Blog: Android

Basic safety tips for mobile devices

Ken Munro 08 Jul 2015

This isn’t a ground-breaking how-to for the technical people out there, it’s just some simple advice for your staff on how to use their mobile devices a bit more safely.

Yes, there is plenty of great advice out there on the internet for using devices safely, but these are the important issues that I think should be addressed first.

 

#1 Set a PIN; a long one

PINlong

If you don’t set a PIN, you’re nuts! Think of all the passwords you have entered in to your smartphone. Your email password, social network password and all the apps that need your password too. Without a PIN every single one of those passwords is open to trivial theft if your phone is lost or stolen. Before you know it you’ll find your photos, your backups, and all your app history gone. That’s if you’re lucky.

If you’re unlucky, you will find fraud in your name, loans, massive international phone bills and more.

Hopefully you do have a PIN set. That PIN is used to protect your phone and all your data on it. The PIN is often part of the encryption key that is used to secure all of your passwords stored on the phone.

So, if you have a 4-digit PIN it effectively reduces every password you have to one of 10,000 possible combinations.

There are cracking tools on the market for around £100 that will crack 4-digit iPhone PINs on all but the most recent iOS versions in less than a day.

So, set a 6 or 8 digit PIN. A little more tricky to enter when driving at 80mph, but we don’t do that, do we?

#2 Turn Wi-Fi off when you’re not using it

wifiOFF

3G/4G is broadly much more secure than using Wi-Fi. Intercepting your data over Wi-Fi is fairly straightforward, particularly at public hotspots.

Just from the data your phone sends out over Wi-Fi, a hacker can often work out where you live, where you work and then steal your passwords.

It’s not just hackers that want your data. There are companies that use Wi-Fi to track you and sell your movements and profile to retailers. Profiles that are being built up about you without your permission.

Opt out for free: turn Wi-Fi off when you’re not specifically using it. Your battery will last longer too!

#3 Keep your phone software up to date

Why is phone software updated? To give you new emoticons and app functions? Not really! Updates are mostly there to fix security bugs.

Puts a different perspective on that ‘update available’ alert doesn’t it?

Update

Can’t be bothered to update to the latest version of iOS or Android right now? Fine, leave yourself exposed to all the security flaws that your version has.

Install as soon as an update is made available!

#4 Disable voice control (Siri, Cortana, Google Now) unless you really need it

voiceOFF

Most users try voice control when they first get a new handset. Then they discover that it’s annoying, makes them look like an idiot, and it’s often quicker just to type! After the brief voice control honeymoon most people forget to turn voice control off. A thief or hacker with a stolen handset can bypass the PIN locks by speaking carefully to the phone.

Siri for example offers a huge amount of functionality even when a phone is PIN locked.

If you want to prove a point, try saying ‘update Facebook’ to Siri on a locked iPhone. One could really mess up someone’s online life that way…

…and if someone did this you’d definitely wish you had turned it off.

You can still use Siri, Google Now and Cortana if you want to, just change the settings so that you can only use them AFTER the PIN has been entered and the phone unlocked.

And a few more words of advice:

Many people give their old phones and tablets to their children to use. Older devices have more security issues. How comfortable would you be with your child using an old iPhone to which the 4-digit PIN could be cracked in under 20 seconds? They’re only kid’s apps, but think about what information they’re entering in to those devices.

Older children and teenagers want all the latest apps, but can’t or won’t pay for them. There’s a temptation to ‘jailbreak’ or ‘root’ their phone in order to get access to unofficial app stores, full of cracked, free apps. Those apps are often laced with malware, ready to steal their photos and other personal very personal data. Don’t jailbreak your phone.

Finally, talk to your children about using their mobiles. There are loads of really good resources online about child protection and internet safety, particularly around mobiles and tablets. 15 minutes of your time looking at the Get Safe Online campaign would be a good idea.