10 tips for securing your smartphone

we thought we’d prepare some tips to help keep your smartphone safe.

1. Always secure your smartphone with a password

One of the most basic security tips, but one which is sometimes completely overlooked! Having no access protection at all is just foolish. Swipe patterns are ok, but greasy finger-trails could reveal too much.

A four-digit PIN is an improvement but using a strong passcode is the ideal phone protection.

2. Ensure that your device locks itself automatically

If you set up password-protection on your phone but then leave it unlocked on your desk for 15 minutes, you won’t have achieved very much. Most smartphones allow you to set them up to automatically lock themselves after a period of inactivity.

Make sure you choose the shortest timeout you are comfortable with. Two to five minutes is better than ten to thirty, even if it does feel slightly inconvenient.

3. Install security software

Your smartphone is a computing device and should be protected accordingly. Look for an app like Sophos Mobile Security that includes malware prevention, remote data wipe, privacy review of apps and an automatic security advisor to alert you to potential risks when you change a device setting.

If you’re in charge of securing your organisation’s phones and tablets, then choose a mobile device management solution like Sophos Mobile Control.

4. Only download apps from approved sources

The Google Play Store and Apple’s App Store take security pretty seriously. They are very careful about what apps they make available and will withdraw apps that raise concerns after release.

Read user reviews of apps before installing them – if there are any security concerns then someone else may well have mentioned them.

5. Check your apps’ permissions

Apps. Image courtesy of Shutterstock.Many apps require more than the basic default permissions. For instance, you can reasonably expect an SMS app to send and receive text messages just as a mapping app will request your GPS location.

But something like a calculator that needs network access or an alarm clock that wants to read your contact database should be treated with extreme caution!

6. Don’t miss operating system updates

Updates to your OS often include system vulnerability patches, so it’s important to install them.

You might want to be advised of updates rather than having them automatically installed, as early adopters sometimes experience teething problems – but the forgetful among you may prefer that to missing updates altogether.

7. Be wary of any links you receive via email or text message

Now you can pick up email on your phone, exercise caution when clicking on links. And phishing scams are not limited to email – a text message can incite you to click on a dodgy link or ask for personal information.

Even simply replying to unknown SMS or email senders can raise the crooks’ interest in you, leading to more pressure to respond.

8. Encrypt your smartphone

Even if you’ve secured your smartphone with a password, a thief could still plug your device into a computer and gain access to all of your personal information. Using encryption on your smartphone can help to prevent such data theft.

9. Turn off automatic Wi-Fi connection

WiFi. Image courtesy of ShutterstockOne of the great things about modern mobile phones is their ability to connect to the internet in many ways, but continually probing for wireless networks gives away information about your identity and location, and blindly connecting to unencrypted access points can let your phone leak all sorts of useful things for malicious actors to intercept and act upon.

So tell your phone to forget networks you no longer use, so as to minimise the amount of data leakage and configure your phone to automatically turn on/off wireless in certain places using a location-aware smartphone app.

10. Turn off Bluetooth and NFC when not in use

Bluetooth and NFC (near field communication) are great in terms of connectivity, allowing you to use accessories such as wireless keyboards and headsets or make payments with a wave of your smartphone.

But it does open a door for the bad guys to gain access to your device and access your data, so you should either switch these features off or put your device into “not discoverable” mode whenever possible. Also, be careful when pairing devices – never accept requests from unknown devices.

If you’re responsible for mobile security at work, you might like to read our practical advice for handling smartphones in the workplace.




How the first mobile malware Cabir was discovered?

Ten years ago, digital security experts reported the discovery of Cabir – the first ever worm designed to attack mobile phones. Unlike most modern malware samples, Cabir wasn’t equipped with a wide range of malicious functions. Instead it made history by proving that it was possible to infect mobile phones.

Experts first encountered Cabir at the beginning of June 2004. One of Kaspersky Lab’s virus analysts was just ending his shift and handing over to a colleague, when he noticed an email with no text but with an attachment. The attachment was suspicious: it was a file, but a quick analysis couldn’t determine the software platform it was written for. It definitely wasn’t designed for Windows or Linux, the platforms that analysts usually worked with.

“Roman Kuzmenko was working the night shift that night,” Alexander Gostev, Chief Security Expert at Kaspersky Lab recalls. “He stood out among other analysts who worked at Kaspersky Lab at that time because of his ability to analyze complicated threats fast and accurately. Pretty soon after he started looking at that suspicious file, Roman discovered that it was written to execute in Symbian OS – a mobile operating system which powered Nokia mobile phones,” Gostev adds.

Further analysis showed that this file was able to send itself to another phone via Bluetooth. As a result the battery of the infected phone drained extremely quickly. This was the only function of the newly discovered malware and it was hardly malicious. However, its ability to send itself to other mobile phones forced experts to build a special testing room for analyzing such threats.

“Our colleagues from neighboring offices started to come in complaining that some kind of ‘virus’ was infecting their phones. As a result, we decided to equip a room with a special covering to prevent any radio signal from leaving it. This room then served as a special place to conduct tests on new mobile malware samples,” said Gostev.

Also in the code of Cabir malware, experts found mentions of “29A” – a group of malware writers notorious for developing so-called conceptual viruses or viruses that were developed in order to prove the vulnerability of a particular computer subsystem, or to demonstrate the possibility of infecting certain systems or devices.

“This group was known for developing malicious software that made a lot of noise in the cyber security world. Cap, Steam, Rugrat – all these infamous pieces of malware were developed by 29A,” Gostev notes.

Along with developing conceptual malware, 29A regularly issued its own e-magazine. In one edition, 29A had published the worm itself and some fragments of its source code. That article, which proved that malware could be created to target one of the most popular mobile platforms in the world, caused a huge stir in cyber security at that time. It also stimulated other virus writers to develop this idea further.

Soon after the publication of the worm in 29A’s magazine, all manner of Cabir modifications appeared on the Web.
“Cabir was just a beginning, a starting point. Soon after we discovered it, we saw clearly that mobile threats are a very serious problem which needs a very special approach. In response, we established a whole new research division within Kaspersky Lab that was fully dedicated to mobile threats,” said Alexander Gostev.

After Cabir, a few hundred different viruses targeting Symbian devices were discovered. The number of new malware samples for this platform started to decline rapidly after the establishment of new mobile operating systems, such as Android, which grew to be more widespread and thus more lucrative for cybercriminals. Ten years after the discovery of Cabir, the collection of mobile malware contains more than 340,000 of unique samples, with more than 99% targeting Android.


What is Wardriving?

Wireless networks have certainly brought a lot of convenience to our lives, allowing us to work and surf from almost anywhere—home, cafes, airports and hotels around the globe. But unfortunately, wireless connectivity has also brought convenience to hackers because it gives them the opportunity to capture all data we type into our connected computers and devices through the air, and even take control of them.
While it may sound odd to worry about bad guys snatching our personal information from what seems to be thin air, it’s more common than we’d like to believe. In fact, there are hackers who drive around searching for unsecured wireless connections (networks) using a wireless laptop and portable global positioning system (GPS) with the sole purpose of stealing your information or using your network to perform bad deeds.
We call the act of cruising for unsecured wireless networks “war driving,” and it can cause some serious trouble for you if you haven’t taken steps to safeguard your home or small office networks.
Hackers that use this technique to access data from your computer—banking and personal information—that could lead to identity theft, financial loss, or even a criminal record (if they use your network for nefarious purposes). Any computer or mobile device that is connected to your unprotected network could be accessible to the hacker.
While these are scary scenarios, the good news is that there are ways to prevent “war drivers” from gaining access to your wireless network. Be sure to check your wireless router owner’s manual for instructions on how to properly enable and configure these tips.
Turn off your wireless network when you’re not home: This will minimize the chance of a hacker accessing your network.
Change the administrator’s password on your router: Router manufacturers usually assign a default user name and password allowing you to setup and configure the router. However, hackers often know these default logins, so it’s important to change the password to something more difficult to crack.
Enable encryption: You can set your router to allow access only to those users who enter the correct password. These passwords are encrypted (scrambled) when they are transmitted so that hackers who try to intercept your connection can’t read the information.
Use a firewall: Firewalls can greatly reduce the chance of outsiders penetrating your network since they monitor attempts to access your system and block communications from unapproved sources. So, make sure to use the firewall that comes with your security software to provide an extra layer of defense.
Although war driving is a real security threat, it doesn’t have to be a hazard to your home wireless network. With a few precautions, or “defensive driving” measures, you can keep your network and your data locked down.