Protect mobile phones

Phones are at risk, and not just from theft

Mobile phones, especially smart phones and phones with Bluetooth, are at risk from a number of electronic attacks as well as traditional risks like theft and absent-mindedness.

Why protect your mobile phone?

Besides the usual risks with mobile phones:

• Theft or loss.
• Disclosure of private contacts.
• Fraudulent use of your account.

The new generation of smart phones and phones with wireless connections and access to the Internet present new information security challenges:

• The (small but growing) risk of smart phone viruses.
• An equally small (but also growing) risk of phishing by phone.
• Accessing private information over a Bluetooth wireless network.
• The fraudulent use of your data connection over a Bluetooth link.
• Accessing usernames and passwords that were stored to your device while using the Internet.

Internet on your smart phone

• An increasing number of mobile phones are able to access the Internet. You can access most of the Internet in much the same way you can at home or at work and in the same way that you should protect yourself online when on your PC, you should consider doing the same when online on your mobile phone.
• For example, whenever you visit a web site or type in your personal information a record of it is saved to your device. This recorded data might include usernames and passwords. They could be for your online banking, payment services or your social networking sites like Facebook, Twitter or MySpace. If your mobile phone was lost or stolen, anyone who found it would be able to access all that information at a click of a button.

Be Password Smart

• Use the PIN or passcode function to secure your handset. Don't rely on the default factory settings - create a combination that won't easily be guessed by others, and set your device up so that it automatically locks if you haven't used it for a few minutes
• Make sure any application you use does not store your log-in details or allow automatic log-in
• Never store reminders of your logins and passwords in your contacts or in texts

Keep Safe

• When using your smart phone to browse the Internet don't save usernames and passwords if given the option, in particular those used to access online banking or payment service sites.
• If your phone allows you to run applications downloaded from the Internet, make sure you understand the risks of doing so and are not led into the trap of downloading hoax or illegal software that could contain a virus.
• Use the same care accessing your smart phone in public as you would a PC in public.
• Avoid online banking in busy public areas. Passers-by could be watching what you are typing (known as shoulder-surfing).
• Although using the mobile Internet is more accessable in public on a mobile phone, if you are connecting over an un-secure Wi-Fi connection you need to understand the risks. These threats could be, the theft of your data as it passes through the air or the ability of a criminal to re-direct you to a website that then tries to infect you with a mobile virus. If you are using Wi-Fi in a public place, make sure it is secure or is a subscribed service.
• Periodically check on your service-providers website to see whether there are any updates for your particular make and model of phone.

Protect Personal Details

• Think twice about any personal information you store on your phone. 59% of smartphone owners admit that they store their home telephone number as 'Home' in their mobile device – determined fraudsters may call the number, purporting to be someone else, and use the conversation to find out more details about you
• Think carefully about what information you share online and how it could be misused. Your smartphone holds a great deal of personal information in a single place, making life very easy for fraudsters. So, it's not just about what you put on your social networking profile, but also that it's probably easy to work out who you bank with, where you've recently made transactions, the names of your family and to glean other details from emails or other documents

Synchronising your mobile with your PC

If you synchronise your mobile phone to your home or work computer there is a high chance that personal information that you thought you were leaving at home, you are carrying around in your pocket. Make sure you know what data is saved to your mobile and if you dont need to be carrying it with you then change the settings of your synchronisation software to stop it from copying over.

Stay With Reputable Sites & Applications

• The small form factor on mobile browsers can make it more difficult to spot fraudulent websites so it's critical to make the relevant checks – for example, keep an eye on the URL to make sure you are not be diverted onto other sites
• Mobile banking can be a very efficient way to manage your finances, but only use applications written and published by your bank. Avoid third party tools and make sure you follow the password advice above

Protect Against Malicious Software

• Watch out for prompts or warnings asking if you want to allow software to install or run – if you don't know what it is or what it relates to, err on the side of caution. Mobile handsets are relatively secure devices, but criminals get around this by trying to dupe users into downloading malicious software themselves (often referred to as 'social engineering')
• If you're accessing public wireless networks, turn off the Bluetooth connection when you're not using it to minimise the risk of infections or interception. Overall, using your 3G network is a much more secure option.

Remember it's not 'just a phone'

• Treat your smartphone like your wallet - keep it safe and on your person at all times
• Think of your smartphone as a computer – all the same security rules apply. This includes checking the authenticity of websites, not clicking on links from people you don't know, and watching out for phishing scams (by email, text or even voicemail) asking for personal information.
• If you decide to recycle your phone, make sure you delete all your personal information first - most handsets have a 'reset to factory settings' option in the menu. And don't forget to remove or wipe any inserted memory card too.

Bluetooth

Bluetooth is a short-range wireless network that allows devices like phones, computers and headsets to communicate with one another. While not inherently unsafe, it needs to be properly used to avoid risks.

• If your PDA, phone or laptop has a Bluetooth capability and you don't use it, switch it off.
• If you use Bluetooth, make sure that your devices are not left 'discoverable'.
• Create secure trusted links between devices ('pairing') but don't do this in public in case someone is scanning you while you create the connection.
• If possible, restrict access to known, paired devices.
• Do not accept files transmitted via Bluetooth from unknown or suspicious sources.
• If you lose a Bluetooth-enabled device, delete the pairing from the rest of your devices in case a hacker tries to use it to make a connection.
• If you have an older phone, check with the manufacturer to see if a software update is available. See The Bunker for a list of potentially vulnerable phones.

Phone viruses?

Until recently mobile viruses affecting highend smart phone devices have been few and far between. However, due to the number of users who now have access to the internet on their phone and users who are downloading or syncronising applications to their phone, viruses targeting these type of devices could rise.

Most of these attacks were proofs-of-concept and did little or no damage. You should still be mindful of the potential threat of mobile viruses and know what you can do to minimise the chance of becoming a victim.

Defences:

• If you don't use a smart phone, you are safe from phone viruses.
• Use Bluetooth safely (see above).
• Be careful about downloading applications from untrusted sites.
• F-Secure has an anti-virus program for certain phones.
• For more information see: Protect my handheld computer

Phone phishing (SMShing)

There is growing evidence that criminals are using SMS text messages in phishing scams. For now, be careful about clicking on embedded internet links in text messages. You should also use your common sense if you get an unexpected text message. That lottery win could be a con trick. The 'free' anti-virus software could turn out to be a virus.

Modifying your device

Advanced users may try to modify the software that controls their device. For many users this goes against the terms of their contract. By modifying your device you are potentially opening yourself up to a number of possible threats. These threats could include:

• Downloading third party applications that contain viruses due to them not being monitored or vetted by the official downloading channels.
• Modifying can potentially mean you do not receive official updates which often include special security fixes that help protect your device.
• Modifying your device probably voids your warranty.

GPS on your smart phone

Many of today's smart phones have the ability to check your location based on either how close you are to your service provider or through built in GPS, the technology behind satellite navigation, basically a mini sat-nav device.

Drivers who use satellite navigation devices in their car are warned about the risks of saving their favourite locations on the device, for example their Home address especially if they intend leaving the device in their car. The reason is quite simply that a thief would not only have stolen your car, but they now also know your home address.

The same principal applies to your mobile phone. If it has a built in location service, then think very carefully about adding your home address as an obvious favourite or bookmark. Instead consider bookmarking your home address under a made-up name.

Protect against theft

• If you lose your phone or it is stolen, report it to your mobile phone provider immediately or call 08701 123123 as soon as possible,
• Your mobile phone provider can easily re-enable phone.
• Make a note of your IMEI number. This will allow your operator to disable a phone. Type *#06# into your handset to get the IMEI number.
• Use a security lock or PIN number if your phone allows it.
• Mark your phone with a 'ring this number if found' and give an alternative number for you to be contacted.
• Avoid printing you address on the phone. If it has been stolen, the thief already has far too much information about you. Don't give them your address as well.
• Stay alert when using your phone in a busy area. This is when most phones are stolen.
• Register your phone on the Immobilise National Property Register – if it gets recovered by the police after being lost or stolen, there's a better chance of it being reunited with the rightful owner