Friday, September 9, 2011

Secure Your Smart Phone Too

Last month, I wrote a column with advice on how to strengthen computer passwords to better protect your company and personal information stored on the computers you use. The internet can be a wild and dangerous place. My advice was to improve your password making it more difficult for hackers and crooks to figure it out, enabling them to gain access to your computers and on-line services.

We face a new threat with the rapidly growing use of mobile devices. Ordinary cell phones having limited capabilities were never much of a target for malware. But smart phones, particularly those with the ability to support complex software applications, are increasingly at risk of being compromised.

Blackberries and iPhones are not so bad, but  Android has become a prime target for malware. Games and free applications in the Android Marketplace have been found to contain malware, hidden code designed to collect and report your personal information.

No matter how sophisticated you make your password, a keystroke logger on your phone recording everything you type can easily reveal it to the bad guys. If you allow this kind of malware to infect your phone user names, credit card numbers and anything else you type on your phone can be secretly captured, packaged up and shipped off to a web site. It will be retrieved, analyzed and used by criminals.

All smart phones are inherently unsecured. Typically your email, social networks and all of your applications are configured once when you install them on the device. Account names and passwords are stored. You launch programs by simply selecting them or touching an icon on the screen. This means anyone picking up your phone has the same access and ability to run these programs as you do. Physical protection is, therefore, very important. Never let your phone out of your sight.

What can you do when you realize you left your phone in the cab or on the table at a busy restaurant? On company issued equipment, the IT department will often load special software that allows them to remotely erase or completely disable devices. You report the loss of the device to them and they zap it. Some carriers offer similar services for personal use. But absent this capability any person who finds your phone will be able to see all of your information and use it.

First, I recommend you use a feature found on almost every smart phone that requires you enter a PIN or pass code every time you want to use the device. Those of you old enough might recall when personal computers introduced a feature like this. Buried deep in the bowels of the machine (BIOS) was a security measure that required a code be entered before the machine would boot up and load Windows. Locate and enable this feature on your smart phone and it will eliminate the possibility a stranger (or a friend) will gain access or use the device without your knowledge and permission.

Smart phones provide other means of access since they are on the cellular network, support WiFi network access and blue tooth communication. If your device has blue tooth keep it turned off when not in use and always configure it as not discoverable. Be aware there are techniques like "man in the middle" which allow the bad guys to insert themselves between your device and the WiFi network you think you are about to connect. Be especially wary when using WiFi in public locations.

Next, smart phones usually require you to actively approve permission for new applications to access your data. Pay close attention to the warnings when you load a new program. It will ask you to authorize the application to see things like your address book, passwords, location or other data. It might request permission to add or modify data, or act on your behalf. Unless you really need or trust the application you should be wary of allowing it to do these things. Check the user ratings and comments before loading any application. Stick to the reputable software authors.

Please keep in mind your smart phone is now more like a PC and will be susceptible to many threats from web sites with hidden malware just waiting for you to click on a link and unknowingly install it. Sadly, the antivirus software has not kept up so there is little in the way of software defense available for your smart phone. This means you must be extra cautious when browsing and super skeptical of any software you install.

Captain Joe

Follow me on Twitter @JPuglisiLLC