We need to be concerned about mobile security and mobile privacy as we start using our mobiles more. Mobile privacy is investigated in a separate article.
Among the mobile security threats that we face are
- Physical loss of mobile
- Installation of mobile malware on it
- Theft of sensitive data stored on the mobile
Physical loss of mobile
Our mobiles are small and we carry them around with us all the time. There is a good chance that we will misplace our mobile or have it stolen.
What can go wrong if our mobile is stolen?
- The bad guys can make calls using our mobile including expensive International calls and calls to pay by minute services.
- They have access to all the data stored on our mobiles. This might include financial information, photographs, and our electronic communications. Even if we think we have deleted the records from our mobile, they can still be recovered from the physical media on the device.
To guard against this we should
- Always treat our mobile like a credit card.
- All data should be stored on the phone in an encrypted form.
- If the phone has a locking mechanism like a pin number we should use it. Some phones have two passwords, a regular password and a master password. Make sure you have set both of them to something non obvious. And no "0000", "1234" and the like are not non obvious.
- Do not store passwords on your mobile - this includes stored passwords to your financial institution. The chance that your mobile will get lost at one point or the other are significant.
Installation of Mobile Malware
The danger of installation of mobile malware varies depending on the kind of phone you are using.
- Most basic, cheap phone - danger of installation of malware is very small. These phones have specialized chips and usually do not have the processing power to run the usual malware
- Iphone Danger is there but so far exploits on non jailbroken phones are rare. We cover the issue in depth in Iphone Malware.
- Android phones Malware is appearing at a tremendous pace for these phones. Right now (September 2011) we are investigating a security solution for these phones. Till we find such a security solution we do not recommend that security conscious users use these phones. If you do have to use them, install the minimal number of apps. Install only well known apps from reputable companies.
- Other smartphones - Blackberry, Nokia Malware exists for all them. Mobile spyware can be installed on all of them. You should always keep the phone in your physical possession. Do not accept a phone from anybody who may have a reason for spying on you.
Theft of sensitive data
Once your mobile is out of your possession, the data stored on it becomes fair game. This includes your recent call list, your email, your stored passwords and any files that you have stored on your mobile.
Always independently encrypt data stored on your mobile where possible. Do not rely on the inbuilt phone encryption. Almost all inbuilt mobile security encryption schemes have been broken.
In August 2011, the hardware encryption built into the latest iPhone 4s and iPads was broken.
Return from Mobile Security to Security and Privacy Software