By David Geer (bio: http://www.linkedin.com/in/daviddgeer)
“A mobile phone is lost every 3.5 seconds. More than half of those devices are smartphones. 40% are not password protected.” – Identity Theft Expert, Robert Siciliano
Smartphones outnumber PCs. Though the devices are more personal than “personal” computers, they can certainly be less secure. Malware (mal = bad, ware = software) such as viruses, apps that are not secure or that funnel out private information, and the loss or theft of unprotected devices are all threats that lay in wait for unprepared users.
I spoke with Identity Theft Expert, Robert Siciliano for a Q&A about consumers’ top smartphone security and privacy concerns. Genuinely concerned and personally involved, Robert details how the average consumer can keep their smartphone safe.
David Geer: What are the average consumer’s smartphone security concerns?
Robert Siciliano: We are hearing a lot about malware. We are hearing a lot about privacy issues with the apps people download. There are apps that violate user privacy by communicating information the user may not want to communicate (without their knowledge). Though the vendors often state in the TOS (Terms of Service) what these apps will do, some apps share personal information despite what their TOS say. There are also issues with lost or stolen phones, especially when the user has not password protected their device.
There are thousands of examples of malware targeting mobile devices. But while consumers are more concerned about that, the loss or theft of their phone is a larger issue. A mobile phone is lost every 3.5 seconds and more than half of those devices are smart phones. Forty percent of phones are not password protected. An overwhelming number of phones are lost with no password protection.
Then there are the issues we have seen with people stealing people’s phones. I think the biggest concern should be password protecting your phone as opposed to worrying about malware. That is not to say you should not be concerned with malware.
DG: What are some real-world cases of smartphone threats occurring?
RS: A woman contacted me saying, “Robert, I was at a concert last night and I lost my phone.” When she got home, she logged on to her Facebook page and someone had posted all of her naked photos from her phone to her Facebook page.
There are two issues here. One is the fact that her phone was not password protected. The other is that she and many, many starlets are taking nude photos and storing them on their phones. That is a big detail. I have read a half dozen stories in the past year about young, successful actresses that had nudes on their devices and these have ended up on the web because the device was hacked or stolen. These starlets are giving other women the green light to go ahead and do the same thing. We have an entire culture that is engaged in this behavior and not doing much if anything to protect their data.
Our digital devices store our most private information: usernames, passwords and access to private accounts including banking and social accounts. Exposing all the intimate details of our lives because of a lost, stolen or hacked phone is serious business.
McAfee studied password sharing with ex-spouses. A significant number of people surveyed said that they have or would expose their former significant other’s most private photos and videos in the event of a bad breakup. They had access to the passwords and had the same data on their own devices because they took it from their significant other’s phone.
G: Most smartphone users have no interest in becoming technical gurus. What are some things any consumer can do to protect their devices and themselves from these concerns?
RS: It boils down to common sense in recognizing the risks. It is common sense to password protect your device. Beyond that, users should have lock, locate and wipe software whether the vendor built it into the phone or users download it. (This enables the user to lock the phone against access, find the phone or completely wipe all sensitive data from the phone remotely). Then the user should have anti-virus software on the phone.
Do not root or jailbreak your phone. This breaks down the defenses the OS software developer put in place. There is only one store where you can download safe, secure apps for the iOS (Apple) and one where you can download them for Android. When you jailbreak the phone to gain access to the hundreds of other stores and their downloads, neither Apple nor Google have tested these apps.
Jailbreaking is what gets the user and their employer who offers bring-your-own-device options into trouble.
DG: Are there any smartphone settings that can help without frustrating the consumer technically?
RS: Yeah. Turning off Bluetooth, especially when not in use will help. Turning off your location-based services will, too. You have options on what to do in the event that someone does try to access the password. So, for example, if they try to enter the password more than 10 times, then the device will wipe. That is something that you can turn on or off.
DG: Are there any free or modestly priced software solutions that can help without frustrating the consumer technically?
RS: I am a McAfee spokesperson, so I always recommend McAfee’s line of mobile security products. Some are free; some require a small fee. All are very user friendly. Other than that, there is whatever software is already on the device.
DG: If all this is still too much, where can a consumer go for help?
RS: You have heard the term, “Google is your friend”. There generally is not an issue where someone did not ask a question and someone else did not answer with respect to technology. Do a search and find a variety of forums where people have asked the same question you have and someone has answered it. It is a matter of knowing how to ask the right question. Beyond that, your device’s manufacturer or service provider is good places to start.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247