As mobile devices grow in sophistication, so do the opportunities for these devices to be targets for unauthorized access.
Today’s mobile devices possess much of the capabilities of a desktop computer. Consider the sheer volume of data being shared via text and voice, layered with contextual information like geolocation and management of the internet of things, and it quickly becomes clear that smartphones pose a greater threat to security and privacy than their desktop counterparts.
We interact freely, expecting that no third party is listening. Yet, reports of hackers and foreign governments exploiting our trust that devices are secure is something we all need to act on. Protecting individual privacy may seem somewhat nebulas in the face of remote adversaries, yet it’s critical we take measures to educate ourselves and secure our connected world.
The Wild West of software available on the internet is as unregulated as online opinion. While proprietary app stores have entry barriers that app developers must follow, the recommendation is to always install a mobile security scanning tool such as Lookout that finds malware and other malicious software that might be running on your phone. Only download software from providers you trust, such as a known vendor or the app store associated with your device’s operating system.
Use a secure messaging app. Texting or SMS, especially between mobile carriers offers little or no security following the revelation that SS7 (the protocol that allows SMS between carriers) is flawed. The answer is simple, avoid using SMS for conversations you wouldn’t want others to know about.
Always update your device. While the user experience, or features might not change, many of these seemingly minor updates include critical security patches to keep you safe and secure.
Apple is working hard to get in front of the issue, and has encrypted and configured iMessage to inform you if a third party attempts to listen, and the popular WhatsApp features end-to-end encryption. Security-minded individuals, such as people who self-identify as potential targets and those communicating with journalists, utilize apps like Signal and Wickr.
No matter who you are, always practice good mobile hygiene by taking care of which Wi-Fi points you connect to. Make sure you only use data if you are on a trusted Wi-Fi or 4G network, and be aware that 3G networks are especially vulnerable to poorly secured cell towers.
Moving from a four-digit PIN to a six-digit PIN offers meaningful security. When you calculate math behind this simple move, you’ll find it takes your device from a combination of 10,000 possible combinations to one million. Another one of the most powerful ways to secure your device is by enabling biometrics. They are uniquely powerful in that biometrics link your identity to you, instead of a passcode or password.
What does the future hold? Is there lasting relief from the need to be vigilant?
The good news is companies are now choosing to totally remove themselves from having to secure customers’ data. Apple encrypts information by maintaining key sharing between devices, meaning your data is accessible locally only by you – Apple only sees an encrypted version of your data.
Alongside this trend are significant developments in authentication, such as the adoption of FIDO Alliance and similar standards that tie identity and payment information to the individual. Secured by biometrics, PINs, and passwords through a decentralized model means data used to access online services always remains safely stored on the devices held by you, the owner.
Mobile devices enrich our lives and a new era of trusted applications running on trusted devices is quickly approaching. Even against the backdrop of a lurking minority of rogue actors, a healthy degree of vigilance and upkeep can give us the peace of mind we continue to enjoy the benefits of our connected world.