Mobile Security threats will continue to increase
Mobile Security threats will continue to increase now and in the immediate future. Our phones will continue to require more and more attention in the form of ensuring we apply the most recent updates or security patches, running AV and Anti-Malware, making use of VPNs, and more
It’s not a cellphone it’s a computer!
We all have one, some of us call is a cellphone, some of us call it a smart phone but neither of those descriptions accurately paint the picture. They cutely mask the real danger in everyone’s pocket. Today’s entry level «smartphones» that are being given away for free on contract are vastly more powerful than a $3000 powerhouse computer from 5-10 years ago. They have WiFi, Bluetooth, NFC and some form of LTE/GSM etc. There are $200 radio kits to create your own fake cell phone tower, WiFi MitM, new Bluetooth scanners, NFC is terribly insecure if left turned on full time. The amount of threats in our pockets is scary.
Wireless Networks, Public WIFi, VPNs and You
Free WiFi is becoming ubiquitous there is no doubt about it. Everywhere you go there is an open WiFi to connect to with possibly a splash screen to give you the illusion that you’re on a network that you can feel safe on. But the reality is that in most cases you’re not. The smaller the organisation offering you the free WiFi the more at risk you might be. Do you think the mom and pop coffee shop regularly maintain their WiFi network or even know that there is anything that should be ever done or looked at? They probably had the ISP technician setup the WiFi router or maybe they called Geek Squad but it was setup and left alone. The WEP/WPA2 change over was years ago and we’ve long lulled ourselves into a false sense of security which this week has been absolutely shattered. Outside of this there are countless other things that an attacker could do with a poorly configured WiFi network.
Inaudible Voice Commands
A new security threat for people automating homes has arisen recently. Our phones and computers all have speakers that are for the most part capable of producing sounds at frequencies that are essentially inaudible. Smart home automation devices have microphones that detect these same frequencies. Security researches have demonstrated that a device infected with software that played audio commands using these frequencies could in fact successfully issue commands to home assistants such as Google Home and Amazon Echo.
What can I do?
- Install updates as soon as they are available. This goes for applications as well as the operating system.
- run additional security software suites such as Sophos, McAfee or others
- Separate highly confidential data with virtualisation such as Knox
- Use a VPN service anytime you are not on a wholly trusted network this includes pretty much everywhere except home and the office.
- The use of VPNs should ideally include while on mobile data given recent advancements in the ease of access to create fake cell towers
- iOS devices and Modern Android phones have an always on VPN option
- disable radios you don’t use ie wifi bluetooth nfc.
- Android can do this with apps like tasker
- iOS has mad a change to Control Center that means using it to control your radios doesn’t actually turn them off