Following the revelations this week that the NSA was listening in on up to 35 world leaders, Marc Rogers from Lookout explores what everyone can do to protect their smartphone.
You don't have to be a politician or a celebrity to be the target of hacking, everyone is vulnerable. There are a number of ways that phones can be compromised; like computers they are vulnerable in many ways.
Whether it's via an unsafe link sent in an email or an application containing malicious code - phones are at risk - but there are simple things consumers can do to boost the security of their phone. While we're starting to see some sophisticated attacks targeting mobile devices, it's more likely that risky user behaviour will lead to a compromised device. Most importantly use caution when clicking on links on your phone, even from people you know. Bad guys these days will "spoof" an email so it looks like it's coming from a person they trust.
Some basic tips include:
- Set a passcode. Did you know that only 44% of people set a passcode on their phone? It's the first line of defense of someone accessing your personal data.
- Question why a link asks you to download something: Be careful of links from email, text message and social networking sites that ask you to download or install something. As a rule of thumb, the more urgent the messages appear, the more likely it is that they are fraudulent.
- Be suspicious of strange or unlikely emails: Avoid clicking on links in email messages if it's hard to determine who the sender is and what their intentions are. Even if you receive an email from someone you know, if it seems out of place, it probably is. Emails can easily be "spoofed" to make it look like it came from a friend, but really it's not.
- Use discretion when downloading apps: Only download apps from trusted sources, like the Google Play Store and Apple App Store. Malicious applications can contain spying capabilities, like taking pictures or reading SMS messaging. To ensure that you can't install apps from places outside of Google Play, make sure the "unknown sources" settings in the security setting on your Android device is unchecked.
- Protect your phone like you protect your PC: Most people already use software to shield their PC from viruses and spyware. With so much personal data on our phones and mobile malware on the rise, our mobile devices now need the same attention. Protect yourself and your private data from malware, spyware and malicious apps by downloading a security app like Lookout Mobile Security.
- Check for suspicious activity: Regularly check your phone bill for unwarranted SMS or phone call charges.
- Keep your apps and device software up to date: Hackers work diligently to discover new vulnerabilities in our apps or the software that operates our phones. Device manufacturers and app developers frequently update their software to fix newly exploited security gaps, but if you don't download and install these updates your information is still at risk.
To help prevent people from listening on phones calls, the most common approach is to use encryption to scramble the voice conversation between two parties. There are a number of solutions both software and hardware which will allow you to do this, here are details for a few of them:
RedPhone by Whisper Systems
Created by renowned hacker Moxie Marlinspike, RedPhone enables Android users to encrypt their calls so that even if they get intercepted, an attacker will not be able to listen to them.
SilentPhone by SilentCircle
Silentphone is a new solution by a team of well-known cryptographers and is available for both Android and iOS.
Ostel - secure, open source voice
A tool for having end-to-end encrypted phone calls. This is a public testbed of the Open Secure Telephony Network (OSTN) project, with the goal of promoting the use of free, open protocols, standards and software, to power end-to-end secure voice communications on mobile devices, as well as with desktop computers.
Orbot - tor for android
Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
The next level up from software voice encryption is hardware encryption. Here the options range from "add-on" cards such as TrustCall by Coolspan, which is the key component in AT&T's Encrypted Mobile Voice for Blackberry and Windows Mobile, through to the sorts of hardware voice encryption units that James Bond would be seen with as found in the crypto museum.
Marc Rogers is the principal security researcher for Lookout, a global leader in mobile security, with more than 45 million users worldwide.