Mobile Security

Shaitan's Avatar
Hey, this is my first post, so I thought I would present some good food for thought got the esteemed ladies and gentlemen of the forum. Much of this may be obvious, but never hurts to brush up on basics.

We pretty much all carry at least one device with us that is connected to the internet at all times. How well do you know this device? Do you know what it is doing? What it is saving? Who has access to your device, be it phone or tablet? Like much technology, we often do not understand much, beyond how to use the device for specific functions. This puts you, and other people you know, in jeopardy. Awareness first. This thing you carry with you is a lot like a good friend that means well, but often talks too much, unless you lay down some ground rules. By the way, a good portion of this will center on Android devices, as that is where my familiarity lies. The principles apply across the board.

First, Bluetooth? If your device contains sensitive data, Bluetooth is your enemy. It is a form of communication that is entirely unencrypted, uses 4 digit pass codes that are often set by manufacturers, and easy to obtain. Access to a device through Bluetooth is very simple. Additionally, that signal can be amplified, making it's usual short range much longer for a person interested in your device. Keep Bluetooth completely disabled. It does not matter if you are using it out not. Turn it off.

The same goes for wireless. If your phone can see other networks, those networks can see you. If your phone is visible, it can be compromised. Turn it off.

Lock your phone! If you are using Android, use the pattern lock, and make it complex. Make the pattern unusual. In any situation where you should be cautious, thoroughly wipe the screen, so the pattern can not be guessed by smudges. Do not ever let anybody see you unlock your phone. Ever. Now, there are methods of bypassing this, but all you need is time.

I will explain a possible scenario that might be useful. There are several anti-theft applications on Android now. I prefer Avast, as it is rolled in with their antivirus. The anti theft options include the ability to remotely turn on GPS, to set off an alarm, to take pictures, all by sending your phone a text message. You can ALSO tell the phone to do a full wipe of the card, and a factory reset of the device. I am not talking about simply deleting contents, I am talking about overwriting the contents completely with trash data, making recovery very unlikely, if not impossible. Now, how you make this happen, in a pinch, is up to you. You may have to have an agreement with somebody you trust, who can send the text for you. I will leave that creativity up to you. I do recommend storing your data on a spare SD card, or offsite backup location, in the event the wipe does happen.

Most importantly, encrypt! Encrypt your pictures, and your contacts! Use password vault for your passwords. If you have backups, make them incredibly difficult to access for anybody. Keep the antivirus on your pc up to date. If you can avoid using wireless at home, do so. If you cannot, make sure that your encryption is WPA2, that the router cannot be managed over wireless, and that access is controlled by an access list using MAC addresses. Not sure how? Contact a friend in IT. Don't have one? Google!

PS - using the remote wipe function from avast, or any other similar tool, will require you root your Android. This means you follow a process that gives you full admin rights to your phone. It sounds daunting, but if you google the phone model and the words "how to root," you will find tons of detailed instructions. Be security minded, no matter what you do, or who you are. It's not just the authorities you have to worry about, it is the criminal element. Ever check your bank balance on your device? Think about it.

If you have any questions, feel free to ask!
Shaitan's Avatar
Oh, by the way, HI! I have enjoyed the board a lot. Ridiculously informative and entertaining! :-)
ahh.. a fellow nerd...
  • ivan
  • 09-20-2012, 06:54 PM
WTF?
JIZZ IN MY PANTS...
Shaitan's Avatar
WTF? Originally Posted by ivan
*sigh*

If you are engaged in an activity that might be seen as illegal, that has you participating in a larger community sharing in that activity, the contents of your phone, or other devices, can contain a wealth of useful information. Contact lists, emails, credentials for logging on to websites like this one. You fail to protect yourself, you can be engendering other people.
Out_of_Bounds's Avatar
Engendering?
Who the fuck let this guy in?
Your paranoia level is reaching critical levels.
Post less, read more, take a breath and read some more.
for a second I felt like I was on Mission Impossible...

clue.. if you have that much to lose, don't be a dumbass. Half of the guys and probably most of the girls aren't even concerned with this. But good advice for those that do heed.
LexusLover's Avatar
for a second I felt like I was on Mission Impossible...

clue.. if you have that much to lose, don't be a dumbass. Half of the guys and probably most of the girls aren't even concerned with this. But good advice for those that do heed. Originally Posted by Luxury Daphne
#1: ..... it is now called "Mission Probable" .... #2 relatively speaking everyone has "something" to lose .. money, time, friends, jobs, marriages, property, ..... #3: the ones who "aren't even concerned" are usually the ones "we" read about in "Alerts" that got busted or a "close call" and poster after poster gives their heart-felt condolences and then avoids them like leprosy for at least a period of time.

Elementary school teachers have learned through ojt that they have to ....
repeat, repeat, and repeat ..... to get the information "in there."

Shaitan ... thank you for the new information for those who "aren't even concerned" and a reminder for those who forget to think with the big head from time to time. Complacency can take its toll among those "in the know."
Shaitan's Avatar
Engendering?
Who the fuck let this guy in?
Your paranoia level is reaching critical levels.
Post less, read more, take a breath and read some more. Originally Posted by Out_of_Bounds
engendering = endangering. Auto correct.

It's not paranoia if you are familiar with the methods, know the people who do it for fun, have read the articles on the tech and methods used by le and criminals. I have been reading, and it seems like some amount of paranoia keeps people of both genders from getting pinched.
lizardking's Avatar
Remember, just because you're paranoid doesn't mean they aren't after you.
  • ivan
  • 09-21-2012, 09:42 AM
Again... WTF?
klutz's Avatar
  • klutz
  • 09-21-2012, 09:45 AM
Remember, just because you're paranoid doesn't mean they aren't after you. Originally Posted by lizardking
Lol! Love it!
tbone77494's Avatar
Can't I just buy a Walmart $30 hobby phone and throw it in a lake every couple months?
aznlvr11's Avatar
Remember, just because you're paranoid doesn't mean they aren't after you. Originally Posted by lizardking
that's for damn sure!

what are you looking at?!?