27 November 2009

The Phone Is Smart, But You Have To Be Smarter

Wall Street Journal

Would you want hackers to have all the information on your device? Here's how to protect yourself.

Given how much information can be found in people's smart phones—contact lists, emails littered with details about their personal lives and their work, company documents and data, personal financial information and passwords—it's startling how little most users feel the need to protect the devices.

"People have a false sense of security" about their phones, says Daniel Hoffman, chief technology officer of SMobile Systems Inc., a provider of security software for mobile devices.

Security experts have long warned of the vulnerability of smart phones to hackers. And in the past year the threat has been highlighted by an attack on the Symbian operating system, used mainly by Nokia Corp. phones, and a demonstration at a conference of a flaw that was found in the iPhone's security.

As the software for smart phones becomes more sophisticated and open, they become better breeding grounds for a new generation of spyware and viruses. Hackers can work their way into your phone through text messages, steal your information and use your contact list to find more victims. Scammers can now dupe you into revealing your Social Security number or credit-card account number on your phone, just like they've been doing for years on PCs.

There are low-tech ways to get into trouble, too. Theft or loss of your phone can be much more than an inconvenience if the person who ends up with it chooses to explore its contents. And you can even give away sensitive information by using your phone without regard to who might be watching or listening to you.

To some extent, you need to rely on your phone's maker to keep you safe. But there are several simple ways you can help protect yourself.

Here's a look at some of the dangers and how you can minimize them.

Message Minefields

Text messaging is a favorite service for many mobile-phone users. It's also becoming a favorite line of attack for scammers. For instance, text messages carrying insidious coding were the weapon in an attack late last year on phones using the Symbian operating system and were later identified as a threat to the iPhone.

For owners of the Symbian phones that were targeted, the attack was a major annoyance. Phones that received the malicious text messages shut down and lost their ability to receive any further text messages—damage that could only be repaired by sending them back to the factory. Then, in July, hackers at a conference on digital security demonstrated the ability to send text messages to iPhones that would allow the senders to gain access to data stored in the devices.

Apple Inc. and the Symbian Foundation patched up the holes in their security. For attacks like these, users have no defenses of their own—the messages do their damage without any action on the part of the user. But these incidents should alert smart-phone users to the vulnerability of their devices, and encourage them to guard against other kinds of attacks.

That includes phishing scams, which attempt to acquire personal data such as passwords or credit-card account information through fraudulent messages. These scams have spread from email to text messaging. Here the best protection should be familiar: Be skeptical of any messages that ask for passwords, account numbers or any other personal information. When in doubt, check directly with the company that claims to be asking for the information.

Multimedia messages—photo attachments sent like text messages—also pose a threat. A message could contain a virus that not only can tap into any information stored on your phone but also dig into your phone's address book to spread itself to all of your contacts. Other versions might spread by using the phone's Bluetooth connection to attack nearby devices. Attacks like these will drain your phone's battery and leave you with a large messaging bill, not to mention the embarrassment of contaminating the phones of your friends and colleagues, or even perfect strangers.

Again, caution is the best protection. If you don't know the origin of the message or don't recognize the number it's sent from, it's best to delete it before opening. Even if you do recognize the number, be wary of messages you weren't expecting, since viruses spread through contact lists look like they're coming from a trusted source.

Denying Applications

Applications could be another avenue for hackers, security experts warn, though it appears to be one that hasn't been explored yet to any great extent.

One way to head off potential problems is to limit the access applications have to your phone's functions. For example, some games require access to your Internet connection so that they can compare your scores to those of other players. But many applications don't need this capability, and if you find that one of those apps does have access to your connection, it could be a sign that something is amiss.

Smart phones running on the Android operating system or the BlackBerry system allow you to limit the amount of access an application has. You simply head to your Settings menu and choose Application. You can then look at each application to see which phone functions it has access to, and deny it access to any that don't seem necessary.

Losing It

One sure way to give strangers access to your phone is to lose it. And of course theft is another concern. If you have sensitive data on the device, make sure you have a way to remotely erase the contents—and that you know how to do it. Most corporate phones have the ability, as do iPhones, BlackBerrys and Windows Mobile phones.

If your phone doesn't have the capability, SMobile offers a program that allows you to remotely back up data and wipe the device clean. The company charges $20 a year for the software, which works with most smart phones.

A password is another simple measure that can go a long way toward deterring common thieves from gleaning anything from your phone. All smart phones have the ability to create a password built in. For BlackBerrys, simply go to the Security Options under Settings to turn on the password. Similarly, iPhones have the option in the Settings menu.

For extra security, you can set up additional passwords for other actions, such as accessing email or downloading a program. That can also be done in the Settings menu. BlackBerrys have the option to encrypt data on the media storage card so it can only be read on that phone. Simply go to the Media Card menu under Settings to activate the encryption.

Another easy way to lessen your vulnerability is to limit the amount of personal information on your phone. Don't list your home address, or the personal relationships with your contacts. Also, never place your credit-card or bank account numbers on your phone. There are programs designed to track down the 16-digit credit sequence in electronic devices.

If your phone is lost or stolen and you get it back, be wary of any new applications that have been loaded. If your cellphone is sluggish, take it to the carrier; it might be compromised.

Keep It Down

It's also important, and easy, to shield your phone from prying eyes and ears.

3M Co. makes a thin film called the Mobile Privacy Filter that goes over your screen, making it tough to see what's displayed unless you're directly in front of the phone. It can be found at any office-supply store or online for roughly $10.

Also, try not to discuss sensitive topics in public. It sounds obvious, but people sometimes appear oblivious to those around them as they discuss work or rattle off their name, Social Security number or credit-card account numbers while making purchases or taking care of personal business on the phone.

No comments:

Post a Comment