How to Safeguard Your Mobile
Privacy
WASHINGTON—A great
deal has been written over the years about the necessity of computer users to
be proactive if they want to guard their privacy and keep their machines clean
of viruses. Habits such as changing passwords, updating software, running
anti-virus and using encryption when possible are often referred to as “good
web hygiene.”
But as the use of mobile phones and other devices has skyrocketed,
users often have failed to transfer these precautions to the mobile digital
environment, leaving millions vulnerable.
This was put on display in the fall of 2014 during the “Occupy
Central” protests in Hong Kong, as Chinese hackers flooded protestors' phones with a variety of
malware.
Some phone manufacturers have stepped in to fill the security gap.
For example, Apple now automatically offers end-to-end encryption
for iMessage and FaceTime, as well as offering a range of other encryption services
and applications.But most security analysts say these steps aren’t enough, and
that mobile phone and tablet users around the world need to step up and take
more responsibility for keeping themselves safe and secure in the wireless
world.
Passcode
The first step is with the device itself.The latest versions of the world’s three most common mobile operating systems, Google’s Android, Apple’s iOS and Microsoft’s Windows Phone, already offer complete encryption as an option. It’s activated in different ways, but common to all is that users create a passcode they must enter every time they power up or unlock their phones.
The first step is with the device itself.The latest versions of the world’s three most common mobile operating systems, Google’s Android, Apple’s iOS and Microsoft’s Windows Phone, already offer complete encryption as an option. It’s activated in different ways, but common to all is that users create a passcode they must enter every time they power up or unlock their phones.
Once encryption is enabled and tied to the
passcode, all data on the device will be encrypted and unreadable without the
passcode.
This means it’s important for users to choose a code that will be
sufficiently challenging to crack. A simple four-digit code is practically
meaningless; a 15-character code that uses digits, upper- and lower-case
letters, and symbols would be magnitudes harder to break.
Downloading Apps, remote wipe
Users should also be careful when and where they download apps or document attachments. Applications downloaded from Apple’s iTunes or Google’s Play Store are generally fairly secure, but downloading from other services can be an iffy proposition. As always, it’s not a good idea to download any email attachments you didn’t specifically ask for.
Downloading Apps, remote wipe
Users should also be careful when and where they download apps or document attachments. Applications downloaded from Apple’s iTunes or Google’s Play Store are generally fairly secure, but downloading from other services can be an iffy proposition. As always, it’s not a good idea to download any email attachments you didn’t specifically ask for.
Anti-virus packages are available for mobile phones, but security
analysts are roughly split on whether they would be required for the majority
of phones. What is recommended, however, is for users to install some sort of
“remote-wipe” application, which would allow a user to remotely erase all the
phone’s data in case it’s stolen.
Secure WiFi
Mobile phones traditionally connect to the world by two means: wireless phone service for actual phone use, and a wireless local area network, or WLAN, for Internet and data. Tablets mostly just use a WLAN. Both the phone service and WLAN use provide potential security holes, but many of those can be mitigated.
Mobile phones traditionally connect to the world by two means: wireless phone service for actual phone use, and a wireless local area network, or WLAN, for Internet and data. Tablets mostly just use a WLAN. Both the phone service and WLAN use provide potential security holes, but many of those can be mitigated.
First, when connecting to a WLAN using WiFi, users should choose
their service carefully. In crowded urban environments, it’s not uncommon for
phones to sniff out 20 or more WiFi services with decent signal strength. If
possible, users should only connect to secure WiFi services; these are denoted
by a locked padlock icon and require some type of password to access.
Free, open WiFi services – those available to anyone without any
passcode – should be avoided if at all possible. It’s simply too easy for a bad
guy on open WiFi to break into others also online and create havoc.
SMS
Text messages (SMS), which are transmitted via the phone service, are relatively (but not completely) secure from infections. But as with actual phone calls, they can be intercepted by third parties.
Text messages (SMS), which are transmitted via the phone service, are relatively (but not completely) secure from infections. But as with actual phone calls, they can be intercepted by third parties.
There are numerous apps available designed to keep text messages
private and secure. WhatsApp is one of the most popular around the
world, logging around 700 million users worldwide, with more users in India
than in any other country.
The app by-passes the mobile phone service, using the Internet to
send and receive secure text, photos and video in what it calls “chats.” Other
selling points are its ease of use and low price, costing just $1 a year.
Its parent company, Facebook, says WhatsApp chat sessions are
completely secure; however a handful of high-profile security breaches
beginning in 2010 have raised concerns among privacy advocates.
Encryption Apps
For the more security minded, some users have moved to TextSecure, an open-source text encryption app produced by Whisper Systems, a data security company endorsed by no less than former NSA contractor Edward Snowden. It offers end-to-end encryption for users running TextSecure for text, audio, video, and images.
For the more security minded, some users have moved to TextSecure, an open-source text encryption app produced by Whisper Systems, a data security company endorsed by no less than former NSA contractor Edward Snowden. It offers end-to-end encryption for users running TextSecure for text, audio, video, and images.
Whisper Systems engineers say that in addition to robust
encryption, the app offers a user verification system to prevent
man-in-the-middle attacks.
Whisper Systems also has an app for securing mobile phone calls.
Called RedPhone, the app was aimed at first specifically for people who live
under repressive governments that routinely tap and monitor phone calls.
RedPhone uses the Internet for end-to-end encryption of real-time
two-way voice conversations between two RedPhone users. Additionally, two
matching words appear on both phones during the call, allowing the users
themselves to verify a secure, encrypted connection. RedPhone has proven to be
very popular in a number of nations, including Venezuela and Egypt.
Another popular application, Ostel, is an
outgrowth of the Guardian
Project, a cooperative venture to develop applications that secure
users’ privacy. Like RedPhone, Ostel uses VoIP (“Voice over Internet Protocol”)
for end-to-end encryption between Ostel users; an additional benefit is that
there are no costs for long-distance or international calls.
Finally, for users who want proven Internet security for their
mobile Android device, and don’t mind giving away a little speed of access,
there’s Orbot.
Essentially Tor for mobile, it’s just like its online
counterpart, routing all text, Internet and email data through a
randomized series of computers.
Like Tor, Orbot offers users some of the strongest privacy
protection to be found – but it comes at a cost. Because the user’s data is
being routed through a shifting set of nodes on the Tor network, Orbot can
significantly slow down uploads and downloads. It’s not for everyone, but for
those who want to remain as anonymous as possible, it’s just about the best bet
available.
Source: http://www.voanews.com
Edited and published by Sivar Aziz Hawler 26-5-2015
0 comments :
Post a Comment