Your New Best Friend May Not Protect You

Your mobile phone may arguably be your new best friend. There are few people, places, or things in our lives today that get as many hours of attention as your mobile phone or is with you as often (and for some of us, that means 24/7). Four out of seven people on the planet have mobile phones, because a phone really is a great companion that brings us into contact with all the actual people we love, media that entertains us, music that makes us feel good, and finances that help us eat.

But unlike a German Shepherd, your mobile isn’t exactly a security device. Certainly, it can help you get help, but we often forget that our smartphones are our most personal computer and are usually with us most of the time. Even though we use our smartphones for way more than just calling people, we don’t protect it like we should. Below are some tips from McAfee on mobile security.

  1. Lock it: Configure your phone to lock automatically after two or three minutes, and to require a PIN to unlock. And make sure you’re not using a PIN like 1234 or 1111.
  2. Install trusted apps: Only download from reputable app stores. Third parties are risky. Use crowdsourcing and checking reviews before downloading any app.
  3. Back up: Most smartphones have the ability to back up wirelessly, locally or to the cloud. Just like your computer, it’s good to do this with your smartphone on a regular basis.
  4. Update your OS: Operating system updates are meant to patch vulnerabilities in your OS and allow it to play well with other apps.
  5. No “jailbreaking” or “rooting”: These terms refer to the act of hacking your device so that it can go beyond the intended walls it was designed to stay behind. Those walls offer protection you won’t get otherwise.
  6. Log out: Just like on a PC, before you close that window or walk away from the device, log out of any websites or programs. And remember, don’t “save” your information so that you can automatically log in the next time—if your mobile is lost or stolen, someone else can easily access your accounts or files.
  7. Turn off WiFi/Bluetooth: If you aren’t using wireless services, shut them down. Open, unattended wireless connections are easy targets for criminals.
  8. Don’t get scammed: Any emails or text messages you receive requesting personal information are usually scams. Unless you specifically initiated the conversation, just hit delete.
  9. Don’t click links in emails or texts: Unless I’m expecting an email from a friend, colleague, or company as a result of an action I’ve taken, I don’t click links, since they can often result in your device becoming infected with malware. And it’s much harder to see if a link is not valid from your mobile device vs. your computer.
  10. Install mobile security: Comprehensive security is as important and necessary for your smartphone as for your PC and even your Mac. And don’t forget that just like your computer, you need more than antivirus.

 

10 Tips to Mobile Security

 

 

 

 

 

 

 

 

 

You can download these tips in a PDF document to share with your friends and family.

 

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

The post Your New Best Friend May Not Protect You appeared first on McAfee Blogs.

Mobile ‘Wallets’ Attract Greater Interest From Thieves, Researchers

As mobile phones allow us to carry our money in an electronic “wallet,” they will also become a greater target for crooks. Picking a pocket is a risky endeavor for a thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with a mobile phone.  Thieves are now more likely to go after both mobile payment software and phones enabled with near-field communications (NFC). However, things are not so bad; security researchers proof-of-concept (PoC) attacks against Google Wallet and Square’s credit card readers have prompted improvements in security.

Square credit card reader with American Express card
Square’s credit card readers recently added encryption for credit card data.

Security researchers have already tested Square’s credit card readers, using exploits and keyloggers to intercept credit card numbers as they pass to their mobile phones. Square has now added encryption to new versions of its credit card reader. Does that mean that they’re completely secure? Not necessarily. Security researcher Adam Laurie is taking a closer look. Laurie has a large amount of experience in reverse-engineering embedded systems and RFID hardware. His research includes finding vulnerabilities in hotel room safes, RFID passports, and chip and PIN credit cards. As word of the new, more secure Square readers arrived, he posted an open request on Twitter. This can only be good for the security of the mobile payment system.

Researcher Adam Laurie requesting one of the new encrypted Square readers from his Twitter followers.
Researcher Adam Laurie requests one of the new encrypted Square readers from his Twitter followers.

NFC-enabled contactless (“tap and pay”) credit cards are also at risk from an attacker with a specially crafted app and NFC-enabled mobile phone. Researchers at viaForensics have demonstrated a PoC NFC reader Android app that can grab the information on your credit card just by placing the phone nearby. An attacker can walk through a crowd and collect numbers and expiration dates from numerous victims. The CVV2 and other card verification numbers aren’t included, so it is more difficult for a criminal to resell stolen credit card information. Generally the CVV2 number, printed on the back of credit cards, is used to verify that online transactions are being made by someone who has the actual card. Most online shopping sites won’t allow a purchase if the customer doesn’t have that number. However, this didn’t stop viaForensics’ partner, the UK’s Channel 4 News, from being able to use this minimal card information on a popular online shopping site.

These latest phone enhancements have inspired an increasing interest in mobile payment security from both the bad guys and security researchers.

The post Mobile ‘Wallets’ Attract Greater Interest From Thieves, Researchers appeared first on McAfee Blogs.