Plugged In: Be smart when it comes to smartphone security

By Joe Kashi, for the Redoubt Reporter

Security risks increase sharply when people use personal devices for business purposes or when they mix personal and business applications and data such as credit cards, payments and private email. As a result, smartphone malware attacks more than double each year.

Although Google and Apple make reasonable efforts to enhance the security of their smartphone operating systems, those operating systems are vulnerable to viruses and other malware, usually spread by a poorly written or malicious app or by an infected message attachment. Android is also used as an operating system for a number of tablet-based mobile computers, which are likewise vulnerable to Android exploits.

In addition to mobile-specific protections, tablet systems also require normal computing security approaches, many of which are incorporated directly into Windows 10 and the latest Apple operating systems. Windows 10 is a free upgrade for the next several months and upgrading tablet computers to Windows 10 from Windows 8.x should be on your to-do list after the operating system has been in general use for several more months and the first Service Pack has been tested and made freely available. In the meantime, regularly update your system to patch potential security holes and wayward apps.

Although Apple and Google argue that their operating systems are sufficiently secure and third-party security applications are not needed, Apple’s App Store was recently breached by at least 39 known malware apps. Android apps show at least as much vulnerability.

Android-specific security solutions abound, including Android-specific antivirus programs. The most highly rated for protection and usability are, as of July 2015:

  • AhnLab V3 Mobile Security 3.0
  • Alibaba Mobile Security 2.4
  • Antiy AVL 2.3
  • Avast Mobile Security 4.0
  • AVG AntiVirus Free 4.4
  • Avira Free Android Security 4.1
  • Baidu Mobile Security 5.7
  • Bitdefender Mobile Security 2.40
  • BullGuard Mobile Security 14.0
  • Cheetah Mobile CM Security 2.6
  • ESET Mobile Security and Antivirus 3.0
  • G Data Internet Security 25.8
  • Norton Mobile Security 3.11
  • Sophos Mobile Security 5.0
  • Trend Micro Mobile Security 6.0

The Google Play site and security application store is the central locale for Android security. At Google Play, you’ll find Verify Apps security scanning software, security-certified applications and applicable updates to the Android operating system. Beginning with Android 4.4, Android claims enhanced security and a workable wall between multiple users of the same mobile device. Android 5 is the newest version and devices should be updated to it where possible.

Smartphone attacks typically include data theft (including all that banking, credit card, Apple Pay, financial and other information residing on your phone), identity theft, and usage/availability theft. Remember that the entire purpose of smartphones is easy communication through unseen wireless transceivers, making them even more vulnerable to communications attacks than office-centric computers. Some mobile malware can also infect Windows and iOS desktop computers in the main office.

Other mobile attacks include SMS/MMS messaging exploits specific to individual phone models and messaging that includes malware file attachments. As with office-centric computers, opening the attachment infects the operating system, often resulting in broadcast of malware to everyone in your address book.

Some countermeasures:

  • Don’t share devices among users.
  • Don’t use the same device for both business and personal apps.
  • Use only OS vendor-approved apps.
  • Install recommended updates to your operating system.
  • Other mobile security problems include NFC (Near Field) and Bluetooth communications and network. Turn off these services unless immediately needed. Pair trusted devices in a secure, private location, not in public, and then turn off device discovery and automatic connection and lock down the configuration.
  • Run one of the best mobile security suites.
  • If a biometric authentication device is available, use it, but remember that it’s not foolproof. Millions of fingerprint files have recently been stolen online.
  • Don’t run in full-access administrator mode unless it’s immediately needed. Routine use should be at a lower security level.
  • As with any computing system, be skeptical of unexpected messaging attachments.
  • Isolate processes, disable autorun features and lock down memory and file access permissions as appropriate.
  • Be aware of your mobile device’s silent operation. Are there unexplained calls and messaging? Is your battery running down much more quickly than expected?
  • Require affirmative permission by the user before any software is installed or modified.
  • Lock the phone when it is not in your immediate possession and use.
  • Be careful about what data you have on your phone, such as banking and credit card information, logins, auto-passwords, etc.

Taking these basic smartphone precautions will reduce, although not eliminate, the risk of your mobile experience.

Local attorney Joe Kashi received degrees from MIT and his law degree from Georgetown University. He has published articles about computer technology, law practice and digital photography in national media since 1990. Many of his articles can be accessed through his website, http://www.kashilaw.com.

Leave a comment

Filed under Plugged in, technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s