This week’s theme for Cyber Security Awareness Month is “How to protect yourself online.” This is a broad topic, so I have chosen to focus on our specialty: phone security. Even this can be a complicated subject, but we will do our best to simplify it with the absolute basics of phone security, the things that everyone can and should do, and then work to build your understanding with more advanced tools and apps.
Phone security tactics step one
Here are the three most basic things that everyone should do to increase the security of their phone:
- Hardware: Some phones are built more securely than others. Phones from Apple, Google, and BlackBerry are the most secure on the market. Choosing these phones is always a good idea, with the Key, Pixel, and flagship iPhones always being the best choices from those manufacturers.
- Software: Your hardware will only take you so far, your next step is to make sure that you always update your software with the latest patches. Many of these patches are made specifically for security reasons, and if you do not install them you are vulnerable to hackers. Many hackers go out of their way to look for devices which haven’t been updated.
- Passcode: Even something as basic as a 4-digit passcode can help protect your phone against someone who simply picks it up and turns it on. Not only will it prevent people from simply turning your phone on and checking out all your stuff, but it encrypts your phone. All smartphones available for the past 6 years have default device encryption as soon as a passcode is set up. Be careful with basic passcodes and pattern locks such as those shown below.
Stopping attackers from going after you is simply a matter of making it difficult for them to get to your data. They would rather pursue an easy target than a difficult target. The three steps above will not make it impossible for a hacker to attack you, but they make other people easier targets than you.
How SKY ECC handles the basics
Let’s do this simply by breaking it down using the three bullet points from above:
- Hardware: SKY ECC is only installed on the most secure devices available. They all featured tamper-resistant chips, high build standards, and high quality overall security practices.
- Software: The SKY ECC app is installed within an encrypted container on the operating system. This means that no matter how insecure the software is there is no way for it to impact the SKY ECC app. Rollback protection on all SKY ECC devices prevents attackers from “rolling” your operating system back to an insecure version as well.
- Passcode: A six-digit passcode is mandatory on all ECC phones. Even if someone manages to crack your phone passcode the brute-force protections in ECC itself will stop them in their tracks.
We have gone far beyond handling the most basic aspects of phone security in these three areas. See what hardware we have available right now using the button below.
Phone security tactics step two
With the easy stuff out of the way, it’s time to look at things which surround the security of your device. These are related to connections, and how your communications can be intercepted via these connections:
- App permissions: Many of the apps which you use every day on your phone, especially “free” apps, collect and store a tremendous amount of data about you. Analyse the permissions that you give apps to make sure they have only the basic information they need. If these apps do not allow you to minimize your data sharing, you need to look at alternative options. Many apps ask for access to the camera, contacts, your microphone, and GPS—even when they don’t need it. This extra data is often left exposed within the app or servers and readily available to hackers to exploit. Sometimes it’s hard to tell what permissions are needed and we often just tap OK without thinking about it.
- Wi-Fi: We take our mobile phones everywhere, but unfortunately we do not control networks everywhere, making us vulnerable to various types of man in the middle attacks. The way to control this is, first, by not sharing any important information over a network which you do not control. This is 100% the case with any banking information, including login details and credit card numbers. The other tactic you can take is by using a VPN over any Wi-Fi network which you do not control.
Connections are a huge point of vulnerability, especially when you are using public Wi-Fi. Hackers know to go to the locations and exploit weak Wi-Fi, or even set up their own. It comes down to you and how you protect yourself if you want true phone security.
How SKY ECC handles connections
Every SKY ECC device connects to our private and secure server network. This is just our first way we secure connections, other ways include:
- Connection checks: SKY ECC is designed to check a connection to see if it is secure before transmitting any data over it.
- Encryption: You don’t need a VPN when you have SKY ECC as it is actually better encrypted than any VPN available. Even if you were to connect to an insecure network, which is highly unlikely given that the app checks it, a hacker would still be unable to decipher anything which they steal from that connection as it will be encrypted.
- Tokens: These are used to help increase your anonymity and privacy by masking your identity when your messages go over the push notification servers. They are generated and stored on individual devices, as well as on the server, with no identifying information given to the server.
Visual learners may find this image helpful as it visually explains our network connections.
If you need more help, here is how our tokens work on push notification servers, and a link to our network security article to learn more.
Phone security tactics step three
The apps you do, or do not, install on your phone have a huge impact on the security of it. There are apps which can both help or harm your phone’s security. Here are five tactics to look at:
- Old apps: Simply going through your phone periodically and deleting apps which you no longer use can be an effective phone security tactic as apps which are not on your phone cannot be compromised. This can be really bad with old apps which are no longer updated. You have to get rid of them in order to protect yourself.
- Malware and antivirus protection: Every time you connect to the internet there is a possibility that you can download some sort of malware. There are many types of malware specific to mobile applications out there. Even the most basic free antivirus or malware can protect you against them. Yes, even if you have the most secure hardware you should still use one.
- Password manager: Download a password manager which will effectively manage your passwords, and disable Smart Lock for Passwords as there’s no further authentication needed once you turn it on. This is ineffective management as if your phone is stolen you’re much more vulnerable than if you had no management at all! A real password manager like LastPass is much better.
- Find My Device/iPhone: Installing either Find My Device or Find My iPhone will help you find a lost phone. You can even remotely wipe it if you determine that it was stolen.
- Manage corporate devices: Having control over corporate devices will allow those who own the device, but don’t physically control it, to have the ability to wipe it or locate it when they need to. This is similar to a Find my Device app, but with more granular control. A tool like SKY WORK is perfect for a task like this.
Managing apps is an ongoing issue which must be analyzed consistently. If you’re not sitting down and looking at your apps once a month, be sure to do it at least every six months. Set a reminder for yourself and take care of your phone by caring for its apps.
How SKY ECC handles apps
The most important aspect here is how SKY ECC devices are all managed devices. We have created device profiles that prevent unauthorized apps, unauthorized connections, and disable features like Bluetooth that can be used to compromise the device. Managing devices gives us much more granular control over security settings than what are available in the settings you see on your phone.
We also further secure apps by having a passcode for the SKY ECC app itself after you’ve signed into your device, and a different password for your Vault. Layers of passwords make it difficult for an attacker to fully compromise your device. They could crack one passcode, some impossible way considering our incorrect passcode limit, but all three passwords? That’s a tall order for even the most elite hackers.
Phone security tactics step four
This last section looks at ongoing tactics which you have to be aware of at all times. What we looked at above was more set-it-and-forget-it while these are things you need to consider for as long as you have your phone:
- No jailbreaking: Everyone seems to want to jailbreak or root their device lately so that they can customize their phone and download forbidden apps, but doing so opens new vulnerabilities in your device. Unless you’re an elite-level programmer you will have little hope of being able to secure your jailbroken phone.
- App stores: Only download apps from official app stores as they have been vetted better than apps from anywhere on the internet. Google’s Play Protect is a perfect example of this as it adds a layer of security through screening of apps whereas a random website doesn’t have this.
- Ransomware: There’s been a spate of ransomware lately, but it is an ongoing concern and always has been. Be wary of opening messages from those you don’t know, and especially don’t open attachments from sources you don’t know. It’s so easy for an attacker to hide code in something which looks innocent.
- Biometrics: There is a serious issue with biometrics which most people don’t consider, and that is that if your biometrics are compromised you can’t replace them. Stealing a fingerprint is easy; replacing your fingerprint is impossible. White hat hackers recently showed how they could fool biometrics with a single HD photograph of a target’s fingers (a peace sign is all they need), and criminals have been creating fake fingerprints for scanners for decades…remember that scene in Ant-Man with the tape and superglue? That could actually work. Even iris scanners can be foiled with information stolen from HD photos.
- Public chargers: Bring your own charger which plugs into an outlet and don’t use public ports. I know they’re convenient at the mall or airport, but “juice jacking” is a real threat and hackers always go to where there is convenience and exploit that weakness. In this case you give hackers pretty much complete access to your phone once you connect to a juice jacking port which has the right software to exploit your phone. They can pretty much steal anything they want at that point.
Real phone security never stops as you have to always be vigilant. Keep these five points in mind as you use your phone from day to day because a big part of phone security is in your head, not in your phone.
How SKY ECC handles ongoing security issues
Let’s look at each of the five points above one by one in turn:
- Jailbroken or rooted devices can’t install SKY ECC. They’re locked down.
- We restrict the apps available on SKY ECC devices and if new apps can be installed at all.
- SKY ECC wasn’t designed specifically to stop ransomware, as it is usually sent over email and email is disabled on SKY ECC devices, but it does stop ransomware by allowing you to have a secure way of verifying that messages sent to you were actually sent by the right person. Email spoofing is a major issue as it exploits trust, usually through phishing and social engineering, and it’s tough to know who to trust when it looks like a message comes from a contact but is actually spoofed. That will never be an issue on SKY ECC.
- Biometrics have been disabled on all SKY ECC devices as we believe that it’s not a secure tool at this point, especially with our more popular clients who are photographed regularly.
- While there’s nothing we can do to stop you from plugging into a juice jacking charger, we can keep your protected by how SKY ECC devices have the actual SKY ECC app in a separate container from the rest of the OS. Even if a hacker got into your device they would not get into SKY ECC.
We know that your phone security largely comes down to you and the choices you make, but where possible SKY ECC devices protect you from making mistakes.
Make the right phone security choices
This Cyber Security Awareness month, be sure to learn how to protect yourself online in all settings, not just on your phone. Many of the tactics discussed here can apply directly to other mobile devices, and even your desktop computer.
For the absolute best in phone security options, contact a SKY ECC representative using the button below right now to see how we will keep your phone–and its important data–secure.