You do not need to be Paris Hilton or Scarlett Johansson to have your intimate photos exposed to public by a malicious hacker. But you need to know “what Paris did wrong” if you do not wish to fall victim to a hack attack.
Housewives, tech nerds, accountants, shop keepers and pizza delivery guys, anyone can become a target of a malicious attack aimed at stealing your identity, exposing your nude pictures online, or selling your credit card information on the black market. The number of scenarios culprits can use information stolen from your mobile devices is virtually endless, and posting your private photo sessions on your Facebook account on your behalf is just a tiny innocent joke, when compared to far more sinister cases.
So, what can you do to protect your online identity and most importantly, your smartphone from being hacked? In the first place, re-consider your approach to passwords.
Passwords
According to a recent security research, “123456” has replaced the infamous “password” in the chart of most frequently used passwords. Not only it is dumb, pardon my bad French, but it is utterly dangerous to use something like that as a password to your accounts.
Did you know hackers can obtain access to your smartphone by simply hacking your email? In fact, email and cloud storage are some of the easiest ways to get full access to your device. When you neglect password strength and use information that can be easily obtained in your online accounts as security questions, you give yourself no chance to stand against a possible attack.
Case study. Mat Honan is a Gizmodo reporter whose iCloud had been hacked by someone who simply contacted Apple Support and initiated a password reset procedure. The perpetrator figured out the security questions by studying Honan’s public profiles and social media accounts. Voila! The hacker then vandalized all of Honan’s devices by wiping all contained data remotely, and hijacked his Twitter account.
Android devices get synchronized with your Google accounts; iPhones get synchronized with iCloud. Your personal details, address book, pictures and other stuff get automatically synchronized to the cloud storage. For some reason, we are used to thinking the cloud is safe, but it’s not.
What you can do is change your passwords and security questions. First of all, use a secure password generators to create unique, un-crackable and most importantly long passwords. You will not memorize them, but will have to keep them in a safe vault or a good old paper notebook, but it is worth the effort.
Second, change security questions and this time try to come up with answers that make absolutely no sense. If your security question is “What city was your father born in?” and many people know that it is Dallas, or your Dad is one of your Facebook friends, a hacker does not need a high IQ to figure out the answer. However, if the answer is just a set of digits and characters generated by a random password software, the possibility of guessing is virtually zero because such a city does not exist.
Protected Storage
Stop synchronizing those explicit photos to your iCloud already. Install Vaulty, NQ Mobile Vault or any other secure folder app on your smartphone and keep the sensitive images and files there. Don’t forget to turn the synchronization off, too.
Wireless Carriers
Sadly, a wireless carrier is one of the weakest links in your smartphone’s security. Verizon and AT&T use their customers’ IDs as their wireless number, so anyone knowing your phone number can call and request a password reset or a temporary password. If a hacker knows your PIN, he can even change your password altogether; and a 4 digit PIN is crackable by sheer brute force.
Again, security studies show that the majority of people are terrible at choosing PIN codes. In case, your PIN code is 0000, or 1111, or 1234, or 6789, change that pattern if you want to treat your security seriously.
If a hacker gets access to your wireless carrier on your behalf, he then can obtain the numbers you have contacted and implement what hackers call spoofing. There are plenty of Caller ID spoofing apps that mask a hacker’s phone number and make it appear is if it is someone on your contact list. The hacker then can contact you and request an image, or send you a file containing malicious software. You won’t even know you installed a spy app by opening a file you received from someone in your trust circle.
Tools to Protect Your Smartphone and Online Identity
Abine’s MaskMe privacy suite
Secure Password Generator
KeePass’s Password Generator
Use Bitcoin for online purchases
PtotectMyID Mobile App
Do not ignore antivirus checks and make sure your smartphone has the latest versions of browser installed. Monitor your device’s behavior and check out this article for a list of suspicious symptoms. In addition, you can use Mint or Credit Karma app to monitor your financial accounts.
Important note: we already reported that the majority of financial apps for Android are not secure while most paid financial apps for iOS have been hacked, too.
MaskMe can give you a disposable temporary MasterCard number you can use for online purchase, and they charge only $5 a month for it. In this case, the merchant won’t even know your ID when you do the purchase, except for the case when there is a delivery address. You can use this tweak to avoid having your actual credit card information stored on your smartphone and your online accounts. That way, even if your device gets hacked, the hackers won’t know your financial credentials.
We will be reviewing security apps and anti keyloggers for smartphones, so keep an eye on PocketMeta updates.
