Norton UK Blog
The Ultimate Guide to Smartphone Security
With a purported two billion people set to be using smartphones by the end of 2016, smartphone security has never been more essential. As the smartphone market grows, the risk of attack becomes greater, as increasing amounts of personal and professional information are stored on these devices, which fraudsters aim to use for their own gain.
Read on to find out exactly what you need to know to keep yourself and your family safe on their smartphones.
What’s at risk?
If you’re not convinced that smartphone security is an issue, take a moment to think about what you keep on your device.
Emails, call records, passwords for multiple accounts, social networks, credit and debit card information, images and videos, and location and browser history are just the tip of the information iceberg in your pocket right now.
Whether you use your phone for just the basics, or treat it as a virtual personal assistant, chances are there’s something on there you don’t want a stranger to have their hands on.
All smartphones provide regular operating system (OS) updates, which will normally appear in your settings, waiting to be downloaded. As well as providing you with new features and designs, updates provide more than just aesthetics; they often implement fixes for your OS to repair any vulnerabilities that can be targeted by hackers.
All you have to do to ensure your smartphone is covered by the latest protection is verify the update as soon as you get the notification.
Keeping your physical device safe
The most likely form of attack against your smartphone is physical, usually through theft. Crooks will attempt to use the device to make expensive overseas phone calls, or access any of the information that’s available through manual use of the device.
An important step to take against this form of attack is to enable the phone’s first-point security settings, namely passcode requirement to access the phone. Ensure the password is quite unique, avoiding number combinations such as “0000” or “1234”.
Some thieves may not actually be interested in your device, just the SIM card within. To protect against the SIM card being used outside of the device, you can enable SIM lock, which requires a passcode to be entered before it can be used. Again, follow the recommended advice of avoiding an easily-guessed passcode to keep this feature as secure as possible.
Tracking software can be used to find out where you phone is currently located, which is particularly useful if you think you might have lost or misplaced the device. Installing software such as 'Find my iPhone' will not only allow you to find out where your device is, but remotely lock the device so no one can enter it.
It’s also essential to remember to contact your network provider in the event of your phone being stolen to notify them. They will then disable the SIM card so that it can’t be used. The sooner you do this, the better; you’ll be liable to pay for the bill (up to a point, which differs with each provider) until they are notified, so make this a priority.
Finally, if you’re choosing to sell or recycle an old device, be sure to restore its factory settings. This will ensure any of your personal information is removed from the smartphone, leaving it clean to be used by someone else.
Rogue apps, and how to avoid them
Smartphones are nothing without their apps. They provide the entertainment and features we’ve all come to rely on, and help to make the experience with your device worth the cost of the handset. However, these are a common point of entry for those looking to install spyware or carry out phishing.
Rogue or malicious apps are designed to look like an app you want, but they’re really a front to install software on your phone that can allow access to your personal information remotely. This information can include access to your phone calls and texts, and even allow the hackers to make commands on your device without even touching it.
Apple’s App Store is widely lauded for its security, as each and every app appearing within the store is reviewed prior to sale. Apple’s OS also ensures that, even if a rogue app falls through the verification system, it will not allow the app to access any information within the phone that isn’t directly implemented by the user into the app.
Meanwhile, Google’s Play Store does not have this review process, and is therefore far more vulnerable to attack. Google does have an anti-virus software that checks the apps (named Google Bounce), but with regularly updated attacks, it does not guarantee safety.
The Windows Store undergoes similar checks to those at Apple, though as the store is relatively new, the full extent of its security is not yet clear.
So, if you have an Android device, what can you do to protect against these apps? After all, many pose as popular apps (such as games), and can be easy to mistake for something genuine.
The best thing to do is check user ratings, and small, subtle cues such as misspelling in the name or description, as well as the total download count. If you’re looking to download, for example, Angry Birds, you’ll know it’s a malicious app if the download count is low, when it should in fact appear to be in the millions.
If you find a bad app, be sure to report it as such. This will notify Google, and they will review it and remove it from the store, helping to ensure no vulnerable users can download it in future.
iPhone users can also help to ensure they’re fully protected by understanding the drawbacks of a jailbroken phone. Jailbreaking allows users to download apps that do not appear in the App Store (amongst other actions), which can be great if you want an app that only appears in the Play Store, for example.
However, once the device is jailbroken, apps run outside of the iOS’s sandbox protection, which means they can access any part of your device, and therefore your personal information. It’s up to you to decide if you want to run the risk of jailbreaking (it is perfectly legal), but be aware of the risks before doing so.
Norton’s Mobile Security can help to guard against malicious apps in the same way anti-virus does on a desktop device, by scanning and checking every app that you may download, and blocking attacks when they occur.
Staying safe online
There are a number of security issues that carry over from those you’ve come to expect on a desktop device. Phishing, whereby people attempt to gain your personal information by posing as a legitimate company, can be an issue over email and SMS. For example, you may receive an email or text message claiming to be from your bank, asking you to verify your account number and password to ensure it is secure.
We’ve spoken before about protecting yourself against phishing attacks. The main take away points are to be sure that you never give up personal information such as passwords, account numbers or sort codes, especially for anything that contains access to your financial information. Your bank or building society will never ask for it, so never give it.
It’s also important to talk to your family about the importance of not giving in to pressure. Phishers will attempt to scare you into giving them information – don’t let them. They are powerless without your information, so always be certain to never give it to them.
If you’re ever worried about a phishing attack, or want to verify an email or SMS you’ve received, contact the legitimate brand directly over the phone or in branch, and they will be able to verify the messages authenticity.
As more of us take online shopping from the desktop and onto mobile, website security on your smartphone is incredibly important, particularly if you’re making a transaction.
As on a desktop, there are certain signs to look for when visiting a webpage, particularly the lock icon and green font that will appear in the address bar. This shows that the site is encrypted, and therefore secure for you to input your financial information.
Finally, you’ll want to check the Wi-Fi network you’re connected to when out and about. A large number of restaurants, cafes and even stores offer free Wi-Fi, and it’s a great feature to take advantage of.
However, unsecured networks can leave you vulnerable to attack, as they can work by connecting your device to another, allowing hackers to access your information remotely, including passwords and other sensitive information.
The easiest way to avoid connecting to an unsecured network is to avoid any Wi-Fi that doesn’t request a password for access. There’s a chance a connection without a password will be totally fine, but by following this simple rule, you can completely negate the risk of attack in this way.
So, we’ve reached the end of our ultimate guide to smartphone security. Let’s take a look at the main takeaways:
· Always install updates to keep your OS security up-to-date
· Enable passcode and SIM locks as soon as you receive the device
· Beware rogue apps and phishing messages
· Apply desktop best practice on mobile whilst online
· Don’t connect to a Wi-Fi hotspot that doesn’t request a password
Additional security software specifically designed for mobile devices helps to provide an added layer of safety to your smartphone. Being aware and taking advantage of what your smartphone already offers can also provide you with the level of security to keep your personal information as private as you’d like.