Make Your Mobile a Tough Target for Thieves

You should definitely pay attention to your mobile phone security. Most of us don’t, which makes it easy for hackers and ID thieves to target us. Here are some tips to protect yourself from becoming a target for thieves.

 

Use a Passcode

One of the easiest ways to ensure that you are not a target for thieves is to use a passcode. All mobile phones have a built-in passcode option, and if you have an iPhone you can even set a passcode if it has been stolen by using the Find My iPhone feature.

Use Face ID or Touch ID

To make your iPhone even safer, you can use Face ID if you have the iPhone X or Touch ID on other iPhone versions. This is much stronger than using a passcode.

Set up Find My iPhone

If your iPhone gets stolen or you lose it, you can use the Find My iPhone app. This is a free app that is built into the iCloud. It uses GPS to show where your iPhone is at any time, as long as GPS is enabled. For Androids set up Find My Device to accomplish similar tasks.

Look at Your Privacy Settings

You should also take a look at your privacy settings. Your data is extremely important and there are threats all of the time. Fortunately, you can set your privacy settings to make it tough for people to get into it. Depending on your phone OS, seek out built in privacy, location, encryption and VPN settings.

Should You Get Antivirus Software for Your iPhone?

You might think that you can make your phone safer by adding antivirus software. Yes, it’s very important to have anti-virus software for your computer, but you don’t need it on your iPhone, but definitely do need it for your Android. Do a search on Google Play, there are plenty.

Stop Jailbreaking (iPhone) or “Rooting” (Android) Your Device

Another way to keep your phone safe is to stop jailbreaking. A lot of people like jailbreaking because it gives more freedom to customize your phone how you want. You can also download apps that Apple has not approved of. However, jailbreaking your phone can cause it to become more open to hackers, too, which could really be devastating.

Encrypt All Backups

When you sync your iPhone to your computer, it holds data for your as a backup. This way, if you ever need it, you can get it easily. However, this also means that this data could be open to hackers if your computer ever gets hacked. So, it’s always best to make sure that you encrypt all backups. You can do this in iTunes with only a few additional steps.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Monitor a Cell Phone

Do you fancy yourself a spy and wondering how you can monitor someone else’s cell phone? You won’t get that information here, but there is some good info on cell phone monitoring if you keep reading:

The Legalities of Tracking Cell Phones

Generally, it is not legal to monitor a cell phone that does not belong to you. However, generally speaking, and THIS IS NOT LEGAL ADVICE, if the account is under your name or if you have written permission from the person who owns the phone, you can track it.

Why Monitor a Cell Phone?

There are some situations where it is perfectly legal, and even useful, to monitor a cell phone. One good reason is to monitor your family. This is especially the case if you have a tween or teenager who has some freedom.

Another reason you might consider monitoring a cell phone is if you have an elderly family member, like a parent, who uses a cell phone. If your loved one has dementia, you certainly should track their phone.

Businesses also often track company issued cell phones. The main reasons to do this is to locate a device if it is ever lost or stolen and to monitor employee communications.

The Main Ways to Track a Cell Phone

There are three different ways that people track cell phones:

  • Through the Cell Phone Carrier – Most major cell phone carriers offer a feature that allows a person to track a cell phone that is on their account. There is a fee for this service, it is totally legal, and it’s a great way to track family members.
  • Through a Smartphone or Computer– If you have a smart phone that runs iOS or Android, you can use features like Find My iPhone, or you can use apps like Find My Friends. Just keep in mind that the phones must have GPS enabled for these to work.
  • Though a Third-Party App – To trace a phone through an app, you usually have to have access to the phone you want to track AND own it and/or written permission from the phone’s owner. Typically, both devices must have the app loaded for these apps to work. Some of these apps are free for limited features. Others come with a one-time or monthly payment for the service.
  • Through an Infected email or Text Link – This is pretty much illegal and might get you stint in the klink. Pulling this off requires special malware or spyware which can be obtained on the dark web for a price. That will mean you’d got from being legal to the seedy world of Blackhats. And as they say, once you go black, you never go back. You would then officially be a criminal.

In most cases, it is not legal to trace or track a cell phone unless you have permission from the owner. However, each state has their own laws, so it’s very important that you understand the laws in the state you live. This way, you can avoid any repercussions.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Block Spammy Scammy Telemarketing Calls

Are you getting a lot of scammy, spammy telemarketing calls? If you are, you know how annoying they are. Fortunately, there are some apps out there that can help. Here are a few apps worth looking into:

CallApp

You can use CallApp to lookup numbers, and then decide if you want to answer it or not. It collects data from users, and then gives you this information when a call comes in. You can get CallApp Crawler for Android phones.

Call Control

This app offers reverse look up, call blocking, and it can even blacklist any unwanted texts, too. It is very easy to use, and it relies on the community to collect spam numbers and submit them to the company. You can get Call Control on iOS and Android phones.

Calls Blacklist

You can use Calls Blacklist to block calls, but there are also other features like scheduling ability or filtering by number prefix. This means you can block numbers that start with a certain combination of numbers, i.e. 803. This app is only available for those with Android phones.

Hiya

Hiya used to be just a reverse look up method, but now it also blocks calls and offers caller ID. This app has access to more than three billion records, but like TrueCaller, your number also goes onto that list. You can get Hiya for both iPhone and Android phones.

Norton Mobile Security

Norton Mobile Security is not necessarily a call blocking app. Instead, it’s a security app that has call blocking as one of its features. This app is perfect for anyone who wants a full security suite on their mobile phone. You can get this app for both iOS and Android.

Safest Call Blocker 

Though Safest Call Blocker is simple, it is quite effective at blocking any unwanted numbers coming from robots or telemarketers. Currently, this app is only available for those who use an Android phone.

Should I Answer?

This app blocks calls, looks up numbers, and then categorizes them for easy filtering. It tracks about 500,000 numbers and is available for both iPhone and Android.

TrueCaller

TrueCaller is a popular app, and it holds more than two billion phone numbers. This makes it great at identifying a spammy number. The one caveat of TrueCaller is that it adds your number to the list of numbers it tracks. You can get it for iPhone, Android, Windows Phone, and even BlackBerry.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of Rogue Cell Phone Charging Stations

Humans have evolved a new body part: the cell phone. One day it will be part of anatomical illustrations of the body in health and medical books probably an appendage on your head. I’m not a Dr. so don’t quote me.

For now, we have to figure out a way to keep this appendage juiced up without being lured into a data-sucking battery-charge station.

There’s even a name for this kind of crime: juice jacking. The kiosk is designed to appear like a legitimate battery charging station, when in fact, it will steal your phone’s data while it’s hooked up.

Worse yet, sometimes the thief will set the station to deposit malware into your phone. The crook will then have access to all the sensitive information and images that you have on the device.

These fraudulent stations are often set up at locations where users would be in a rush and won’t have time to check around for signs of suspicion or even think about the possibility of getting their personal life transferred out of their phone and into the hands of a stranger.

Are these thieves smart or what?

But you can be smarter.

Prevent Juice Jacking

  • Before leaving your house, make sure your phone is fully charged if possible.
  • Buy a second charger that stays with you or in your car at all times, and make a habit of keeping your phone charged while you drive.
  • Of course, there will be times when you’re out and about, and before you realize it, your device has gotten low on power. And it’s time to hunt for a public charging station.
  • Have a cord with you at all times. This will enable you to use a wall socket.
  • Turn off your phone to save batt. But for many people, this will not happen, so don’t just rely only on that tactic.
  • Plug your phone directly into a public socket whenever you can.
  • If you end up using the USB attachment at the station, make a point of viewing the power source. A hidden power source is suspicious.
  • If bringing a cord with you everywhere is too much of a hassle, did you know you can buy a power-only USB cord on which it’s impossible for any data to be transferred?
  • Another option is an external battery pack. This will supply an addition of power to your device.
  • External batteries, like the power-only USB cord, do not have data transfer ability, and thus can be used at any kiosk without the possibility of a data breach.
  • Search “optimize battery settings” iPhone or Android and get to work.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data

Do you have employees who bring mobile phones to work and use those devices on the corporate network? Do they store company data on these “Bring Your Own Devices (BYOD)”?? Does your company have a policy in place for this?

First, the moment a person brings in their personal phone to work, there is a fusion of personal and business tasks that occur. And, equally as bad, company issued devices are used for personal use as much, if not more than the employees own devices. Not sure you believe this? Here are some stats:

A recent survey asked 2,000 office workers about their habit of using their personal mobile devices at work. Here’s what it found:

  • 73% of people admit to downloading personal apps to tablets they got from their company.
  • 62% of people admit to downloading personal apps to mobile phones they got from their company.
  • 45% of people admit to downloading personal apps to notebooks they got from their company.
  • The people who were most likely to do this were in the 25 to 38-year-old age group.
  • 90% of people use their personal mobile devices to conduct business for work.

As you can see, a lot of people are using their mobile devices on the job, and this could not only put your company data at risk, but also the data associated with your clients. Do you have a plan to minimize or even totally prevent how much sensitive company data is wide open to hackers?

Solutions to Keep Sensitive Business Information Safe

Decision makers and business owners should always consider their personal devices as equal to any business device. You definitely don’t want your sensitive company information out there, and this information is often contained on your personal mobile or laptop device. Here are some things that you can do to keep this information safe:

Give Your Staff Information About Phishing Scams

Phishing is a method that cybercriminals use to steal data from companies. Studies show that it is extremely easy for even the smartest employees to fall for these tricks. Here’s how they work: a staff member gets an email with a sense of urgency. Inside the email is a link. The body of the email encourages the reader to click the link. When they do, they are taken to a website that either installs a virus onto the network or tricks the employee into giving out important company information.

Inform Your Staff that the Bad Guys Might Pose as Someone They Know

Even if you tell your staff about phishing, they can still get tricked into clicking an email link. How? Because the bad guys make these emails really convincing. Hackers do their research, and they are often skilled in the principles of influence and the psychology of persuasion. So, they can easily create fake emails that look like they come from your CEO or a vendor, someone your staff trusts. With this in mind, it might be best to create a policy where employees are no longer allowed to click email links. Pick up the phone to confirm that whatever an email is requesting, that the person who sent it is legitimate.

Teach Employees that Freebies aren’t Always Goodies

A lot of hackers use the promise of something free to get clicks. Make sure your staff knows to never click on an email link promising a freebie of any kind.

Don’t Buy Apps from Third-Party Sources

Apps are quite popular, and there are many that can help to boost productivity in a business setting. However, Apple devices that are “jailbroken” or Android devices that are “rooted” are outside of the walled garden of their respective stores and susceptible to malicious viruses. Make sure your employees know that they should never buy an app from a third-party source. Only use the official Apple App Store or the Google Play Store.

Always Protect Devices

It’s also important that you advise your employees to keep their devices protected with a password. These devices are easy to steal since they are so small. If there is no password, there is nothing stopping a bad guy from getting into them and accessing all of the accounts that are currently logged into the device.

Install a Wipe Function on All Mobile Devices Used for Business

You should also require all employees to have a “wipe” function on their phones. Even if they are only doing something simple, like checking their work email on their personal mobile device, it could get into the wrong hands. With the “wipe” function, the entire phone can be cleared remotely. You should also require employees to use the setting that erases the phone after a set number of password attempts.

Require that All Mobile Devices on the Company Network Use Anti-Virus Software

It’s also important, especially in the case of Android devices, that all mobile devices on the network have some type of anti-virus software.

Do Not Allow Any Jailbroken Devices on Your Company’s Network

Jailbroken devices are much more vulnerable to viruses and other malware. So, never allow an employee with a jailbroken phone to connect to your network.

All Employees Should Activate Update Alerts

One of the easiest ways to keep mobile devices safe is to keep them updated. So, make sure that all employees have update alerts enabled, and make sure that they are updating their devices when prompted or automatically.

Teach Employees About the Dangers of Public Wi-Fi

Finally, make sure your staff knows the dangers of using public Wi-Fi. Public Wi-Fi connections are not secure, so when connected, your devices are pretty open. That means, if you are doing things that are sensitive, such as logging into company accounting records, a hacker can easily follow. Instead, urge employees to use a VPN. These services are inexpensive and they encrypt data so hackers can’t access it.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to Avoid Bad Apps

If you think there’s like a million apps out there, that’s not exactly an exaggeration. For sure, there are more than you can imagine, which makes it easy to conceive that many certainly come with security problems.

In fact, out of the top 25 most popular apps, 18 of them bombed on a security test from McAfee Labs recently.

Creators of apps put convenience and allure ahead of security. This is why so many apps don’t have secure connections—creating welcome mats for hackers; they get into your smartphone and get your passwords, usernames and other sensitive information.

Joe Hacker knows all about this pervasive weakness in the app world. You can count on hackers using tool kits to aid in their quest to hack into your mobile device. The tool kit approach is called a man-in-the-middle attack.

The “man” gets your passwords, credit card number, Facebook login information, etc. Once the hacker gets all this information, he could do just about anything, including obtaining a credit line in your name and maxing it out, or altering your Facebook information.

You probably didn’t know that smartphone hacks are becoming increasingly widespread.

bad-apps

So what can you do?

  • Stay current – Know that mobile malware is growing and is transmitted via malicious apps.
  • Do your homework – Research apps, read reviews, and check app ratings before you download.
  • Check your sources – Only download apps from well-known, reputable app stores.
  • Watch the permissions – Check what info each app is accessing on your mobile devices and make sure you are comfortable with that.
  • Protect your phone – Install comprehensive security on your mobile devices to keep them protected from harmful apps.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Can an App really act as a Bodyguard?

In the event of an attack, new smartphone applications can be used to send an alarm to a pre-chosen person. And the potential victims location can then be tracked.

1SDBut is this faster and more secure than a woman whipping out pepper spray and blasting a drunken buffoon who has her cornered in a parking garage at night?

No.

Apps meant for personal security are simply one layer of protection but in no way should be relied upon for personal protection. I mean, come on!!!! IT’S AN APP!!!!!!!

For the iPhone and Android, one such app is called STOP-ATTACK. This can be programmed to call 9-1-1. Once this app is activated it will record video and audio that gets sent to a cloud. This way, you’ll have evidence of who was on top of whom or if someone really did reach into their pocket and pull out a metallic-looking object.

The threatening person won’t even know he’s being recorded. STOP-ATTACK also has an alarm and light that, once triggered, might scare off the perpetrator. It can be activated without actually logging into your phone if your device normally requires a security code. You get all this for $3.99 per year.

Will STOP-ATTACK actually stop an attack? NO. The name is misleading.

Others are out there (e.g., StaySafe, Circle of 6, Panic and Guardly), but the bottom line is that there’s really no reason not to have one—even if you’re a big brute. Women concerned about assault represent one slice of the pie. Muggings over smartphones are getting more common, and often, victims are men.

Like with the can of mace, the potential victim needs to be prepared to handle the smartphone’s security feature very quickly, even slyly, before the perpetrator can grab it—whether he just wants the phone or wants to commit assault. So if the phone is in a woman’s purse while she’s walking around town alone past midnight, it does no good.

Nevertheless, an application like this adds a layer of security to the user. The user needs to insert some human factor into the equation when a threat arises. If a woman senses danger, and she must dig into the deep crevasses of her purse to locate her smartphone…she could have already bolted from danger or leveled a right hook into the would-be assailant’s temple. A trained woman can debilitate an attacker with proper training. But please, DO NOT rely on an app to protect you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

6WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Mobile Carriers spying on Users

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Researchers say your Mobile Carrier’s Network isn’t all that Secure

Gee, even the tools that update your smartphone’s operating system over the air have holes that hackers can slip into.

5WIt’s estimated that as many as two billion handsets are vulnerable, and in some instances, security patches haven’t even been released.

The open mobile alliance device management (OMA-DM) protocol is used by around a hundred smartphone companies to release software updates and conduct network administration. And that’s what they say where the problem lies.

A hacker must know the handset’s distinct international mobile station equipment identity (IMEI) number, plus a secret token, to take remote control. It’s not difficult to obtain the IMEI number or the secret token of the company, thanks to lax networks and vulnerable operating system versions.

Researchers discovered they could easily upload code to a phone after following a WAP message from a base station, then proceed like a hacker would.

Another experiment showed that a fake femtocell could be used to get into BlackBerry, Android and some iOS devices by using weak security protocols. Participants turned off their smartphones and set the femtocell to its lowest power setting. The researchers still managed to pick up over 70 handsets.

They found that Android was the most vulnerable, along with BlackBerry. iOS was tougher to crack, but some devices that were run by Sprint were vulnerable.

Another flaw was that devices could be tricked into checking on their OMA-DM servers; the connections had http instead of https.

The researchers reported that most of the manufacturers and carriers had fixed the OMA-DM systems—most, not all.

What are the network threats?

Hackers practically have the cyberworld at their fingertips, able to attack in so many ways, using so many methods, from apps to users, users to users, and various machines to machines. Hackers don’t just want to access data; they want to manipulate it.

4G refers to fourth generation network, succeeding 3G to offer the fastest speed for wireless activity. The protocol for 4G, however, is flawed, allowing for weakening of the protection for phones and their networks.

The hacker would go right for mobile networks to get simpler, wider entry points. Networks for mobile devices, thus, need to be toughened up. If a smartphone is infected, it will be able to target and scan other smartphones within its proximity (since 4G is IP based), all while the carrier has no clue.

The hacker could infiltrate a desired network, access the 4G network, then have a nice, easy launching pad for the crime.

If a hacker uses weak wireless APN connections for his activities, this forces the smartphones in use to rely upon an ongoing network connection. This will make batteries wear out faster. Furthermore, jammed-up signals may lead to denial of service.

One way to protect wireless networks is by using Hotspot Shield to override any insecurities of open free WiFi and to help protect from some of 4Gs failings.

With the fast speed that stands to come with 4G are also weak security levels and lame network structures. Users will not appreciate this price, and mobile operators will need to step quite a bit up on security tactics for keeping hackers out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.