Don’t Believe These 6 Mobile Security Myths

/in /by

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to our mobile device. Here are some of the most common mobile security myths.
5W

  1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
  2. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
  3. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
  4. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
  5. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
  6. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android and Apple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Mobile Carriers spying on Users

/in , /by

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 ways to Keep your Mobile Data safe from mCrime

/in /by

A smart thief will go after smartphones: a portal through which to gain access to your money, accounts, data and social. Few people think they’re not smart enough to prevent a crime involving their precious mobile phone, but it happens to even the highly educated who think they can’t be outwitted. mCrime is big business and knowing how to protect yourself is a big deal.

5WTexts, e-mails, social media and so much more contain enormous amounts of private information. And crooks know how to get this information. One trick is to send a phishing e-mail: a scam that’s designed to sucker the recipient into giving away personal information or money. In one study, 100,000 phishing e-mails were sent out. Three thousand people responded, and of those, almost three quarters came from smartphones.

People are sloppy with guarding their smartphone, and this is how criminals infiltrate. But it doesn’t take a high IQ to beat the bad guys at their game.

  1. It’s only a matter of time before you misplace your smartphone, giving the wrong hands a chance to grab it. So protect it with a password (and a tough one to crack, like 47%R$PUy rather than 789hot). Even a great password should be changed every so often.
  2. And the greatest password on earth still shouldn’t be used for more than one account; use a different one for every single account.
  3. And speaking of misplacing it, make sure it has a locator. Add a layer of protection by having a remote-wipe capability in case the device vanishes.
  4. Regularly back up the data that’s on your smartphone.
  5. Did you know a hacker can find out where you live or work simply from the photos you’ve put up in cyberspace? They are geo-tagged, but you can disable this feature.
  6. When you’re not using the device, keep it disconnected from cyberland.
  7. When you are connected, don’t visit your bank or other places that have sensitive personal data. But ig you just have to, run a program called Hotspot Shield. This way all your data is encrypted on the wireless wild wild web.
  8. Think twice before clicking on the photo of that busty babe or chiseled stud; the image link might take you to a malicious website that will download a virus to your phone.
  9. Never open a link inside an e-mail, even if the sender seems to come from your bank or Uncle Sam. Use a password manager or manually type the url in your browser.
  10. Last but not least, regularly update your device! As cyber attacks evolve, security must keep up to patch up these new holes. Leave a hole open, and a hacker could get in and steal the information you have stored in your phone, like addresses, account numbers, anything he wants.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Mobile Employees Are a Security Risk

/in /by

Not too long ago, the office computer filled an entire room. Now, it fills the palms of one-third of employees—those workers who use only the mobile device for their jobs. Security, however, lags behind in keeping up with this growing trend. This is the BYOD generation: bring your own device (to work).

8DIT departments need to keep one step ahead of this fast-growing trend. It’s here to stay, and one reason is because it’s responsible for significantly pumping up productivity. Employers love this. More productivity = higher profits. You’d think that some of these increased profits would be reinvested in security training that correlates to the BYOD movement, since the BYOD movement strongly correlates with an increase in data breaches and risks of breaches.

But it’s not. Organizations still aren’t seeing the light.

A recent Ponemon Institute survey reveals that for a large portion of employees, the mobile device is a first-line medium for conducting business. That one-third figure mentioned earlier is forecasted to jump to 50 percent over the next 12 months.

With all the improvements in productivity comes a corresponding jump in the risks of data breaches—both intentional and accidental. The survey reveals that 52 percent of the participants said that security training for smartphones was shelved in the name of sharpening worker productivity.

Another finding: One-third of businesses don’t even have existing security programs for the BYOD’ers. About three-quarters of respondents said that their existing security was lax. And don’t think that security risks mean only computer viruses, phishing e-mail scams, being lured to malicious websites, being tricked into downloading malware, etc.

There’s a huge risk in the form of roving eyes. A “visual hacker” uses his eyes, and sometimes with the assistance of binoculars or a mobile device camera, to prowl for unguarded computer screens in public like at airports, hotels and coffee houses. He swipes sensitive data by recording it with a camera or seeing it and then writing down what he sees or even memorizing it. Workers can prevent “shoulder surfing” with the ePrivacy Filter software by the 3M company. Combine this software with a 3M Privacy Filter, and the user will be able to thwart a hacker hovering over his or her shoulder from virtually any angle.

The typical business, says the survey, handles 20,000 mobiles, and that number is fast-rising. This will heap on the pressure to implement solid security plans. Managing each device won’t be cheap, either, but a pricey stitch in time will save an obscene expense times nine.

Sixty percent of the survey takers said that mobiles have made employees rather lazy with security awareness. There’s definitely a human factor involved with all of this that businesses must address.

If employees want to use mobiles to conduct business, they should also embrace the responsibility that comes with the use of these devices—that of being willing to learn how to keep the sensitive data that’s stored in these devices safe, and also being willing to learn how to recognize social engineering and other cyber criminal tricks.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Removing Location data from Mobile Pics

/in , /by

Those cutesy photos in your phone of your puppy can reveal your location because the images leave footprints leading straight to your home. The trace data is called EXIF: exchangeable image file format. It may contain GPS coordinates of where you took the photos.

6WApple’s and Google’s smartphones ask owners if it’s okay to access their location. Click “okay,” and this means every photo you take gets tagged with GPS coordinates. Thieves look for this information, which remains with images that are uploaded to Flickr, Photobucket, etc. (Facebook strips EXIF.) Crooks or pervs can then use Google Maps to get your exact location.

Prevent Geotagging: Six Steps

  • For social media applications, turn off the location services.
  • For iPhone, go to Settings, Privacy, Location Services, and turn off the location services.
  • For Android, go to Settings, Location Services, and turn off the location services.
  • There are apps such as Pixelgarde that wipe geotags from existing online photos.
  • For computers, Windows can strip out the EXIF; just right click the image, click Properties, then in the “details” tab, hit the Remove Properties and Personal Information.
  • Mac users can use XnView, but this bulk-stripper works also for Windows.
  • Run Hotspot Shield which masks your IP address creating an incomplete profile of location data.

Many people don’t even know that photos store location information. You’re a walking map unless you take certain steps to protect your privacy. With those pictures you take with a smartphone camera, you also record all sorts of goodies like shutter speed, type of camera, date the image was taken, and of course…GPS coordinates. Here are the details for protecting your privacy:

Windows Phones

  • Select photos in Windows Explorer.
  • Right-click them, hit Properties.
  • Beneath the Details tab, click “Remove Properties and Personal Information.”
  • A window will pop up; hit Okay.
  • You’ll see a copy of each right-clicked photo in that same folder. The copied images are safe to upload.

Mac OS X

  • Use an app called SmallImage. Download the file.
  • Open the app; drag photos into its window.
  • Uncheck the box called “Recompress at quality.”
  • Click “Process,” and the copied photos will appear in the folder.
  • To replace the original photos rather than make duplicates, uncheck the “Add Suffix” box.

Linux

  • You’ll need a tool, EXIFTool. Install it on Ubuntu by running this command: sudo apt-get install libimage-exiftool-perl.
  • Next, to create clean copies of your photos, cd to their folder, then run: exiftool -all= *.jpg.
  • It will then generate copies of the photos

There exist a number of other programs for removing location data from your mobile phone, but the steps described here are among the easiest.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

This Earth Day, “Clean” Your Device Before You Recycle It

/in /by

One man’s trash is another man’s new identity?Yes, because that “junk mail” you toss in the garbage contains valuable data about yourself. A crook bent on identity theft can potentially have a field day with your discarded pre-approved credit card applications, bank statements, etc. Using a paper shredder before throwing out letters and documents such as these will help protect you and your family.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776You should take this same vigilant approach when recycling your devices, whether that be your computer,external hard drive, mobile phone or tablet. This ensures no matter where your recycled device ends up, you can feel secure knowing it contains zero data about  you—and a factory reset will not necessarily achieve this.

Here’s how to “clean” the data on your mobile device:

  1. Do a factory reset. Every mobile phone contains software to do this.
    1. To reset Android: Menu > Settings > Privacy > Factory Data Reset.
    2. To reset Blackberry: Options > Security Options > General Settings > Menu > Wipe Handheld.
    3. To reset iPhone: Settings > General > Reset > Reset All Settings.
    4. For other phones, you can find out how to reset by doing an online search using the appropriate keywords, including the model number.
  2. Get rid of data that is on external media, like SIM or SD cards. Your best bet is to cut them in half.
  3. You can use a mobile security product, like McAfee® Mobile Security, to wipe your mobile clean of all its apps and data.

How to “clean” the data on your computer:Before you get rid of your computer, you must make sure that it’s impossible to recover the data on the hard drive. Simply putting things in the trash can and deleting them is not enough. If someone is skilled enough, they can almost always retrieve data left over on a hard drive. It’s your choice on how tough you make it for your computer’s new owner to do that.So don’t rely on these tasks.

Use a utility designed for wiping or erasing. This tool will overwrite everything with binary 1’s and 0’s. In fact, these tools meet government security standards and will overwrite each sector in your hard drive multiple times.McAfee Shredder, in which is included with McAfee LiveSafe™ service, is one of these tools. It will permanently wipe everything off your PC to protect your privacy.

This Earth Day, join the movement and demonstrate support for environmental protection. Just make sure to protect yourself first!

7 Safety tips on the Mobile Internet

/in /by

It’s time to know all the ways you can make sure you’re safe when in mobile space to prevent identity theft.
1W

  1. It’s 10 pm; do know where the malware is? Malware is stealthy and hides in places you least expect, like search engines, tech-related sites, entertainment sites and web ads. Malware can even be waiting for you when you download what seems to be an innocent app for your favorite game. In fact, gaming and gambling sites are common targets, as are search engines—and these threats aren’t going to disappear too soon. Install antivirus especially on Android phones.
  2. Beware of peeping toms. That is, someone peering over your shoulder to catch you typing in a password. Mobile devices don’t mask passwords with those big dots like a laptop or desktop will. That snooping thief is hoping to get a glimpse of your password. Consider sitting against a wall when using your mobile in public. Cover your device with your other hand when entering PINs
  3. Click with discretion. The mobile webscape is replete with juicy-looking items to click: promotions, ads, weblinks…and it’s pretty much impossible to tell the legit ones from the fraudulent ones. Even the URL can’t indicate this. Scam offers can look legit and trick you into clicks. Don’t let the menagerie of all that stuff to click on overwhelm you. Don’t visit anyplace you’re not sure of.
  4. Don’t get reeled in by phishing e-mails. What should you do if you get an e-mail from eBay or something like that, requesting you click a link to update your credit card information because suspension of your account is imminent? Don’t open. Delete.
  5. Credit card companies, the IRS, banks, etc., will never contact you via e-mail and request your private information. Other scams take the form of announcements you’ve won money, your password has been compromised, or some other emotional message. Make a habit of never even opening these.
  6. Stay with app stores. The mobile webscape is cluttered with enticing offers of free downloads. A minority are fraudulent and it’s impossible to tell which are which. Never download from mobile-only sites or those crammed with ads. Download only from app stores you trust.
  7. No “Jailbreaking or “rooting”. These terms refer to installing software that will break down the walled gardens of your iPhone or Android. Once you do this you oprn the devices up to malware.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Mobile Phone Hacking: proactive and reactive Responses

/in /by

Mallorie’s Android phone was acting odd, like it was possessed. The thing had a mind of its own, sending garbled texts and gambling. Ghost? Or hacked?

6WMallorie locked down the phone when it was charging so it wouldn’t purchase poker chips. One day she forgot to lock it and it went on a shopping binge. Packages began appearing at her doorstep.

Obviously, someone had access to her credit card. But how? And what could poor Mallorie do to disable this thief?

Millions of mobile devices get infected. But police officers won’t bother with this. Mallorie cancelled her credit card and deleted the “possessed” apps. Then she crossed her fingers.

How do mobile phones get attacked?

A study showed that 86 percent of Android malware employs “repackaging.” Here’s how it’s done:

  • Download an application
  • Decompile it.
  • Add malware.
  • Recompile the app.
  • Submit it back into public circulation—after changing its name.
  • Someone else downloads this changed-name application, and the malicious payload infects their device.
  • A repackaging variation, “updating,” involves adding a code that will tag a malicious payload at a later date.


How can you tell your mobile has been infected?

  • It begins behaving oddly. Something is off—sometimes slightly, sometimes blatantly, such as the device is sending your address book to a foreign IP address. Hook your mobile to a WiFi and see where it sends information to.
  • Unfamiliar charges on the bill. Malware on a phone will produce unauthorized charges. The device is hooked to an accounting mechanism, making it a snap for thieves to send premium SMS text messages or make in-app purchases—which cost you money.

How can you protect your mobile?

  • Keep its software up to date: easy to do on iOS but difficult on Android.
  • Some phones cannot be updated; these phones have OS vulnerabilities within them, making them open to attack. Users end up downloading malware which uses this OS vulnerability to infect the device.

Android vs. iOS for security

  • iOS beats Android for security against malware.
  • Apple placed restrictions on application functionality (e.g., premium SMS messages can’t be sent), which is why Android isn’t as secure against malware as is iOS.
  • Another reason: Android’s app review process is not top-notch at screening out bad applications (but it’s improving).
  • Both Android and iOS allow your personal data to leak out to ad networks. This isn’t considered malicious since a user may wish this to occur.

Scope of Problem

  • The verdict isn’t quite out on this.
  • Some say the problem is limited just to third-party app sellers and this can be avoided by going to iOS’s or Google Play’s app store.
  • Others believe everybody has a compromised application on their mobile.
  • More research is warranted to define scope of problem.

Who should protect the user?

  • The app maker? The carrier? Or the operating system provider?
  • Nobody has taken this responsibility currently. It’s kind of like a “that’s not my problem you downloaded a malicious app that we didn’t write,” or, “You wanted it; I only delivered it—not my problem.”
  • The buck is passed because user protection is expensive.

Solutions?

  • It would be great if the app store could provide very in-depth screening for all the types of malicious actions that apps can perform.
  • The caveat: This isn’t in the platform provider’s best interest because they want their store to carry a lot of applications.
  • Stores want more and more apps, and better ones, and don’t want anything to slow that process down.
  • Data can be secured when you communicate via a wireless network with a VPN like Hotspot Shield VPN. All web transactions can be secured via https.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Isis Mobile Wallet goes live

/in /by

Isis Mobile Wallet allows you to make purchases with your phone—a technology that just went live. Just wave your Isis-compatible smartphone at select cash registers to buy soda or taxi service, via Isis’s near-field communication technology. (iPhone compatibility with NFC will come later on.)

1C

Incentives

Customers of Isis Mobile Wallet can use My Coke Rewards and Isis to get three free beverages at designated vending machines.

Another incentive comes from Jamba Juice: that of giving away one million free smoothies to Isis customers.

The third incentive: Make a purchase via an American Express Serve account through Isis Mobile Wallet, and you’ll be eligible for a 20 percent discount (going up to $200).

An enhanced SIM card is necessary to run Isis. You’ll also need to download the app from Google Play, or, you can sign up at any retail store that’s run by these three carriers mentioned above.

Free Smoothies

One million smoothies will be given away for free, courtesy of a business partnership between Isis and Jamba Juice.

All you need do to get the smoothie is make a purchase with your smartphone using the Isis Mobile Wallet.

Why give away a million free smoothies? It’s a promotion to encourage consumers to make mobile payments. This technology is possible by equipping point-of-sale terminals (cash machines) with near-field communication that will read the smartphone as it’s waved at the sensor.

This technology has passed trials with flying colors, and Jamba Juice will implement NFC-enabled terminals in stores nationwide. The goal is to get the idea of mobile payment more universally accepted by consumers.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

5 Ways To Protect Your Mobile From Prying Eyes

/in , /by

Do you know how to keep your phone from the prying eyes of exes, strangers, cops, other officials and even your own spouse? Here are tips to keep your mobile safe and secure.

5W#1 Common Sense

When it comes to the police, cooperate; this will lessen the chance of mobile confiscation. Though you aren’t required to talk to the police without an attorney present, and don’t need to fork over your passcode or give up your phone just because they ask for it, don’t be a pest, either. In general, police need a warrant to search your phone.

#2 Lock down your Phone

Encrypting important data is crucial for those who want to keep prying eyes—be they the police, a vindictive ex or a nosy coworker—from gaining access to their mobile device. The method of encrypting varies from one mobile device to the next, but here are some guidelines:

  • Android and iOS phones come with native data protection for encrypting. Take advantage of this. Remember, other models also offer encryption features, and the user needs to learn how to access these features.
  • Lock your SIM card so nobody can access the SIM without a known PIN.
  • Don’t always use the same phone; switch them up.
  • Protect any videos or photos you’ve taken with the mobile by saving them, then sharing them immediately to provide a backup.

#3 Store in a Cloud

Cloud storage enables you to store your data (videos, pictures, files, etc.) in a virtual storehouse which can be purchased or leased through a hosting company.

To store photos or videos, enable Camera Uploads on DropBox (Android, iOS). You can do the same with Google Drive. Each mobile device has a different way of shunting your valuable data to a cloud for cyber storage.

For Facebook enthusiasts, cloud storage can also be done via your mobile’s Facebook app.

iOS users can use AutoSnap to upload any image that’s taken with it to Facebook, DropBox, Twitter and Instagram. Just link the app with any social accounts that you have.

#4 Live broadcasting Yourself

  • Livestreaming puts anything you record on your phone onto the Internet; here, the phone acts as an inputting tool rather than a storage tool.
  • Justin.Tv (iOS, Android) is the leading livestream app, and the service is free.
  • UStream (iOS, Android). This livestreaming app focuses more on quality than on easy access. The service offers many broadcasting options.
  • Veetle (iOS, Android). This company is smaller than Justin.Tv and UStream, but has an advantage: free, easy integration with social media, plus some other perks.

#5 Use a VPN

When surfing the web on your local computer, mobile or tablet on a free, unprotected public network in a hotel, airport or coffee shop, your data is vulnerable to “sniffers.”

That’s where a Virtual Private Network (VPN) comes in to protect your data between your laptop, iPad, iPhone or Android and an internet gateway. This kind of VPN creates an impenetrable tunnel to prevent snoopers, hackers and ISPs from viewing your web-browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection at both your home Internet network and public internet networks (both wired and wireless). Hotspot Shield’s free proxy protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.