Helping people with computers... one answer at a time.
Smartphones, like iPhones and Android-based phones, are really just small computers, and with small computers comes a not-so-small risk.
I use my iPhone for most of my less-intense internet needs. I was wondering: how safe it is from being hacked, given that I keep (some) personal data on it? Is it safe? I don't put any software onto it that's not from either iTunes or the App store, nor do I download anything onto it directly that might be unsafe (though I do make some rather less secure downloads on the computer that I synchronize it to)? If it's not, how do other smartphones compare?
Today's smartphones are incredibly convenient and powerful - they're essentially fully functional, internet-connected computers that just happen to have a phone.
As such, you might imagine that the potential for security issues is present.
I'll look at the various types of risks, including what I believe is the highest risk item that many people fail to consider.
In my opinion, the biggest risk for any smart phone is simply losing it.
And it's a risk that many people never consider. Or if they do, they underestimate the impact.
Once your phone is in someone else's hands, they have access to everything that's on it.
Most smartphones include online access, web browsers, and a host of internet-connected applications. As a result, whoever finds it has access to any and all that you happen to have set up.
Given that passwords are often annoying and hard to type into small devices, many people optimize their phone for quick and easy access, assuming that they're the only ones doing the accessing. "Remember me" and "Remember password" are two frequently selected options on mobile applications and websites.
Of course, that means that whoever finds your phone has immediate and direct access to all of that.
I'd start by making sure that you have some kind of on-device security that would prevent someone who finds it from easily accessing all of your information. Personally, I use "AutoWipe" for my Android-based device, which requires a PIN code to be entered after a certain amount of idle time in order to access the phone. Get the PIN wrong too many times and AutoWipe lives up to its name, erasing the phone.
I expect that iPhones have something similar.
Many smartphones and portable devices, such as iPads or their equivalent, are designed to make use of wireless connections when available - particularly open wireless connections.
As a result, many people without thinking about it are transmitting sensitive information including account logins and passwords in the clear for any hacker within range to sniff.
All of the rules that I outline in How do I use an open WiFi hotspot safely? apply here on your phone, just as they might on your laptop.
One common characteristic of phones and similar devices is that these applications connect directly to the internet. Most give you absolutely no idea whether or not their communications are secured by using SSL or https. I went so far as to connect my device to my own open hotspot and used a packet-sniffer to verify that the Google Mail application that I was using was connecting securely. I could find no information one way or the other.
If you're not sure ... don't. Don't use open WiFi, or don't use the applications that you're not absolutely certain are connecting securely. (Unfortunately, that usually means killing them as they often run in the background whether you're "using" them or not.)
So far, we haven't seen a flurry of malware or hacking attempts against mobile devices.
I think most experts are in agreement that it's only a matter of time. There is some phone-targeting malware out there, and phones are, in many ways, even more unsecure than PCs due to the lack of experience with malware and the current lack of anti-malware or security tools. The good news is that the attack surface of mobile devices is typically much different than that of PCs, and thus they will require a certain amount of new innovation on the part of malware authors - they won't be able to simply port their PC-based malware.
It's too soon to recommend a specific anti-malware tool or the phone equivalent of a security "suite", but I expect that this too shall come.
In the mean time, take what most would consider to be the "normal" precautions: don't invite malware onto your phone by installing apps from untrusted sources, let your phone and applications keep themselves as up to date as possible, and consider turning off WiFi when you don't need it.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.