Helping people with computers... one answer at a time.

Smartphones, like iPhones and Android-based phones, are really just small computers, and with small computers comes a not-so-small risk.

I use my iPhone for most of my less-intense internet needs. I was wondering: how safe it is from being hacked, given that I keep (some) personal data on it? Is it safe? I don't put any software onto it that's not from either iTunes or the App store, nor do I download anything onto it directly that might be unsafe (though I do make some rather less secure downloads on the computer that I synchronize it to)? If it's not, how do other smartphones compare?

Today's smartphones are incredibly convenient and powerful - they're essentially fully functional, internet-connected computers that just happen to have a phone.

As such, you might imagine that the potential for security issues is present.

I'll look at the various types of risks, including what I believe is the highest risk item that many people fail to consider.

Loss

In my opinion, the biggest risk for any smart phone is simply losing it.

And it's a risk that many people never consider. Or if they do, they underestimate the impact.

"I'd start by making sure that you have some kind of on-device security ..."

Once your phone is in someone else's hands, they have access to everything that's on it.

Everything.

Most smartphones include online access, web browsers, and a host of internet-connected applications. As a result, whoever finds it has access to any and all that you happen to have set up.

Given that passwords are often annoying and hard to type into small devices, many people optimize their phone for quick and easy access, assuming that they're the only ones doing the accessing. "Remember me" and "Remember password" are two frequently selected options on mobile applications and websites.

Of course, that means that whoever finds your phone has immediate and direct access to all of that.

I'd start by making sure that you have some kind of on-device security that would prevent someone who finds it from easily accessing all of your information. Personally, I use "AutoWipe" for my Android-based device, which requires a PIN code to be entered after a certain amount of idle time in order to access the phone. Get the PIN wrong too many times and AutoWipe lives up to its name, erasing the phone.

I expect that iPhones have something similar.

Open Wireless

Many smartphones and portable devices, such as iPads or their equivalent, are designed to make use of wireless connections when available - particularly open wireless connections.

As a result, many people without thinking about it are transmitting sensitive information including account logins and passwords in the clear for any hacker within range to sniff.

All of the rules that I outline in How do I use an open WiFi hotspot safely? apply here on your phone, just as they might on your laptop.

One common characteristic of phones and similar devices is that these applications connect directly to the internet. Most give you absolutely no idea whether or not their communications are secured by using SSL or https. I went so far as to connect my device to my own open hotspot and used a packet-sniffer to verify that the Google Mail application that I was using was connecting securely. I could find no information one way or the other.

If you're not sure ... don't. Don't use open WiFi, or don't use the applications that you're not absolutely certain are connecting securely. (Unfortunately, that usually means killing them as they often run in the background whether you're "using" them or not.)

Hacking & Malware

So far, we haven't seen a flurry of malware or hacking attempts against mobile devices.

So far.

I think most experts are in agreement that it's only a matter of time. There is some phone-targeting malware out there, and phones are, in many ways, even more unsecure than PCs due to the lack of experience with malware and the current lack of anti-malware or security tools. The good news is that the attack surface of mobile devices is typically much different than that of PCs, and thus they will require a certain amount of new innovation on the part of malware authors - they won't be able to simply port their PC-based malware.

It's too soon to recommend a specific anti-malware tool or the phone equivalent of a security "suite", but I expect that this too shall come.

In the mean time, take what most would consider to be the "normal" precautions: don't invite malware onto your phone by installing apps from untrusted sources, let your phone and applications keep themselves as up to date as possible, and consider turning off WiFi when you don't need it.

Article C4885 - July 25, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Doug
July 26, 2011 8:25 AM

Leo: I use an app called "Lookout Mobile Security" on my Android. Is this helping anything? Thanks.

Schalk Schutte
July 26, 2011 9:14 AM

On my Nokia C7 an anti-theft app was included; F-Secure. It offers the following possibilties: If the mobile get stolen, you can use another phone to send a sms code to your mobile to remotely lock, or wipe your mobile as well as prevent the use of another simcard. While this is freeware, there are also browsing, firewall and virus protection available at a premium.

JOSE CARLOS SANTOS
August 1, 2011 12:44 PM

My dear Leo, you are absolutely right. the worst thing that may happen to someone is losing his/her smartphone or any portable device. everything or almost it is there. We have to be very careful with the sensibility of the data we put on them. Hugs.

Bob Stromberg
October 24, 2012 8:20 PM

The Austrian security review web site av-comparatives.org has a web page listing several reports on mobile phone security products:

http://www.av-comparatives.org/comparativesreviews/mobile-security

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.