for those apps that seem to want it all.

 

Bad QRDon’t scan random QR codes. Malicious people can and have posted QR codes that direct victims to attack sites. Only scan QR codes that are from reputable sources, and don’t scan codes that appear altered.[2]

 

Encryption ensures that if your phone is stolen or contents are duplicated, the offending party will have what is effectively electronic gibberish. You, using the key to unlock the encrypted phone, will have your data.[1] Not all phones are capable of encryption, which requires a certain amount of processing power. This means that inexpensive smartphones rarely encrypt by default and often become sluggish if encryption is enabled.[5] In Android, the encrypt option is in the ‘Security’ sub-menu of the ‘Settings’ menu.[8] On iOS, all you need to do is set a PIN or pass code on your phone, after which iOS automatically engages encryption. Note, however, that neither phone encrypts everything.[9]

Enable remote wipe as this enables you to, as the name indicates, wipe everything except the OS off the phone without having physical access to it. If your phone is stolen, you can wipe your data off it so thieves can’t get to it.[1]  The iPhone supports this via ‘Find My iPhone’. While Android phones also have built-in remote wipe, it does not do a complete job[6] and so we recommend a third party remote wipe app.

 

Andrew Leverkuhn,

Research Assistant

Cyber Security Institute

University of Houston-Clear Lake

 

  1. https://www.tccrocks.com/blog/cell-phone-security-tips/
  2. https://www.unitag.io/qrcode/can-qrcodes-be-hacked
  3. http://www.digitaltrends.com/mobile/top-android-security-apps/
  4. http://www.tomsguide.com/us/best-antivirus,review-2588-7.html
  5. http://arstechnica.com/gadgets/2016/03/why-are-so-few-android-phones-encrypted-and-should-you-encrypt-yours/
  6. https://www.androidpit.com/how-to-remotely-delete-android-phone-data
  7. https://nakedsecurity.sophos.com/2015/09/22/apples-app-store-hit-by-the-xcodeghost-of-malware-present/
  8. http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/