Hi Steemians! The mobile phone in your hand is more powerful than the computers NASA used when they sent people to the moon in 1969. Though we typically do not send people out of Earth with our mobile phones 😂, we are still performing rather sensitive activities on them. We perform bank transactions on our smartphones, we trade on our smartphones and we also communicate/store sensitive information with our smartphones. So it is easy to understand why keeping your mobile device safe is so important.
Mobile devices these days are very user-friendly. In fact, too user-friendly that many of us can just pick one up and start using within minutes. And when it is already usable, we tend to forget about security. To learn how to secure your mobile devices, you first need to know how can your phone be compromised. I think there are 3 main ways which your devices can be compromised:
- Physical break-in
- Remote compromise of device
- Compromising device's communication channels
Securing against physical break-in
Physical compromise of your devices comes in many forms. It can just be your friend trying to pull a prank on you or someone trying to access your lost phone. Securing against physical compromise is what most people are able to relate to. Here are a few tips to secure your mobile devices against physical break-ins:
- Setting a strong password
- Using additional authentication mechanisms (e.g. fingerprint, faceprint and eyeprint)
- Enable auto screen lock
- Setup features to locate your phones when lost (e.g. find my iPhone and Android Device Manager)
- Hide sensitive information from notifications screen
- Encrypt device if possible (Be careful when you encrypt though. If it fails, it might "brick" your phone. So always backup before encrypting)
- Enable SIM lock/password
These settings seem to be adding a lot of inconvenience, but trust me, you will get used to it very soon. The more you find it inconvenient, the more difficult it is for attackers to access your phone.
Securing against remote compromise
Remote compromise of phones is what many people are unaware of. And you are unable to defend against something you do not know. Similar to your PCs, there exist malwares that can infect your mobile devices as well. These malwares may potentially gain full or partial control of your phones. Think about how creepy it is if your phone's camera, mic and information can be remotely accessed. If you think it sounds absurd, watch this video demo of this "tool" which can be easily packaged as a malware:
Some tips to defend against such remote compromise:
- Patch/update your device operating system and apps as soon as possible
- Only install apps from trusted stores (e.g. Google Play Store and Apple Apps Store)
- Be mindful about what permissions are granted for each app (e.g. Does "Candy Crush" needs camera and mic access? Does "Clash Royale" need to know your location?)
- Be careful of what you share and store on your phone/apps
- Be watch which sites you visit and which links you click. Phishing attacks work much better on mobile devices than PCs
- Think twice before you "root" or "jailbreak" your phone. Understand the risk of doing that
Securing against attacks on device's communication channels
This risk is what most people (I will say >80%) do not know. When you are accessing the internet through your phone, such traffic might be captured. I am sure you do not want others to know your messages, the sites you visit and even your passwords. Many of these attacks can be guarded against by using encryption. Here are some tips:
- Avoid using public free WiFi if possible
- Use a VPN when really have to connect to a WiFi you are unsure of
- Ensure the sites you are visiting has "HTTPS" instead of just "HTTP" (i.e. The website is secured with SSL encryption)
- Enable end-to-end encryption if your app supports (e.g. WhatsApp and Telegram support end-to-end encryption)
Are you securing your mobile devices? I hope these tips help you. Let me know if I missed out any tips and thanks for reading!
Today I am adding a new image to my signature. Credits to @anthemius for designing and sharing this #TeamSingapore Discord banner. Do check out his post here.
I encourage everyone to check out our Discord server. All are welcome to join, but we will appreciate if you use the #TeamSingapore tag as much as possible. We are looking for cross-communities collaboration, so do contact me if you are interested.
