4 Things To Do To Get Your Smartphone Compromised
Today’s smartphone is a marvel child of Science and Technology, that even the inventor of the telephone, Alexander Graham Bell would kill to get his hands with one during his time. The smartphone is a very flexible device that is redefining today’s computing environment, it replaced the following everyday device that we used to purchase:
- Portable Music Player
- Camera and camcorder
- Voice recorder
- GPS navigation device
- Portable Gaming Device
- Barcode Scanner
- USB Flash drive
- Portable Video Player
- Alarm Clock
- Wrist Watch
- Photo Album
The way smartphones are acknowledged today having more users than all desktops, laptops, and servers combined. It became the most common computing device of all time, taking into itself the functions of the above-mentioned old devices. As such the cybercriminals are trying their best and invest with extensive research and development to enable to tap this huge smartphone market for their ends. There are, of course, misbehaviors that users commit that enable the easy extraction of data on the smartphone, loss of user account credential/stolen passwords and phishing incidents.
Below are ways to minimize the chances of losing your smartphone user data into the wrong hands:
- Ignoring App/OS updates
OS and App developers continue to discover bugs and other vulnerabilities with their software, and they issue new versions to correct those mistakes. App updates are the easiest of all, as the smartphone is configured to automatically fetch updates as it becomes available through its corresponding App Stores. OS updates depend heavily on the platform, iOS updates come directly from Apple, and it is delivered once ready. Android’s update system is more complicated, as all smartphone manufacturers have the right to change the Android OS as they see fit to differentiate their offerings compared to their competitors. Google develops Android in a closed development system, which they later opensource though Android Open Source Project (AOSP). At the moment, only phones released by Google themselves under the Pixel brand have the latest Android version as soon as it is released.
- Use of Open Wi-Fi connections
If you need to use an open wi-fi connection, make sure you only connect to sites that starts with https:// notation. This is because browsing a non-encrypted site can be intercepted by anyone in the same unencrypted wi-fi network. Be especially careful when using a non-browser online app when using an open wifi, as there is no assurance that the developer uses the https:// version of the remote site. Refer to the manual/documentation for details or just strictly use a browser, hence the address bar reflects if the site being visited is a TLS or non-TLS site.
- Use of passcode/face recognition vs password
4-digit passcode and face recognition are both convenient to use compared to a full-fledged password. However, the enemy of security is convenience. The more a system focuses on convenience, the less secure it is. It is really the user’s option what unlock method to use, as it is his/her device. But nothing forces you to reveal your password, compared to a fingerprint where an investigator can order you to place your fingerprint on the device to unlock it during a legal investigation.
- Using a non-encrypted smartphone
iOS is automatically encrypted, users have no choice about it such is by design by Apple. In Android, device encryption is optional, as not all Android device has enough processing power to make encryption/decryption on-the-fly practical without lowering performance. See the details found in the user manual to check if the device comes with a co-processor that helps with the on-the-fly decryption and encryption technology. In many corporate networks, the system admin doesn’t allow an unencrypted device to be used for security reasons.
Kevin Jones719 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.