Posts

Don’t Believe These 6 Mobile Security Myths

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to our mobile device. Here are some of the most common mobile security myths.
5W

  1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
  2. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
  3. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
  4. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
  5. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
  6. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android and Apple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Mobile Carriers spying on Users

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 ways to Keep your Mobile Data safe from mCrime

A smart thief will go after smartphones: a portal through which to gain access to your money, accounts, data and social. Few people think they’re not smart enough to prevent a crime involving their precious mobile phone, but it happens to even the highly educated who think they can’t be outwitted. mCrime is big business and knowing how to protect yourself is a big deal.

5WTexts, e-mails, social media and so much more contain enormous amounts of private information. And crooks know how to get this information. One trick is to send a phishing e-mail: a scam that’s designed to sucker the recipient into giving away personal information or money. In one study, 100,000 phishing e-mails were sent out. Three thousand people responded, and of those, almost three quarters came from smartphones.

People are sloppy with guarding their smartphone, and this is how criminals infiltrate. But it doesn’t take a high IQ to beat the bad guys at their game.

  1. It’s only a matter of time before you misplace your smartphone, giving the wrong hands a chance to grab it. So protect it with a password (and a tough one to crack, like 47%R$PUy rather than 789hot). Even a great password should be changed every so often.
  2. And the greatest password on earth still shouldn’t be used for more than one account; use a different one for every single account.
  3. And speaking of misplacing it, make sure it has a locator. Add a layer of protection by having a remote-wipe capability in case the device vanishes.
  4. Regularly back up the data that’s on your smartphone.
  5. Did you know a hacker can find out where you live or work simply from the photos you’ve put up in cyberspace? They are geo-tagged, but you can disable this feature.
  6. When you’re not using the device, keep it disconnected from cyberland.
  7. When you are connected, don’t visit your bank or other places that have sensitive personal data. But ig you just have to, run a program called Hotspot Shield. This way all your data is encrypted on the wireless wild wild web.
  8. Think twice before clicking on the photo of that busty babe or chiseled stud; the image link might take you to a malicious website that will download a virus to your phone.
  9. Never open a link inside an e-mail, even if the sender seems to come from your bank or Uncle Sam. Use a password manager or manually type the url in your browser.
  10. Last but not least, regularly update your device! As cyber attacks evolve, security must keep up to patch up these new holes. Leave a hole open, and a hacker could get in and steal the information you have stored in your phone, like addresses, account numbers, anything he wants.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Is your Phone being tracked?

The owner of your favorite restaurant may be tracking your every move—via your smartphone. Not because he’s a snoop, but because he believes knowing when and where you go for entertainment will benefit his business.

5WAnd how did he pull this caper off? There’s are companys out there, that place sensors in businesses within a confined location to track shoppers as they ambulate about town.

The sensors track signals emitted from Wi-Fi-enabled mobiles. The mobile-user’s movements in daily life create a profile of that user. Gee, how invasive is that?

The business owners with these sensors justify the invasion by using the profile knowledge to promote their business. But are you cool with that?

Another sensor technology analyzes actual foot traffic patterns onsite. Large retailers you visit sometimes have these sensors, following your every move in the store. They might know if you are pregnant, have the flu or have a hot date that night. They will send you offers based on your needs. Some say this is kinda creepy.

It’s a booming business: tracking peoples’ daily movement patterns via their smartphone. But you can relax somewhat, because this technology does not reveal any names, just movement patterns. Still, it’s something you should be aware of.

But don’t relax too much, because some of these same services will run free Wi-Fi services on site or at local coffee shops and restaurants that people can log into with Facebook—doing so will reveal their name, age and social media profile.

Phone tracking is a godsend to business owners, however, because they can create promotions based on profiles: E.g., upon learning that most clientele are over age 50, a health club might decide to play mostly ‘70s music.

Nevertheless, as phone tracking booms, privacy concerns also boom. Do you want someone to track all your doctor visits, then sell this data to marketers based on what disease the tracking profile thinks you have? This seems to be where it’s all headed.

Companies in the U.S. still are not required to get your permission to collect and share your data for the most part. But you just never know what may come next.

Some helpful Information

  • Do you know what your cellphone carrier knows—about you? Because your phone sends signals to cell towers, your carrier knows your location. Phone companies sell this information to retailers and other entities.
  • The recent Apple iOS7 update launched a little known feature that tracks your every move. You might want to turn it off. Go to Settings/Privacy/Location Services then scroll all the way down to the bottom to “System Services” and scroll all the way down to “Freqent Locations” and check it out. It knows your History! Turn that puppy off!
  • One option is to turn the Wi-Fi off on your phone. It doesn’t have to be on when you’re driving from the gym to the donut shop to the computer store.
  • A better option is to download and install Hotspot Shield VPN that encrypts your wireless internet and surfing activities.
  • An iPhone has more settings in “Settings/Privacy/Location Services” that control which apps can monitor your location. Determine which ones you want on. Think “minimize my footprint”
  • Android users should turn off location tracking.
  • Like to take photos with your mobile? Guess what: iPhone saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. This isn’t such a good idea. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Preparing a Mobile or PC for Resale or Donation

You may have read my last post where I talked about “Clean the Clutter” out of your life and sell all the stuff you don’t absolutely need. In my Clean the Clutter process I sold 1 Windows XP laptop computer (missing lots of keys), 2 Windows XP desktops and 5 mobile phones all on Craigslist.

Prior to selling my electronics I wiped all the data off of each device. Cleaning all the data off your salable electronics is absolutely essential in our identity theft prone world.

It’s easy.

Reinstall your operating system: The best and quickest want to clean your data is to re-install the operating system. For Windows based PCs insert your operating systems disk and restart the PC. When restarting keep hitting F12 or your PC may want you to hit F2 or F8 and select “boot from CD” and follow the prompts. Most data forensics guys will tell you to reinstall 3 times to really clean it out. Microsoft has more instructions here that just confuses me: http://windows.microsoft.com/en-US/windows/help/install-reinstall-uninstall or use KillDisk HERE

Clean your Phone: For mobile phones you want to do a factory reset. All software to do this is already on the phone.

Android factory reset: Menu > Settings > Privacy > Factory data reset.

iPhone factory reset: Settings > General > Reset > reset all settings.

Blackberry factory reset: Options > Security Options > General Settings > Menu > Wipe Handheld.

Windows 7 phone factory reset: Settings > About > Reset Phone

Any other operating systems or Symbian based phones you will need to do a search on your phone online such as “Phone Name, Model Number, Carrier, Factory reset”

Remember to remove or wipe any media like SD cards and CD/DVDs too.

Otherwise get a drill and poke lots of holes in the device and its hard drive or hit it with a sledge hammer. This may be lots of fun, however this may make it less saleable.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

 

Mobile Phone Security Under Attack

As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for content creators’ latest innovations, which often require more and more device access. As applications and other content are more widely distributed, security breaches will be inevitable.

The speed of technological advancement and the demand for new products and services make mobile phones particularly vulnerable. In some countries, almost all banking takes place with the use of phones.

Spyware, which was created as a legitimate technology for PCs, further complicates matters. Spyware can track and record social networking activities, online searches, chats, instant messages, emails, keystrokes, websites visited, and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. When a PC or phone becomes infected with spyware, all the data on that PC or phone is immediately compromised.

Mobile phone spyware is relatively new, and is quickly grabbing headlines. As PCs shrink to the size of a smartphone, spyware continues to evolve. This software records nearly everything a person does on a phone. Some spyware programs can record everything in a video file that can then be accessed remotely.

Spyware can be installed on your cell phone remotely or directly. To protect your phone, never click on links in texts or emails, since these links may actually point toward malicious downloads. Keep your phone with you, don’t let it out of your sight, and don’t share it with others. Make sure your phone requires a password, as this makes it more difficult to install spyware.

If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the phone’s operating system. Consult your user manual or call your carrier’s customer service for step-by-step help with this process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss mobile phone spyware on Good Morning America(Disclosures)

How Secure is your Mobile Phone?

I love my iPhone. The fact that I have a full web browser and can access all my data anytime from anywhere is fantastic. Plus my iPhone allows me to peek in on my home security system with an application that’s connected to my home security cameras. If I’m on the road I can log in and see the family doing whatever activities in our outside the home.

If you don’t have a phone that you can integrate with your home security system I strongly recommend considering an iPhone. Besides being the coolest thing to be able to show someone live video of your home base, it is incredible peace mind to check in.

And consider if that phone fell into the wrong hands what could come of it? In my case not much due to the fact I’m pretty well locked down.

If you have one of the popular brands below pay attention:

BlackBerry:

The Blackberry is easily the most popular Smartphone on the market and, according to cellphones.org, the most ‘natively’ secure. Just by having a Blackberry, you are one step ahead but that doesn’t mean you don’t still have to enable your security settings.

Enable your password. Under General Settings set your password to ‘on’ and select a secure password. You may also want to limit the number of password attempts. Test to make sure that your password works by locking your phone to confirm.

Encrypt your data. Under Content Protection settings, enable encryption. Then, under ‘Strength’ select either ‘stronger’ or ‘strongest’. Though ‘strongest’ is the most secure, ‘stronger’ has faster encryption/decryption. Under the Content Protection settings you will also have the option to encrypt your address book.

When visiting password protected internet sites do not save your passwords to the browser. Anyone who finds your phone and manages to unlock it will then have access to all of your account data and your identity will be stolen. It may be annoying to have to enter your password every time but the extra 30 seconds is certainly worth avoiding identity theft.

iPhone:

The iPhone, which has captured over 25% of the Smartphone market, the second highest share in the industry, has notoriously poor encryption capabilities. As such, enabling the included security features and adding apps that allow you to secure your information is key to being a ‘safe’ iPhone owner.

Enable the Pass code Lock and Auto-Lock. Go into your phones General Settings and set the 4-digit phone pass code to something that you will remember but is not ‘significant’ to you. That means no birth dates, no anniversary dates, no children’s ages. Then, go back into General Settings and set the Auto-Lock. Although you can choose from 1 min to 5min, the quicker your phone locks the safer it is from those who might be tempted to tamper with it while you aren’t looking.

Turn your Bluetooth off unless you are using it. Bluetooth allows you to easily connect to a hands-free head set or to send files from your phone to a computer. However, this also works the other way. A tech savvy hacker with a laptop can easily hack your phone from the Bluetooth connection if it’s on.

Download Simple Vault 1.2. Simple vault adds a second layer of protection to your iPhone by allowing you to password protect each of your apps. It also allows you to store your sensitive information right on your phone, unlike other security apps which send it to you over the internet when you access it

General:

Whenever possible, wait till you get to your computer on a secured network before accessing sensitive information. When responding to important work emails or checking your bank account balance it really is best to wait until you can access this information from a secure network. Anti-virus and anti-malware software as well encryption capabilities for computers are miles ahead than what is currently available for phones. So ask yourself before you enter your credit card number to that online store: Is it worth identity theft for me to do this now or can it wait till I get back to the office/home?

Robert Siciliano personal security expert to Home Security Source discussing Mobile Phone Spying on Good Morning America