Posts

Make Your Mobile a Tough Target for Thieves

You should definitely pay attention to your mobile phone security. Most of us don’t, which makes it easy for hackers and ID thieves to target us. Here are some tips to protect yourself from becoming a target for thieves.

 

Use a Passcode

One of the easiest ways to ensure that you are not a target for thieves is to use a passcode. All mobile phones have a built-in passcode option, and if you have an iPhone you can even set a passcode if it has been stolen by using the Find My iPhone feature.

Use Face ID or Touch ID

To make your iPhone even safer, you can use Face ID if you have the iPhone X or Touch ID on other iPhone versions. This is much stronger than using a passcode.

Set up Find My iPhone

If your iPhone gets stolen or you lose it, you can use the Find My iPhone app. This is a free app that is built into the iCloud. It uses GPS to show where your iPhone is at any time, as long as GPS is enabled. For Androids set up Find My Device to accomplish similar tasks.

Look at Your Privacy Settings

You should also take a look at your privacy settings. Your data is extremely important and there are threats all of the time. Fortunately, you can set your privacy settings to make it tough for people to get into it. Depending on your phone OS, seek out built in privacy, location, encryption and VPN settings.

Should You Get Antivirus Software for Your iPhone?

You might think that you can make your phone safer by adding antivirus software. Yes, it’s very important to have anti-virus software for your computer, but you don’t need it on your iPhone, but definitely do need it for your Android. Do a search on Google Play, there are plenty.

Stop Jailbreaking (iPhone) or “Rooting” (Android) Your Device

Another way to keep your phone safe is to stop jailbreaking. A lot of people like jailbreaking because it gives more freedom to customize your phone how you want. You can also download apps that Apple has not approved of. However, jailbreaking your phone can cause it to become more open to hackers, too, which could really be devastating.

Encrypt All Backups

When you sync your iPhone to your computer, it holds data for your as a backup. This way, if you ever need it, you can get it easily. However, this also means that this data could be open to hackers if your computer ever gets hacked. So, it’s always best to make sure that you encrypt all backups. You can do this in iTunes with only a few additional steps.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Your Hacked Mobile Phone Number is Like Your Social Security Number

If you have a cell phone, and you use it in any way associated with accessing online accounts (and many do), you are putting yourself at risk of getting hacked. With only a phone number and a bit of information, which is easy to get through social engineering, a hacker can break into your personal and financial accounts.

5WThis works by getting information about you, such as your birthday, address, or even the last four digits of your Social Security number…information that is readily available…and then creating a plausible story to gain access to your phone account, phone and various online accounts. Once they have access to your accounts, they can change the phone number, get a new sim card and then change account passwords, and you will be unable to access the affected accounts. Below, you will find some tips to help you protect your phone number:

Use a Passcode

If you have the option to put an additional passcode on your phone account, do it. Though this isn’t foolproof, it will certainly help to give you some added protection.

Disable Online Access to Cell Phone Accounts

I’m not doing this, but some should. This might be frustrating, but it will further protect you. If you need to make a change, you can call or go into the store.

Consider Using Google Voice

Google Voice is a safer option for many, and you can even forward your existing number to Google Voice. This helps to mask the calls you make, which means no one would have access to your real number.

Use a Carrier-Specific Email to Access Your Mobile Phone Account

If you are like most people, your email address and phone number help you to access most of your internet-based accounts. Ideally, instead, you should have a minimum of three email addresses: your primary address, one for your mobile phone carrier only, and one for sensitive accounts, such as your bank and social media. This way, if your primary email is compromised, a hacker cannot access your sensitive accounts.

Ask Your Carrier for Account Changes

Finally, you can ask your carrier to only allow account changes in person with a photo ID. Though there is still a chance that a hacker could pose as you with a fake ID, the chances are much lower.

There are also some steps that you can take to protect all of your online accounts:

Create Complex Passwords

One way to protect your online account is to create complex passwords. It’s best to use a password manager that creates random, long passwords. If you don’t use a password manager, create your own password of random numbers, cases, and special characters. These might include “4F@ze3&htP” or “19hpR$3@&.” Try to make up a rule to help you remember them.

Don’t Tell the Truth

Another thing that you can do is to stop being truthful when answering security questions. For instance, if a security question asks what your mother’s maiden name is, make it up. Something like this is too easy to guess…just make sure you remember it!

Don’t Connect Your Phone Number to Sensitive Accounts

You also should make sure that you are not connecting your phone number to any sensitive accounts. Instead, create a Google Voice number and use this for your sensitive accounts.

Use Passcode Generators

Passwords are easily stolen via key loggers, which is software that records keystrokes. You can protect yourself from this by using a one-time passcode generator. This is part of the two factor or multi factor authentication process. These generators are wireless keyfobs that produce a new passcode with heavy frequency, and the only way to know the passcode is to have access to the device that created the passcode.

Use Physical Security Keys

You also might want to consider using physical security keys. To use these, people must enter their passwords into the computer, and then they must enter a physical device into the USB port, proving that they are the account owner. This means, in order to access an account, a hacker must not only know the password, they must have the physical device.

Consider Biometrics

Finally, if you really want to protect your internet accounts, you should use biometrics. You can purchase biometric scanners, such as those that read your iris, fingerprint, or even recognize your voice. When using these, you will be unable to access your accounts unless you provide this biological information. There are a number of devices on the market that do this.

Though these steps might seem a bit time-consuming, they can be the difference between keeping your private and financial information safe and getting hacked.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

What is the Signaling System No. 7 Network?

The iPhone has a vulnerability called the Signaling System 7 (SS7) that allows crooks to hack into the device.

4WThis was demonstrated on a recent “60 Minutes” episode in which a U.S. congressman (with his permission) had his iPhone hacked by German cybersecurity experts. The white-hat hackers got his phone number and eavesdropped on the conversation.

Penetration of the flawed SS7 makes it possible to listen in on conversations, intercept texts and track the victim’s movements. The congressman subsequently called for an investigation into the vulnerability.

The vulnerability was initially unearthed in 2014 at a German hacking conference. This SS7 flaw is not just a U.S. phone carrier problem, either. Mobile device carriers around the world are affected by this as well. A global attack on this vulnerability is very much warranted.

The criminals who carry out these attacks have a strong preference for targets who are not the regular Joe or Jane, but people of political significance or who represent major organizations.

So regardless of how “important” you are, what can you do?

  • Your mobile device should be fully equipped with security software.
  • Make sure that this software is always updated. Do not ignore update alerts.
  • You should not rely on just a single layer of security, no matter how strong.
  • Also keep in mind that skilled hackers can figure out ways to circumvent a layer of security. The more layers that your iPhone has, the less likely a crook will be able to penetrate it.
  • Load up on the layers of protection, which include a passcode and biometrics such as a fingerprint scanner. Go for depth.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to protect your Mobile Phone from Hackers and Thieves

Let’s cut to the chase:

  • Regularly back up the phone’s data! If this is done every day, you won’t have to worry much about losing important information if something happens to the phone—such as a ransomware attack.
  • Keep the phone’s software and applications updated.
  • Delete apps you no longer use, as these can reveal your GPS coordinates and garner data about you.
  • Never post about your vacation while you’re on vacation.

6WBut there’s more:

  • Employ the device’s password-protect function (which may even be a biometric like a fingerprint).
  • If the phone has more than one type of protection, use both.  You just never know if the phone will get lost or stolen.

Public Wi-Fi

  • Never use public Wi-Fi, such as at airports and coffee houses, to make financial transactions.
  • Though public Wi-Fi is cheaper than a cellular connection, it comes with risks; hackers can barge in and “see” what you’re doing and snatch sensitive information about you.
  • If you absolutely must conduct sensitive transactions on public Wi-Fi, use a virtual private network or a cellular data network.

And yet there’s more:

  • Switch off the Wi-Fi and Bluetooth when not in use. Otherwise, your physical location can be tracked because the Wi-Fi and Bluetooth are constantly seeking out networks to connect to.
  • Make sure that any feature that can reveal your location is turned off. Apps do collect location information on the user.
  • What are the privacy settings of your social media accounts set to? Make sure they’re set to prevent the whole world from figuring out your physical location. This is not paranoia. As long as you’re not hearing voices coming from your heating vents, you’re doing fine.
  • Are you familiar with the remote wipe feature of your mobile device? This allows you to wipe out its contents/files without the phone being in your hand—in the event it’s lost or stolen. Enable it immediately.
  • And also enable the “find my phone” feature. You may have lost it inside your car’s crevasses somewhere.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protect your Privacy on your iPhone

If you have an iOS device, you may be leaking personal information about yourself—without even knowing it—because you’re not familiar with the privacy settings.

1PApps have “permissions,” meaning, they can access private information such as your social calendar stored on the phone, appointments, anything. Go to the privacy menu under “settings” to learn which apps can gain this access and deactivate it. And there’s so much more to know…

Ads

  • The Limited Ad Tracking option controls how targeted the ads are to your habits, not the amount of ads you see.
  • This feature does not apply to ads across the Internet; only the iAds that are built into apps.

Location

  • At the screen top is a Location Services entry.
  • Explore the options.
  • Shut down everything not needed beyond maps or “Find My iPhone”

Safari, Privacy

  • Check out the Allow from Current Website Only option; it will prevent outside entities from watching your online habits.
  • You can limit how much Safari tracks your habits (by activating Do Not Track requests).
  • You can also disable cookies, but you won’t prevent 100 percent of the data collection on you.
  • Want all cookies and browsing history deleted? Choose the Clear History and Website Data option.
  • In the Settings app, go to Safari, then Search Engine to change the default search engine if you feel the current one is collecting too much data on you.

Miscellaneous

  • Every app has its own privacy settings. For every app on your device, you should explore the options in every privacy menu.
  • Set up a time-based auto-lock so that your phone automatically shuts off after a given time if you’re not using it.
  • The fewer apps you have, the less overwhelmed you’ll be about setting your privacy settings. Why not go through every app to see if you really need it, and if not, get rid of it?

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Apple’s bizarre Crashing Text and how to fix

Of all the weird things that can happen to your iOS device, the latest is a relatively benign situation in which a string of text is sent to the phone…and it causes the phone to crash.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294The phone will reboot if the particular nonsensical text string is received while the phone is locked.

Data won’t be stolen; nobody will gain remote control of your device (yet); but heck, who wouldn’t be very annoyed that their phone crashes? And this is going on all over the world. The text characters can also be sent from any device. Apple says it will get this problem fixed.

But in the meantime, there are things you can do to undo the problem.

Mac Users

  • Reply to the gibberish text in iMessage, and the reply can be any string of text.

If you don’t have a Mac:

  • Send a text message via a third-party application by using its share feature.
  • Ask Siri to issue a reply or “read unread messages.” Then reply to free your Messages.
  • When you’re in Messages, delete the whole chain.
  • If you know who sent the crazy message, ask them to send a follow-up message.

A software update will soon be coming from Apple that will include a fix to this situation.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to Avoid Bad Apps

If you think there’s like a million apps out there, that’s not exactly an exaggeration. For sure, there are more than you can imagine, which makes it easy to conceive that many certainly come with security problems.

In fact, out of the top 25 most popular apps, 18 of them bombed on a security test from McAfee Labs recently.

Creators of apps put convenience and allure ahead of security. This is why so many apps don’t have secure connections—creating welcome mats for hackers; they get into your smartphone and get your passwords, usernames and other sensitive information.

Joe Hacker knows all about this pervasive weakness in the app world. You can count on hackers using tool kits to aid in their quest to hack into your mobile device. The tool kit approach is called a man-in-the-middle attack.

The “man” gets your passwords, credit card number, Facebook login information, etc. Once the hacker gets all this information, he could do just about anything, including obtaining a credit line in your name and maxing it out, or altering your Facebook information.

You probably didn’t know that smartphone hacks are becoming increasingly widespread.

bad-apps

So what can you do?

  • Stay current – Know that mobile malware is growing and is transmitted via malicious apps.
  • Do your homework – Research apps, read reviews, and check app ratings before you download.
  • Check your sources – Only download apps from well-known, reputable app stores.
  • Watch the permissions – Check what info each app is accessing on your mobile devices and make sure you are comfortable with that.
  • Protect your phone – Install comprehensive security on your mobile devices to keep them protected from harmful apps.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Smartphones for Kids aren’t such a good Idea

Maybe you believe that kids should not have smartphones because the devices can tell a pedophile where a child is located. But there’s other reasons that perhaps you haven’t thought of: cyberbullying, violent porn, online drug purchases, you name it.

5WSmartphones give kids ongoing Internet access; they can’t live without this constant connection because it’s the normality that they’ve grown up with. Children and teens are a product of their technological times and can’t imagine getting through the day without constant connection to the cyber universe.

An article in The Telegraph features a perspective from child psychotherapist Julie Lynn Evans. She points out that the striking increase in youth suicides and youth emotional issues (e.g., anorexia nervosa, cutting) is the result of constant Internet access.

Evans has personally seen the correlation; the driving force of the mental problems gets traced back to cyberspace and the smartphone. Remember the good ‘ol days when the only access that kids had was at the family room’s computer or even the one in their bedroom? You can’t carry that thing around.

Evans’ voice is supported by the big rise in admissions to child psychiatric units, having doubled in the past four years. Self-harm is way up too.

Though many people assert that the smartphone is only a tool and should not be blamed for suicide attempts or self-harming behavior, and that family dynamics are the fuel behind it all, Evans makes clear that smartphones are a big part of the multifactorial process of depression and turmoil.

Smartphones have changed the world; is it such a leap that they can cause the rise in youth psychological problems? Especially when the bullies can follow their targets anywhere? And it’s not just bullying; there are websites that, for instance, give tips on being anorexic.

Kids under 16 can’t legally drive, but they’ll always have legal access to smartphones. It’s up to parents to set rules and have conversations. At the same time, parents must take some credit for bad outcomes: A 14-year-old girl from a stable homelife isn’t going to take advice on how to drop from 110 pounds to 70 pounds just because her smartphone can connect her to a “pro-ana” website.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

In with the New, out with the Old

If you plan on getting a new smartphone, have you ever thought of what the next user of your old smartphone will find on it?

7WThis assumes you’ll be selling or donating it, of course. Are you SURE those risqué photos are totally gone, or that your diary entries have been wiped clean? Experiments have been conducted in which someone buys used smartphones for the sole purpose of seeing how much personal data was left behind by the previous owner. I’ve done one, it wasn’t pretty. We found data on half the devices we bought in the second hand market.

It’s unbelievable how much data was retrieved in these experiments, including addresses, e-mails, passwords and text messages. A factory reset is not a totally reliable way to wipe clean your smartphone, either, as shown by the fact that some Android phones, despite the factory reset, still contained the previous user’s data.

Before taking the first step in getting rid of your mobile phone, back up all of its data. This can be done with a flash drive or automated PC service. For Android and iOS, use Apple’s iCloud or Google’s Auto Backup.

Next, wipe your phone squeaky clean. No, not with a rag and bleach, but “wipe” means destroy all the data using a specific method. This is NOT done by hitting the delete button or even reformatting the hard drive. What you don’t see isn’t necessarily not there.

A reformatted hard drive can still contain your data. To wipe an Android or iOS, use Blancco Mobile. To wipe a Mac computer, use the OS X Disk Utility or WipeDrive. For Windows PC use Active KillDisk. If you use a factory reset for a smartphone, remove any SIM cards too.

What if you can’t wipe your device? If you don’t wish to give it to someone else, then literally destroy it. Don’t just toss it in the trash. Take out the hard drive and mutilate it with a hammer. If you do want to sell it or donate it (get the receipt if you do donate it for an IRS return), realize that your data will still be on it. You never know who will end up getting their hands on the device.

If the idea of hammering at the hard drive isn’t your cup of tea, then find out from the recycling company who conducts the downstream recycling. You don’t want your device—containing your data—getting into a foreign landfill. The recycling company should be part of R2, or “responsible recycling,” or be part of e-Stewards certification programs.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Mobile Carriers spying on Users

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.