Just like computers, smartphones have their security flaws. There have been many examples of Android breaches, with the Kapersky Security Bulletinproviding the recent example of the Android version of the Pegasus mobile espionage software, known as Chrysaor.
While the consensus is that Apple’s iOS is more secure than Google’s
Android OS, all phones remain vulnerable to the latest chip
vulnerability to be exposed: Spectre.
Additionally, in September alone last year Sophos Labs found that more
than 30% of the ransomware it identified was on the Android platform,
and there are an estimated 10 million Android apps that are categorized
as ‘suspicious.’
Given the rise of mobile malware, users need to be constantly vigilant
and make sure that their phones are secure, and here are six ways you
can do that.
1. Lock your phone
Enabling a phone to lock itself when not used for a short period is a
cornerstone of keeping the device secure. When the phone is locked, it
prevents others getting access to the device, and all of its data data
and apps. While years ago locking your phone was a bit of a pain, modern
smartphones offer a variety of unlock options, including fingerprint
sensors and facial recognition, so you no longer have the excuse that
it’s inconvenient to have to unlock the phone when you want to use it.
When you configure the lock settings you can specify the number of
minutes before your phone locks, so specify a short interval of only a
few minutes to make sure an unattended phone is locked down if found.
The phone should also default to the lock screen after a restart, and
require a PIN, not a fingerprint or other less secure shortcut, for the
initial unlock to offer a higher level of security.
2. Keep the OS up to date
Android users continue to face the fragmentation of their OS. The most
common version of Android in use as of February 2018 is Nougat (7.0,
7.1), with a 28.5% market share, but only 1.1% of Android phone users
are running the latest version, Oreo (8.0, 8.1), while the five-year-old
KitKat (4.4) still soldiers on with 12% of the market, according to Fossbytes.
The situation is better, but far from perfect, in the Apple camp. While
the latest version of iOS, 11.2, does have the highest market share at
70%, there’s a persistent minority of users still on earlier versions,
such as the 10.1% who are on version 10.3, which is approaching a year
old and doesn’t offer all the latest security updates.
Android users continue to be quagmired between phone manufacturers not
releasing the latest updates for their handsets, and then carriers not
rolling them out, leaving users potentially vulnerable to new threats, a
situation that Google is seeking to address with its latest attempt to
facilitate Android updates, Project Treble.
Our recommendation would be that if your phone is no longer being
updated, then it’s time to start shopping for a new one. When looking
for a new smartphone, in addition to other features, look for a phone
that’s likely to receive updates over the long term. This makes an
argument for choosing a more popular flagship that’s more likely to get
plenty of update love over its lifetime, or a Google Pixel phone that will be well supported with updates.
3. Avoid insecure brands
Some phones have a reputation for receiving more frequent updates, such
as the aforementioned Google Pixel line, and Apple iPhones that continue
to get updates for several years. However, with other smartphones it’s
quite the opposite.
In February the issue of phone security reached the level of a
congressional hearing in the US, with intelligence officials warning
that phones from Chinese manufacturers Huawei and ZTE should be
considered insecure, and going so far as to accuse these phones of spying on US citizens. And last year budget phones from Blu were pulled from Amazon due to privacy concerns.
In general, sticking to more mainstream brands that have a high profile
in the market, rather than second- or third-tier products, is the safer
choice.
4. Encryption
With all the data that’s on your smartphone – emails, contacts,
financial apps and more – it goes without saying that if the phone is
lost or stolen you don’t want a crook gaining access to it. The solution
is to encrypt the phone’s storage, so that if it falls into someone
else’s hands the data is protected.
Thankfully, setting up encryption is pretty simple – just follow our handy guide.
5. Scan for viruses
Mobile devices are
increasingly susceptible to malware, including ransomware. Even the
Google Play Store continues to be plagued with malware, with unreputable
programs attracting an astonishing 4.2 million downloads,
including the ExpensiveWall hack that masqueraded as a wallpaper app.
The solution, just as when downloading software to a laptop or PC, is to
be wary of downloads from less mainstream vendors and unverified
sources, and to scan periodically for viruses and malware.
While Windows desktop operating systems come with Windows Defender to
guard against malware, mobile platforms don’t yet have a default
antivirus program. The easy fix is to download and install an
anti-malware app, and we have recommended choices from reputable vendors
for both iOS and Android.
6. Don’t jailbreak your phone
A subsection of iPhone users have a reputation for ‘sticking it to the
man’ by jailbreaking their devices, believing that in order to get the
most from their phone they need to free it from Apple’s built-in
restrictions on which apps and extensions they can install. Android
users can do something similar, although the term here is to root the device, rather than to jailbreak it.
The problem with doing either is that it enables users to download
unauthorized apps that may contain malware. For example, back in 2015
the KeyRaidermalware that targeted jailbroken iPhones, and resulted in 225,000 Apple accounts, including passwords, being found on a server.
That attack, however, pales in comparison to the more recent CopyCat malwarethat
affected 14 million Android devices, and even rooted eight million of
them without the owner’s knowledge. The source of the malware was
popular apps downloaded from sites other than the Google Play Store.
From a security standpoint, the best practice is to not jailbreak your
phone, and stick with the original OS to avoid exposing the phones to
malware and other threats.
No comments:
Post a Comment