12 October 2011 (#NCSAM – National Cyber Security Awareness Month)
Mobile provides daily risks, some tips for you and your family to reduce those risks
The world’s leading technology companies predict within the next few years there will be more than five devices per person connecting to the internet. When I read that stat, I took a look around my own abode saw I far exceeded the predicted five devices per person and anticipate being well beyond five in the next few years. The PEW Research Center notes that 28% of all American adults use mobile and location-based services (September 6, 2011 –
Pew Research Center). The mobile devices, be it the iPhone, iPad, iPod, laptop, smart-phone or what have you, are engaged and active both from within my own closed network where I am individually responsible for the security settings, updating the software behind my selected security software suites on a regular (as recommended by the vendor basis) basis closing any and all known threats. But (yes that negating but), my mobile devices are susceptible to a different set of circumstances than my stationary devices. They access the internet from networks which may or may not be secured (at all) or via networks which have had their security compromised.
Like the flu, malware can be passed from one to another via contact made. And as much as I like to think my personal health is such that the flu will pass me by, I still get my flu shots, wash my hands and sneeze into my elbow as recommended by those in charge of disease control. I do from time to time fall have to take a sick day when my body becomes infected. Our personal health is absolutely analogous to the health of our mobile devices. If you don’t maintain the health of your device then you should expect that your device will at some point in the future become compromised in some way, shape or form.
What type of compromises may occur? How often? What can you do?
Let’s answer these in order.
Types of compromise: An application uploaded from the “App-Store” has an unidentified vulnerability? Or, an application has a built-in back-door with the expectation that your data will be harvested in the background of your application usage. You accept a file from another which contains malware? You use your QR code reader and read a QR code which directs you to an infected website designed, upon opening to compromise your device. We can go ad nausea, I see no need, and you get the idea.
How often? Every time you connect to a wireless network, especially a network which is “open” you risk having your login credentials hi-jacked by someone scanning and sniffing the connections nearby. Take the time to know how your applications connect to the internet via your mobile device – if it via the browser and wireless network, make sure HTTPS (S is for secure) connections are used. Only connect to networks known to you, and don’t fall for the age-old “free internet router” scam which may in fact be a free internet connection controlled by a criminal. Also be mindful of the threat of “spoofing” of otherwise reputable “open” connections.
What can you do to keep yourself safe?
- Protect your personal mobile phone number, especially those associated with your children – i.e., don’t put it in your Facebook profile or hand it out to every person you meet.
- If you receive a text (SMS) message from a number you don’t recognize, delete it. If you receive a link from someone you do recognize, don’t open it, verify with the sender they sent the link to you independently (they could have had their mobile compromised and their contact list is receiving text messages to visit a site which was prepared by the criminal elements hoping that you will recognize the number and click away.
- Strangers who obtain your number – say by compromising the contact list of one of your acquaintances may call you – don’t take the call, and if you do and make sure you take no action without separate verification that the desired action to be taken is in your best interests. Far too often individuals have received a call, been asked to call a number back and find themselves stuck with a sizable charge to their mobile bill, as they number called is a “pay to call” number.
- Take the necessary time to learn how your device(s) work so that you can engage in protective measures if required. Protective measures may include blocking a phone number, using caller-id to screen calls, etc.
- If your phone is lost or stolen, report it to your local law enforcement, your network operator immediately.
- Lock down your phone and enable the phone wipe after ten attempts to clear the phone-lock. In this manner, should your phone fall into the hands of another, your data will not be compromised, but wiped.
- Enable the emergency location function, and disable the ability for any application to obtain and/or submit your location in a retained manner. The aforementioned PEW report indicates the most prevalent use of location data is for obtaining directions or recommendations on facilities, vendors, or retailers in proximity.
- Text messages use 160 characters – even when we use abbreviated “text” spelling, it is difficult to provide a complete and cogent thought in 160 characters, and easy to be misunderstood. Keep this in mind before you hit the send key.
- Many (almost all) mobile devices have a camera or video (or both) capability. Couple of rules to live by – don’t take pictures of videos of others without their knowledge and permission. Never take pictures of yourself to engage in “sexting” ( Is your teen exposed? Sexting is a crime ) the perceived exhilaration of such behavior will result in no good coming out of the activity in the long run (regardless of age or gender).
- As easy as it is to take photos, remember when posting photos online that these photos will be archived and cached, viewable by any and all in accordance with your security settings. The adage is, “once posted, forever toasted.” Don’t become toast, post with discretion (no pictures with your automobile license plates, pictures of your house, street name or address) as the data can be compiled with other data and pretty soon a mosaic forms which can identify your location to those whom may not have your best interests at heart.
Use your mobile devices, but do so wisely.
Stay safe and secure,
Christopher
I had the pleasure of speaking with Chris Pirillo pre-Gnomedex about a variety of subjects, some light, some humorous and one very serious - the topic of bullying and the attendant suicides. During this discussion, I also shared my thoughts on how we as a collective society need to step up and effect change in the immediate future. I do hope you will come and listen to my talk on the Gnomedex stage at Seattle Interactive conference on 2 November 2011 at 1400 hours (2:00pm).
