Mobile Carriers spying on Users

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Researchers say your Mobile Carrier’s Network isn’t all that Secure

Gee, even the tools that update your smartphone’s operating system over the air have holes that hackers can slip into.

5WIt’s estimated that as many as two billion handsets are vulnerable, and in some instances, security patches haven’t even been released.

The open mobile alliance device management (OMA-DM) protocol is used by around a hundred smartphone companies to release software updates and conduct network administration. And that’s what they say where the problem lies.

A hacker must know the handset’s distinct international mobile station equipment identity (IMEI) number, plus a secret token, to take remote control. It’s not difficult to obtain the IMEI number or the secret token of the company, thanks to lax networks and vulnerable operating system versions.

Researchers discovered they could easily upload code to a phone after following a WAP message from a base station, then proceed like a hacker would.

Another experiment showed that a fake femtocell could be used to get into BlackBerry, Android and some iOS devices by using weak security protocols. Participants turned off their smartphones and set the femtocell to its lowest power setting. The researchers still managed to pick up over 70 handsets.

They found that Android was the most vulnerable, along with BlackBerry. iOS was tougher to crack, but some devices that were run by Sprint were vulnerable.

Another flaw was that devices could be tricked into checking on their OMA-DM servers; the connections had http instead of https.

The researchers reported that most of the manufacturers and carriers had fixed the OMA-DM systems—most, not all.

What are the network threats?

Hackers practically have the cyberworld at their fingertips, able to attack in so many ways, using so many methods, from apps to users, users to users, and various machines to machines. Hackers don’t just want to access data; they want to manipulate it.

4G refers to fourth generation network, succeeding 3G to offer the fastest speed for wireless activity. The protocol for 4G, however, is flawed, allowing for weakening of the protection for phones and their networks.

The hacker would go right for mobile networks to get simpler, wider entry points. Networks for mobile devices, thus, need to be toughened up. If a smartphone is infected, it will be able to target and scan other smartphones within its proximity (since 4G is IP based), all while the carrier has no clue.

The hacker could infiltrate a desired network, access the 4G network, then have a nice, easy launching pad for the crime.

If a hacker uses weak wireless APN connections for his activities, this forces the smartphones in use to rely upon an ongoing network connection. This will make batteries wear out faster. Furthermore, jammed-up signals may lead to denial of service.

One way to protect wireless networks is by using Hotspot Shield to override any insecurities of open free WiFi and to help protect from some of 4Gs failings.

With the fast speed that stands to come with 4G are also weak security levels and lame network structures. Users will not appreciate this price, and mobile operators will need to step quite a bit up on security tactics for keeping hackers out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

United Airlines Passport Scanning Mobile App: is it safe?

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

How much easier international travel is for United Airlines fliers: They can now use their iOS or Android device to scan their passports.

PP

If a customer checks in with United’s mobile application for international flights, they can access the passport-scanning feature. One can check in within 24 hours of departure. Fliers will get an option to confirm their stored passport data or to scan their passport.

If a customer chooses the scan, the app will use the smartphone’s camera to capture passport information. United says this is “similar to a mobile banking deposit.” The flier can retrieve the boarding pass after the passport scan is verified.

United says that their passport scanning feature is very time-saving and gives fliers more control.

Since it’s launch, Ive been asked by multiple outlets in regards to its security and the safety of this application, as it pertains to possible data breaches. The company who created the apps backbone is “Jumio” and by all accounts, they seem top notch.

It’s important consumers never blindly download or use any application without doing some due diligence. This is what I found;

Jumio states: “Jumio is PCI Level 1 compliant and regularly conducts security audits, vulnerability scans and penetration tests to ensure compliance with security best practices and standards. To demonstrate PCI compliance a yearly on-site validation assessment by a QSA is carried out. Jumio carries the security controls established to achieve PCI compliance over to PII data which is of comparable sensitivity and has extended the scope of such controls to cover and protect all systems used to transmit/process/store PII data. Doing so, provides Jumio with a coherent and independently tested set of security policies/processes/controls and enables Jumio’s customers to gain confidence that their data – be it credit card or PII – is handled in a secure manner throughout its lifetime.”

This is great. Now let’s hope my airline, Delta, signs on too!

And again, know what you’re getting into with any app because the Wall Street Journal ran a report in 2010 warning people of app developers’ missing transparency. And yes, we’ve come a long way in 4 years but 101 popular applications for iPhone and Android were examined. It turned out that 56 actually transmitted the mobile device’s unique ID to other companies. This was done without the user’s consent or even awareness.

Forty-seven of the apps transmitted the device’s location. Five of the applications sent gender, age and other personal data to outsiders.

This shows how intent that online-tracking companies are at collecting private information on people. Kind of makes you think of that song, “Every Breath You Take,” by the Police, especially the part that goes, “I’ll be watching you.”

Trackers know what apps the user is downloading, how often they’re used and for how long, the whole works. And there’s been no meaningful action taken to curb this. It’s all about money. (Isn’t everything?)

The more “they” know about the user, the more targeted ads will come the user’s way. If they know you love shoes, ads about shoes will pop up. However, all this “transmitted” personal information can also be used for ID theft and other criminal purposes.

Solution:

Be aware. Don’t just blindly downloads and use an application. Do your research, read the terms and conditions and/or terms of service.

The user must weigh the risks and benefits when downloading the next application. In addition, download only from a reputable app store—after you’ve read user reviews and the app’s privacy policy regarding how much personal information it will get into and share.

Other tips include avoiding conducting smartphone transactions over unsecured Wi-Fi connections and keeping the software current in your smartphone: keeping up to date on its operating system, security software and browser.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Using your Mobile to protect you from criminals

The Good:

5WYour mobile phone number is almost as good as your fingerprint: very unique to you, and as a second factor authentication device via text message, acts as access control through which to access certain web sites.

SMS two factor authentication as it’s know is the sending of unique one time pass codes that turns your mobile phone into a recipient of a onetime password or “OTP”. Generally there’s no software to install and it’s just a matter of registering your device with the website. OTPs are sent to smartphones upon entering your username, than a password or after you click a button on the site requesting the SMS OTP

A fraudster trying to infiltrate your account would need not only your password and user name, but would also need to physically have your phone. This is a great layer of security. SMS two factor authentication can be used with site like Facebook, Twitter, your bank, Gmail, Paypal and others.

Web sites link your mobile number with your account for your protection. So next time an online company wants to send you a “code” via your smartphone, don’t get annoyed; feel secure instead, because that’s how the company knows you are you. In fact, companies will likely brand you as a highly suspicious user if you refuse to include your mobile device’s number as part of your registration.

The Bad:

Keep your guard up because fraudsters won’t be stopped from trying to succeed at their plans, however, and they know that the smartphone poses unique vulnerabilities to the user. For instance, people are more likely to click on a malicious e-mail link because the phone’s small screen makes it harder to detect suspicious web site addresses. Criminals are forever trying to get passwords and hack into accounts and wreak havoc. As technology continues to evolve in favor of the honest user, so does the technology of crime.

Your role is to always try to stay one step ahead of the criminals. There are ways you can protect yourself and never let crooks get ahead of you:

  • Never use the same password for more than one account or web site, even though it’s more convenient to have one password for multiple sites. Every app and web site should have a unique password.
  • Every access point you encounter should be safeguarded with a WiFi VPN service such as Hotspot Shield VPN that encrypts your wireless internet and surfing activities. This way, when you peruse cyberspace at hotels, airports and coffee houses, all of your activities are protected from hijackers.
  • Ignore password request e-mails or security alerts, especially on your smartphone, as they are almost always fraudulent.
  • Do you know if your phone (or iPad) is uploading your private data to cyberspace? Find out by installing an app security scanner.
  • Never use third-party apps on your device (or “jailbreak” it). Never let your kids use your phone, either.
  • Your device should be kept up to date with the latest operating system. System updates usually include security enhancements.
  • When installing Android apps, read their security notices. Understand how your sensitive data will be exposed with these apps—before you hit “Okay.”

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

“Predictive Analytics”: Technologies that read your Mind

There’s an app that can practically read your mind via your mobile device. The technology is called predictive analysis, and Google’s Now app is at the forefront. Other apps that utilize predictive analysis include Grokr and Osito: predicting the smartphone user’s next move.

2WHow does this work?

Snippets of information are assembled via an algorithm, leading to a prediction of the user’s next behavior.

An example would be combining snippets of calendar entries with the user’s location data, e-mail information, social network postings and other like information.

The user is then presented with assistance that the app “thinks” is needed. The support-information is called a card. A card might, for example, remind the user about an event whose information was entered previously.

The app will then add directions to the event or show weather conditions at the location—even advise raingear.

Benefits

  • The Now app can “understand” context and filter out irrelevant information, making searchers easier than ever.
  • The Google search engine can now respond to more than just individual keywords and can seemingly grasp the meaning of a search query. This algorithm is called Hummingbird and impacts 90 percent of searches.

An example is that Google can compare items upon request or dig up facts about various things. For example, just type in the name of a famous landmark—once. If you seek trivia, you’ll get answers, but if you then seek directions, Google will know that you want directions to this landmark without you having to type in its name again.

  • Future locations of the user can be predicted (based on locations visited previously), not just the current location.
  • Recently, Google and Microsoft researchers came up with a software, Far Out, that can figure out a user’s routine via GPS tracking. This data is then assembled so that future locations of that user can be predicted.
  • The configuring can even adjust to correlate with the user’s changes in residence or workplace.

As advanced as all of this seems, this is only the start of a new wave of technology that can “think” for us—a big benefit to those whose lives are so hectic that they’ve become absent minded, and for those who simply enjoy the idea of having to do less mental work.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

5 Ways To Protect Your Mobile From Prying Eyes

Do you know how to keep your phone from the prying eyes of exes, strangers, cops, other officials and even your own spouse? Here are tips to keep your mobile safe and secure.

5W#1 Common Sense

When it comes to the police, cooperate; this will lessen the chance of mobile confiscation. Though you aren’t required to talk to the police without an attorney present, and don’t need to fork over your passcode or give up your phone just because they ask for it, don’t be a pest, either. In general, police need a warrant to search your phone.

#2 Lock down your Phone

Encrypting important data is crucial for those who want to keep prying eyes—be they the police, a vindictive ex or a nosy coworker—from gaining access to their mobile device. The method of encrypting varies from one mobile device to the next, but here are some guidelines:

  • Android and iOS phones come with native data protection for encrypting. Take advantage of this. Remember, other models also offer encryption features, and the user needs to learn how to access these features.
  • Lock your SIM card so nobody can access the SIM without a known PIN.
  • Don’t always use the same phone; switch them up.
  • Protect any videos or photos you’ve taken with the mobile by saving them, then sharing them immediately to provide a backup.

#3 Store in a Cloud

Cloud storage enables you to store your data (videos, pictures, files, etc.) in a virtual storehouse which can be purchased or leased through a hosting company.

To store photos or videos, enable Camera Uploads on DropBox (Android, iOS). You can do the same with Google Drive. Each mobile device has a different way of shunting your valuable data to a cloud for cyber storage.

For Facebook enthusiasts, cloud storage can also be done via your mobile’s Facebook app.

iOS users can use AutoSnap to upload any image that’s taken with it to Facebook, DropBox, Twitter and Instagram. Just link the app with any social accounts that you have.

#4 Live broadcasting Yourself

  • Livestreaming puts anything you record on your phone onto the Internet; here, the phone acts as an inputting tool rather than a storage tool.
  • Justin.Tv (iOS, Android) is the leading livestream app, and the service is free.
  • UStream (iOS, Android). This livestreaming app focuses more on quality than on easy access. The service offers many broadcasting options.
  • Veetle (iOS, Android). This company is smaller than Justin.Tv and UStream, but has an advantage: free, easy integration with social media, plus some other perks.

#5 Use a VPN

When surfing the web on your local computer, mobile or tablet on a free, unprotected public network in a hotel, airport or coffee shop, your data is vulnerable to “sniffers.”

That’s where a Virtual Private Network (VPN) comes in to protect your data between your laptop, iPad, iPhone or Android and an internet gateway. This kind of VPN creates an impenetrable tunnel to prevent snoopers, hackers and ISPs from viewing your web-browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection at both your home Internet network and public internet networks (both wired and wireless). Hotspot Shield’s free proxy protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

7 tips to a secure mobile device

Have you ever received an email like this…I did: “Robert, last night I was at a concert and I must have dropped my phone because I lost it. But then something awful happened. My friends knew I was with my other friend, and she got a call wondering if I was OK. Apparently whoever found or stole my mobile posted all my naked pictures to Facebook. I’ve finally got access to Facebook and I’ve deleted most of them, but it’s been a harrowing experience.”

5W

There are just so many things wrong with this. It’s amazing to me how lazy some people can be with their mobile security—especially if their devices have, ahem, “private” information on them.

  1. Passwords: Mobiles need to be password protected and automatically locked after one minute. A four- to six-letter/number password is sufficient.
  2. Erase on too many password attempts: Enable the option for when someone tries to enter a password in excess of 10 tries, the device erases the data. If you have kids, you may not want to activate the erase option.
  3. Lock/locate/wipe software: Many devices have a feature that allows users to locate the device in the event it’s lost or stolen. And added bonus is it allows you to lock it down (it should already be locked after one minute!) and erases the data remotely.
  4. Security software: Know that mobiles are targeted by virus writers in the same way PCs are. While there are millions of viruses targeting PCs, there still tens of thousands targeting mobiles.
  5. Wireless security: The 3/4G connection on your devices is relatively secure—but the WiFi is definitely not, especially on a public WiFi network. Hotspot Shield VPN is an excellent option to protect your data on an unsecured network.
  6. Update your operating system: Whenever you get a notification that an updated version of your OS is available, it’s often because there was a security vulnerability discovered. Download the update ASAP.
  7. Beware of SMiShing: Whenever you receive text messages to access an account, update your OS or offering cheap goods, be suspect. Really, if you aren’t expecting the text, hit delete.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

NFC app on androids facilitates automation

Near field communications (NFC) is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point-of-sale device at a checkout counter.

And NFC does so much more on Androids. A program called Trigger, which is available in Google Play, allows you to create customized automation tasks for numerous everyday things we do.

Bored of putting your phone on silent every time you get into the office? Tired of turning off Bluetooth to conserve battery every time juice gets low? This app interacts with your surroundings to configure settings on your phone automatically. Combine triggers and actions to create tasks, then activate the tasks that you create with conditions that you set!

Here are examples of what you can do:

In your car: Use Bluetooth as a trigger to open GPS and launch your favorite music app.

On your nightstand: Program an NFC tag to set your ringer to vibrate, dim your display and set an alarm.

In your home: Configure mobile data to turn off when your phone detects your own WiFi signal.

The current triggers are as follows:

  • NFC
  • Bluetooth
  • WiFi
  • Battery level
  • Location
  • Time triggers

And here are a few examples of the actions that you can perform:

  • Change WiFi, Bluetooth, mobile hotspot, airplane mode, auto-sync, GPS (root users) and mobile data settings.
  • Change your volume or notification tones.
  • Change your display brightness, timeout, auto-rotation or notification light settings.
  • Check in on social media like Foursquare or Google Places.
  • Send messages using Twitter, SMS, email or Glympse.
  • Start or stop applications (root required for stopping applications), dock modes, open URLs, speak text or navigate to an address.
  • Set alarms or create calendar events.

There’s even more, but suffice to say this app allows you to easily program your device to do the actions you manually do regularly.

So go ahead and create your own combinations to automate your life. The only limit is what you can come up with!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Mobile, wearable and now…implantable technology?

It began with the laptop.

7DThe laptop was the first portable internet-connected device that freed up millions to create a mobile workforce. Next was the smartphone, which didn’t really take off until Apple opened it up to developers and allowed the creation of applications that made the smartphone what it is today. Apple did it again with the tablet, and now Android tablets and smartphones have an even bigger stake in the game than ever before.

Today we have wearable technology in the limited release of Google Glass, which is a wearable computer with an optical, head-mounted display in a smartphone-like, hands-free format that can interact with the internet via natural language voice commands.

Now we have smartwatches. Samsung has a smartwatch, and Google, Apple and Microsoft are buying up companies that have patented smartwatch technology or are hiring engineers to create it. Smartwatch technologies are supposed to work in tandem with mobile phones and computers to become the third leg of the “smart” ecosystem.

And with wearable fitness gadgets that sense heartbeat, pulse, the number of steps you take, and the quality and duration of your sleep, it’s just a matter of time before technology gets in your head…literally.

CNET reports, “Google has a plan. Eventually it wants to get into your brain. ‘When you think about something and don’t really know much about it, you will automatically get information,’ Google CEO Larry Page said in Steven Levy’s book, In the Plex: How Google Thinks, Works and Shapes Our Lives. ‘Eventually you’ll have an implant, where if you think about a fact, it will just tell you the answer.’”

WOW. We have had pacemakers for a while now, and there are chip implants similar to those in pets but now used to authenticate humans. But “Google brain”?

What do you think? Will you wear Glass? Do you have to have a smartwatch? Would you like to be able to think of something and have an implantable computer in your head to provide some additional resources to complete your thoughts? Technology is now “on” our bodies, and it’s looking more and more like technology is creeping “into” our bodies! Let’s hope our heads don’t get hacked!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Understanding Your BYOD Policy

An employee may pay for their device and its monthly plan, but employees who use their personal devices at work should be required to adhere to a Bring Your Own Device (BYOD) policy that sets the ground rules. If you choose to use your personal device for work purposes at any time for any reason, then your employer will more than likely want control over that device. This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data.

The day after you get your new and shiny mobile or tablet, chances are you’ll take it right to work and request the IT department set it up with your email and access to the company network. And as more and more companies agree to this, they are also requiring you to agree to their terms as well.

Expect an acceptable use policy. This is one that is governed by the company’s CIO and others basically telling you what you can and can’t do. Read it carefully because once you sign it, your job will be on the line of you don’t abide by it.

Running in the background will be an application that you will be required to download and install. This app may have a certificate authenticating you and the device to connect to the company network and run company programs.

The installed application should provide the enterprise the ability to essentially remotely control your mobile at some level. I wouldn’t be concerned about this unless of course you’re not abiding by the agreement you signed.

At a minimum expect the application to have the ability to locate your mobile if its lost or stolen via the phone’s GPS, lock your phone locally whether you want to or not, (by default you have to choose 1-5 minutes).  Mobile security software apps should also remotely wipe your mobile of all its data. Having encryption, antivirus and a firewall is a key factor in protecting data.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures