Protecting yourself on the internet: mobile device security basics

RBC | Of all the cases I’ve worked on as a private investigator, well over 50% of them included a cell phone and/or a tablet. If you think that a passcode for your phone is enough to protect you, you would be mistaken. According to Symantec (one of the leading antivirus services worldwide), mobile device malware has seen a 54% increase since 2017. It doesn’t matter what kind of smartphone you use (albeit some are better than others), if you don’t protect yourself, you will get infected with some form of malware.

So how can you tell if your phone or tablet has malware on it already? Here’s some tell-tale clues:

Your phone “wakes up” on its own randomly and frequently. It’s not entirely unusual for your device to light up under certain circumstances. Such is the nature of automatic notifications. However, if it lights up every 30 minutes and stays on for extended periods of time, it might be a sign that there’s something going on that you don’t know about.

If your battery (the back of the phone) gets hot. Batteries can get extremely warm when they are charged quickly or discharged quickly. Malware typically uses a lot of processor power which can cause your battery to discharge quickly, thereby generating an unusual amount of heat.

If your battery discharges unusually fast. This is kind of a subjective description because by their very nature, mobile device batteries have a limited lifespan. The older they get, the slower they are to charge and the faster they discharge. However, if your device is relatively new but all of a sudden, the battery just doesn’t hold a charge for very long, it might be malware that’s doing it.

Much of the information in previous articles in this series about internet security apply to mobile devices as well. Use complex passwords, apply all available updates, watch for phishing attempts, backup your data. Here are some tips to help you keep your mobile device as safe as possible:

Implement a lock-screen password. Many people don’t bother with a password or passcode of any kind on their devices because it’s cumbersome and inconvenient. Set a password so that it is required whenever your device is locked. Also, set the automatic lock feature so that the device locks whenever it goes to sleep. Many of the mobile devices today have a “10 strikes—you’re out” feature. If you enter the password incorrectly more than 10 times, it wipes out the data stored on your phone.

Use a password, not a passcode. A passcode is typically six digits these days. It used to be only four digits, but most mobile device makers require six digits as the bare minimum. You can change the settings so that a longer, alphanumeric code can be used. Remember, the more complex the password is, the better. Find a balance between “complex” and “horribly inconvenient.” Many devices now have biometrics in the form of a fingerprint reader. They work fairly well, but there’s no substitute for a good password.

Always update your phone as soon as an update is available. Even with the most sophisticated forensic tools available, we were only able to examine mobile devices that were not currently updated. It’s kind of a cat-and-mouse game that the device makers, the hackers, and the forensic software makers play. Hackers find a way in, device makers patch the vulnerability, forensic examination software makers update their tools. We were always one step behind the latest update.

If you’ve installed an app on your device that you aren’t using, get rid of it. Many apps have access to data (particularly on a cell phone) that you wouldn’t want hackers to have. A good example is the microphone. If hackers can access an installed app (like some of the flashlight apps), then they might be able to gain access to listen in on your conversations without you knowing it.

Implement the “Find my iPhone” or “Find my device” feature. Both Apple and Android-based devices have this feature. If you misplace your device, this feature can help you find it but more importantly, if your device is stolen, you can literally wipe the data off of it and render it unusable by remotely activating a “kill switch” using the “Find my…” service.

I’ve been asked many times, “Which smartphone is the most secure”? Twenty years ago, it was my opinion that Blackberry had the best security because they implemented hardware-based encryption on all data stored on the device. For a long time, the Blackberry was the only mobile device that was approved by the U.S. Secret Service as being secure. This is no longer the case. Other manufacturers have caught up with this approach to security and have implemented the same features as well as many more. That said, the only way to ensure that your mobile device is secure (and stays secure) is by implementing the security features provided.

Next week, I intend to tackle the subject of WiFi security, both in your home as well as the free WiFi provided at hotels and businesses.

By Brett Dearman | brett@ht1885.com