Stay Safe - Tips on securing your mobile devices
Hi Steemians! The mobile phone in your hand is more powerful than the computers NASA used when they sent people to the moon in 1969. Though we typically do not send people out of Earth with our mobile phones 😂, we are still performing rather sensitive activities on them. We perform bank transactions on our smartphones, we trade on our smartphones and we also communicate/store sensitive information with our smartphones. So it is easy to understand why keeping your mobile device safe is so important.
Mobile devices these days are very user-friendly. In fact, too user-friendly that many of us can just pick one up and start using within minutes. And when it is already usable, we tend to forget about security. To learn how to secure your mobile devices, you first need to know how can your phone be compromised. I think there are 3 main ways which your devices can be compromised:
- Physical break-in
- Remote compromise of device
- Compromising device's communication channels
Securing against physical break-in
Physical compromise of your devices comes in many forms. It can just be your friend trying to pull a prank on you or someone trying to access your lost phone. Securing against physical compromise is what most people are able to relate to. Here are a few tips to secure your mobile devices against physical break-ins:
- Setting a strong password
- Using additional authentication mechanisms (e.g. fingerprint, faceprint and eyeprint)
- Enable auto screen lock
- Setup features to locate your phones when lost (e.g. find my iPhone and Android Device Manager)
- Hide sensitive information from notifications screen
- Encrypt device if possible (Be careful when you encrypt though. If it fails, it might "brick" your phone. So always backup before encrypting)
- Enable SIM lock/password
These settings seem to be adding a lot of inconvenience, but trust me, you will get used to it very soon. The more you find it inconvenient, the more difficult it is for attackers to access your phone.
Securing against remote compromise
Remote compromise of phones is what many people are unaware of. And you are unable to defend against something you do not know. Similar to your PCs, there exist malwares that can infect your mobile devices as well. These malwares may potentially gain full or partial control of your phones. Think about how creepy it is if your phone's camera, mic and information can be remotely accessed. If you think it sounds absurd, watch this video demo of this "tool" which can be easily packaged as a malware:
Some tips to defend against such remote compromise:
- Patch/update your device operating system and apps as soon as possible
- Only install apps from trusted stores (e.g. Google Play Store and Apple Apps Store)
- Be mindful about what permissions are granted for each app (e.g. Does "Candy Crush" needs camera and mic access? Does "Clash Royale" need to know your location?)
- Be careful of what you share and store on your phone/apps
- Be watch which sites you visit and which links you click. Phishing attacks work much better on mobile devices than PCs
- Think twice before you "root" or "jailbreak" your phone. Understand the risk of doing that
Securing against attacks on device's communication channels
This risk is what most people (I will say >80%) do not know. When you are accessing the internet through your phone, such traffic might be captured. I am sure you do not want others to know your messages, the sites you visit and even your passwords. Many of these attacks can be guarded against by using encryption. Here are some tips:
- Avoid using public free WiFi if possible
- Use a VPN when really have to connect to a WiFi you are unsure of
- Ensure the sites you are visiting has "HTTPS" instead of just "HTTP" (i.e. The website is secured with SSL encryption)
- Enable end-to-end encryption if your app supports (e.g. WhatsApp and Telegram support end-to-end encryption)
Are you securing your mobile devices? I hope these tips help you. Let me know if I missed out any tips and thanks for reading!
Today I am adding a new image to my signature. Credits to @anthemius for designing and sharing this #TeamSingapore Discord banner. Do check out his post here.
I encourage everyone to check out our Discord server. All are welcome to join, but we will appreciate if you use the #TeamSingapore tag as much as possible. We are looking for cross-communities collaboration, so do contact me if you are interested.
Free public wifi is a killer. Used to tap on it so often. Thanks for the timely reminder @culgin.
Being an inquisitive person, also like combing the internet for interesting articles to read.
That was how EtherDelta got hacked! Stay safe crypto friends!
Indeed. Always use a VPN when you are connected to a public WiFi. And yea, some sites still do not implement SSL/TLS, which is a sin at this year and age.
sound advice! I didn't know that using public free w-ifi is so dangerous. I see everyone so keen and happy using them.
Yea, especially those without passwords, it allow anyone in the network to start sniffing what everyone else is doing. Those at places like, Starbucks, where you need to login, are still alright. Technically, only Starbucks get to see what you are browsing, haha..
Great article! I also use a mobile web filter client on my phone as well. I use FortiClient. It's totally free and blocks access to malicious websites, known phishing sites, and spam URL's. It also works as a VPN client for both SSL and IPsec. Avast also has a good antivirus client for mobile.
Thanks for the comment. For VPN, I'm using Private Internet Access. I am also using Avast on my mobile device for an additional layer of protection.
Posted using Partiko Android
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.
Big brother always watches us no matter what we do
In my industry, there is always this joke. Do you want to be watched by US or China. Haha..
Oh my God! Dude, hack.. I was scared reading this post.. You are so true @culgin. Thank you for sharing this.
Thanks for reading! Glad it helped.
Congratulations @culgin! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Good article as always! Resteemed to my Cyber-Security blog!
Thanks for your support! Your recent post on the security bug on OnePlus 6 was a huge surprise to me. I was planning to buy that previously. Haha..
Me too aha! I think that one of the best secure smartphone now is the BlackBerry KEY2, have you already heard about it?
Haha.. yea. I heard of that phone but do not really like the design 😝. Not much of a fan for physical keyboard.
Me neither but in a security perspective, he's really good ;-)