So we've already looked at WiFi security and securing your home computer, now we'll get around to something that pretty much everyone has only a few feet away from them at most times, your mobile phone. This does not offer any guarantee and accepts no liability - Its free impartial advice, because I'm nice like that !
Mobile phones are no longer just phones, they are now used as Smart Phones which can connect to the internet, use bluetooth, WiFi, email and a whole host of other services. Some are, in effect, small versions of the computers that you have sitting on your desk. In fact Apples iPhone runs a cut down version of their Mac OS. This means that as they provide more functions and services our phones become more susceptible to attack.
So what happens if my phone gets stolen?
Well there are developments being made to track mobile phones that are stolen, but generally if you have your phone stolen then you may not get it back. You could get lucky though, a thief was recently caught when he took a picture of himself on a stolen phone. He didn't realize that the phone had been programmed to send pictures to its owner's home computer ! The news story is at this link - http://www.theregister.co.uk/2009/12/04/cell_phone_pic_arrest/
This is what you can do to lessen the blow and make sure nobody runs up your bill.
Register your mobile phone at www.immobilise.com...before you lose it or it gets stolen.
This is a register of UK property and among other things you can enter mobile phone details that the police could use to find the owner of a phone, for example if they find a bag of phones in a house raid... Which is apparently becoming quite common. Amongst other things they will probably ask you for the 15-digit IMEI number. This can usually be found under the battery. Immobilise is supported by various UK Police Forces.
Use the keypad lock
Your mobile should have a PIN code to lock it after a certain amount of inactivity, maybe 5 minutes or so and also when you first switch it off & on. Your phone manual should give you details on how to set it. The default code is usually 0000 or 1234. Don't leave it as the default as they are well known. Some newer smart phone like the Android G1 use patterns on a grid instead of numbers, which does the same job.
Block your phone when its stolen or lost.
Remember that IMEI number we made a note of? Well in the event of a lost or stolen phone you should call your network provider and ask them to block the phone across all networks. They'll need the IMEI to do this effectively. The phone will be useless unless to anyone else. If you get the phone back you should be able to get it unblocked.
Block Premium Rate Numbers
Ask you service provider to block your number from calling premium rate numbers. If you don't call premium numbers or use premium text numbers for voting on TV shows etc. then get them blocked. This also helps protect against scams that persuade you to call a premium number. A common one these days is a card through your door asking you to call a number to get a parcel re-delivered. As soon as you dial the number you are charged. Sometimes up to £10.
Ok so hopefully you haven't lost your phone so you'll just want to use it in a secure manner! Mobile phones are susceptible to attacks from viruses and other nasties.
Viruses
There have been and continue to be viruses that are infecting mobile devices such as mobile phones, smart phones and PDAs. The Cabir mobile phone virus was one of the first phone viruses ever detected and was released in 2004, it infected phones running Symbian OS and included Nokia phones of the time.
Since then there have been other viruses such as "Curse of Silence", Brador, Comwar (the first to use mms to spread), Dampig, Duts etc. The most recent highly publicized phone virus is the iPhone Duh worm, which only infects 'jailbroken' iPhones so if you haven't unlocked your iPhone then don't stress about it too much.
The general rule here is to make sure that your phone software is updated ever month by going to your phone manufacturers website and checking for updates. iPhones check for updates automatically through iTunes.
Internet, Email and Applications
Remember that emails you send or receive, sites you access on the internet or applications that send data over the internet could be intercepted. Particularly if your phone is connected to a public WiFi hotspot and your not using encryption. See my blog below on WiFi Security for more information. If you are using email on your phone then use SSL/TLS options if possible. More information on setting up SSL/TLS on email should be in your phone manual.
Bluetooth
Bluetooth is used to connect devices wirelessly over a short distance of up to about 30 feet. There are three main attacks on bluetooth described below.
Bluejacking
This is the sending of unsolicited messages over Bluetooth. A Bluejacker sends out messages anonymously to other bluetooth devices like your phone.
The messages are short but can sometimes be very threatening or intimidating because of their anonymous nature. Sending such messages could be a criminal act under the Public Order Act in the UK, but I'm no lawyer so if you've been harassed via bluetooth then speak to the police about it.
Bluesnarfing
This is when someone connects to your phone and reads your text messages, and contacts etc. It is also possible to make phone calls, send and receive texts listen to phone conversations connect to the Internet etc.
Bluesnarfing is not as popular as bluejacking as it requires more expertise and software. There are however, without a doubt, many people bluesnarfing out there somewhere. It is mostly only older mobile phones that are susceptible to Bluesnarfing.
Bluebugging
Bluebugging has the same effects as Bluesnarfing and is more likely to work on newer mobile phones. Bluebugging exploits security holes in the phone software to make calls and read texts etc.
What you can do to stop bluetooth attacks
Make sure you phone is set to “Non-Discoverable” mode when your not using bluetooth. Switch bluetooth off completely if possible.
If you can, use as strong a password or as long a PIN code as possible.
More information on bluetooth can be found at - http://www.bluetomorrow.com/
Feel free to leave a comment. If you'd like me to cover something specific then let me know via a comment.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment