From communications to online banking, modern life is increasingly reliant on phone security.
Our devices contain huge amounts of sensitive and valuable personal information about us.
Yet many people treat phone security with less caution than PCs or Macs – leaving Bluetooth turned on all the time, and trusting public WiFi networks to transmit data securely.
Few phones have antivirus software installed, and Android’s chief security engineer declared last year that “I don’t think 99% plus of users get a benefit” from antivirus apps.
That suggests our phones are completely secure, when the reality is rather different.
Below, we consider three main threats against phone security, and ways to fight back.
Despite the confidence of Android’s security chief, there is evidence of growing threats against phone security.
This year has already seen a spying platform called Skygofree targeting Android devices, conducting covert audio recording and seizing call/text history from device memory.
The best way to repel malware like ChaiOS is to permit automatic software updates. Regular security updates protect against new threats by plugging software flaws as they’re found.
It’s important not to jailbreak or root your handset if security is a concern, since unofficial apps installed onto your device could be Trojan horses containing malware. Alternatively, they might include fatal security flaws that compromise your phone’s contents.
The Google Play store is less tightly-regulated than Apple’s App store, so Android owners should exercise caution even when downloading officially licenced apps.
Always turn off Bluetooth in public areas, since hackers can deliver malware onto your hard drive without having to pair with your device.
Phishing is a process where someone’s financial affairs are accessed through fraudulently acquired login details or device access.
Common examples of phishing include text messages claiming to be from your bank, saying you need to reset your password or your device has been infected with malware.
Clicking on these links might actually download malware, handing criminals access to your files and folders.
Phishing is often intended to help fraudsters clone your device, or to log keystrokes so they can harvest your login credentials and then access your accounts.
Phishing attacks are difficult to stop because they usually originate overseas, though this means they often contain obvious giveaways like poor grammar and amateurish presentation.
Another way to spot a phishing attack is to try and view the web address (or URL) contained in the link, without clicking on it. If a message claiming to be from Barclays Bank has a URL like zxcvbnm.12345.barcleys.ru, it’s obviously not authentic.
If an email or text claims your account has been compromised (or asks for a password reset), phone your provider from a landline to ask whether the message is legitimate.
Outright theft of mobile devices is in decline, not least since modern smartphones have biometric security features.
Apple users can also program their iPhones to erase the whole device after ten unsuccessful attempts at entering the six-digit PIN code.
Yet even though mobile phone theft has halved in England and Wales since 2011, almost 68,000 people had a device stolen in the year to March 2017.
Avoid becoming part of 2018’s statistics by keeping phones tucked into inner pockets, or in closed handbags. Never leave a device unattended in public, such as in an unlocked car.
Popular ‘find my phone’ services use the device’s in-built GPS to locate it, providing it’s enabled and the phone either has a network signal or WiFi turned on.
It’s also advisable to make a note of your device’s unique IMEI number, which is etched into the circuits. It may help to track a lost or stolen handset.
Common sense can go a long way to keeping your phone’s contents secure:
- Never send sensitive information across a public WiFi network, since hackers could easily intercept this data
- Don’t buy from websites unless they have https security, guaranteeing encrypted payments
- Follow the news for stories about malware affecting your device’s OS. If you want the stories to come to you, set up a Google Alert
- Always check required permissions for new apps, and reject access to personal files and folders without good reason.