cybersecurity: (Default)
[personal profile] cybersecurity
I'm about the least likely person to write about this, because I do not own a smartphone. But someone has to do it, so I'll go ahead and do it. I'll be doing research as I go along, and cite my sources for you to peruse if you want to. As always, keep in mind that corrections and additions are welcomed.

So. Smartphones. Almost everyone in the industrialized world now carries one of these palm-sized computers with them. And they are a great way to keep track of people. It's a lot like Orwell's vision of the surveillance state of the future, with one big difference: we don't have to be forced to wear a tracking device. We do it by ourselves, because it's convenient and fun and offers a lot of options that we really want. Here's what your smartphone can reveal about you.


What kind of information is being collected? By who?

Your telecom provider is, at the very least, keeping tabs on the following:
  • Incoming and outgoing calls: the phone numbers you call, the numbers that you receive calls from, and the duration of the call;
  • Incoming and outgoing text messages: the phone numbers you send texts to and receive texts from;
  • How often you check your e-mail or access the Internet;
  • Your location.
Not all providers keep your data for the same amount of time. Check this article. Oh, and if you're not excited about the Trump presidency, T-Mobile may not be your provider of choice.
Other parties who may be privvy to your information:
  • Retailers can nowadays follow you through cameras, using face recognition, and combine that information with the MAC address of your smartphone which can, in many cases, be linked to a specific individual. The difference between Bluetooth-tracking beacons and Wi-Fi tracking systems is that the modern smartphone leaves Wi-Fi on, even when manually switched off for data connectivity, as a way of pinpointing its location. Source.
  • If you're using the Facebook app, Facebook has access to:
    • Your contacts, including modification and adding or changing calendar events. They know who is in your phone and can contact them.
    • Your exact location. They know where you are at any time.
    • Your camera, including taking pictures and videos at any time, as well as recording from the microphone. They can get at anything you’re saying or looking at.
    • Your text messages, your calls, and can call phone numbers. They can see who you’ve contacted recently.
    • Your internal storage, including permission to delete anything. They can see the files on your phone.
    • Full Internet access anytime, changing your wallpaper, opening up over other apps, and downloading files. They can make little tweaks without your knowledge.
    • When posting a status, the app can determine what song you’re listening to or what TV show is on in the background, and tag your status with this information. Source.
  • Many different apps send location information and other data to third parties. That includes things like games and flashlight apps.
  • If you're using Chrome as your mobile browser, Google has access to your browser history, open tabs, passwords and more.

Settings


Lock down your phone's security settings. Here's how.


Apps


Apps are what makes a smartphone a smartphone: it can run software, programs, applications, in one word: apps. These apps need permissions to do things; a browser, for example, needs permission to use the internet. Permissions are the only layer of defense between your phone and an app. If an application has malicious intent, all you have to do is allow it on your phone with invasive permissions to create problems.
Never give permissions to an app without at least reading what they are, and thinking about what that means. Try to understand the permissions required by the app: is there some legitimate reason or is something malicious happening in the background? To give an example, a calculator or torchlight application shouldn’t be requesting access to your contacts. Likewise, many applications shouldn’t be requesting your GPS location: it could potentially give away when you’re not currently at home (useful information for anyone breaking into your house). If you’re not comfortable with the permissions being requested, it’s always best to cancel the installation. Source.
Here's a guide for Android. Here's one for iPhone.


The risks of free WiFi


Using public WiFi isn't unlike having a conversation in a public place: Others can overhear you. If you don't take precautions, information your devices send over a public WiFi network goes out in clear text — and anyone else on the network could easily take a look at what you're doing with just a few simple software tools.
Someone spying could easily pick up your passwords or other private information. If you use the same password on multiple sites, that could be a big problem. (But you should not be doing that anyway.)
The next potential problem is what is called a honeypot. Thieves might set up their own WiFi hotspot with an unassuming name like "Public WiFi" to tempt you to connect so they can grab up any data you send. These are easy to set up without any kind of special equipment — it could be done just using a laptop or smartphone — so you could run into them anywhere.
Finally, using public WiFi puts you at risk for session hijacking, in which a malicious hacker who's monitoring your WiFi traffic attempts to take over an open session you have with an online service (like a social media site or an email client) by stealing the browser cookies the service uses to recognize who you are. Once hackers have that cookie, they can pretend to be you on these sites or even find your login and password information stored inside the cookie. Source.

When you're using a public WiFi:
  • Make sure you know that you are connecting to the right WiFi hotspot and not one that has a similar or generic-sounding name. And read the terms and conditions.
  • Check that you are using HTTPS by looking at the URL of the site you are connecting to. Also check the spelling of the URL itself.
  • it’s better to use a mobile browser than an app, because browsers are more fussy when it comes to checking and verifying these HTTPS connections. Essentially, apps can be accepting bogus security credentials without your knowledge, and that’s a problem if you’re doing something important like online banking or buying stuff online. Source.
  • Use a VPN. More about that here.
  • Use two-factor authentication wherever possible.
  • If you want to be extra careful, avoid doing anything over public WiFi that needs you to enter a password.

Avoid the Facebook app


From a viewpoint of privacy, Facebook is one of the worst offenders. The Facebook app, doubly so. So if you cannot live without Facebook, at least don't use it through the app; instead, view it inside your browser of choice. Or for a nice compromise: use a wrapper app like Tinfoil or Metal (Android).


Messenger apps


Whatsapp is a very popular messenger app for smartphones. The good news is that it's lately been made to use encryption; the bad news is that it's owned by Facebook, who of course still gets the metadata (who are you talking to, when and how often?)
A good alternative that's been getting a lot of attention is Signal. And another good option is Telegram. Both of these offer encryption and are free, as well as ad-free!


Going off-grid


If it makes you uncomfortable to be tracked so closely all the time, go off-grid now and then. It's a good idea to switch your smartphone off when you're not using it; unfortunately, that's not always enough anymore. Modern smartphones never turn off completely and you can't always take the battery out anymore, either. A good way to cut off all information to and from the device is to put inside a signal blocking pouch! Complete how-to here.

It's also a smart option to split your phone use off from your smartphone use. You could get an old-fashioned 'dumbphone' and use that to make calls, while reserving your smartphone for browsing on the go. Compartimentalization again. Non-smartphones are often sold as prepaid phones in bigger electronics stores; make sure you are getting a simlockfree phone. Bonus: many of them have really long standby times!


Phones and OSses


Which smartphones are the most private and secure? Read more here.
It seems pretty clear that Androids are the least secure, since you're always giving a lot of data to Google and cheaper Chinese Androids may also send data home to the manufacturer. Older versions of Android are worse than up to date ones.
iPhones may be slightly better since Apple is mostly in the hardware business, advertising: not so much. iPhones are also fairly hard to hack.
Windows phones are not too bad either, for similar reasons.
Alternative OSses are probably a step up: Firefox OS (but as a phone OS, that project is dead in the water), Sailfish, Cyanogenmod if you like to tinker. If you're really, really serious about all of this, get a Blackphone.




Go back to the index of Cybersecurity for the Trumped.
Back to Index

About

cybersecurity: (Default)
cybersecurity

Hello!

I'm from the Internet and I'm here to help. Please feel free to comment, and to ask questions.


Powered by Dreamwidth Studios