Share This

Sunday, 14 July 2013

Play safe on the mobile, secure your devices!

All a sinister person needs to do to spy on you is to simply penetrate your smartphone or tablet.

OF late, spying has been a household word after revelations of Prism, a clandestine mass electronic surveillance programme operated by the United States National Security Agency (NSA), by former NSA contractor Edward Snowden. 

But one does not need an entire state programme to spy on someone.

All that a sinister person needs to do is to penetrate their intended victim’s smartphone or tablet. Which is quite an easy thing to do, actually. One of the common methods used is spyware.

Such spyware can easily be found by searching on Google although they are usually not free.

There is a possibility that consumers might download spyware from an identified party or an unknown source accidentally. - Goh Chee Hoh

This is what happened when a husband in Singapore suspected his wife of having an affair. On the pretence that his phone was not working, he borrowed his wife’s phone to make a call but instead installed a spyware app.

The husband was then able to see the calls made (but not hear the actual conversation), messages sent and her location at that point, from a computer using a Web-based application that communicated with the app.

When the information confirmed that she was having an affair, he continued to monitor her phone for some time before posting the information online, including the messages she sent to her “lover”. He did not reveal any personal details about themselves but this is how the news became public.

However, many have questioned the authenticity of the story, with some brushing it off as a publicity stunt to sell the spyware app.

Nevertheless, it pays to be safe, as there are apps that can do such things and they are easily obtainable from the Web.

“Mobile phones are an integral part of consumers’ lives, with two thirds of adults worldwide reporting that they use a mobile device to access the Internet,” says David Hall, senior manager of regional product marketing for Norton at Symantec Corporation.

“As we use our mobile phones in new and innovative ways, we’re also putting sensitive information at risk.”

“Spyware is a type of malware (malicious software) that logs information and then forwards that information from your device,” explains Rob Forsyth, director for Asia Pacific at Sophos Ltd.

Usually, such spyware is capable of operating quietly in the background so it can easily go unnoticed by an unsuspecting device owner.

“For a regular user, it is very difficult to figure out that they’ve been infected,” says Goh Su Gim, security advisor for Asia Pacific at F-Secure (M) Sdn Bhd. “There’s no obvious signs.”

In fact, it may surprise you to know that such threats could actually come from a source that’s known to you.

“There is a possibility that consumers might download spyware from an identified party such as their spouse, friends, colleagues, business associates or from an unknown source accidentally,” says Goh Chee Hoh, managing director for South-East Asia at Trend Micro Inc.

As an example, he describes a mobile phone monitoring service which uses Nickispy, a family of viruses that attacks Android devi­ces). It is said to be capable of monitoring a mobile user’s activities and whereabouts. The Chinese website which offers this service charges subscribers fees costing US$300 to US$540 (RM900 to RM1,620).

“This spyware sends MMS to the victim’s mobile device. Once the MMS is downloaded, the cybercriminal is granted access to your line of communications,” Chee Hoh says.

This security issue is further compounded in cases where a consumer uses the same device for both work and personal purposes.

“From a personal user’s standpoint, one can experience loss of privacy whereas from a business perspective, an organisation may lose sensitive data which can lead to loss of revenue,” he explains.

Had such an act been committed in Malaysia, it would go against Section 231 of the Communications and Multimedia Act 1998. Using an app to obtain information from another person’s phone can land the offender a RM50,000 fine or a prison term not exceeding two years if convicted.

The Malaysian Communications and Multimedia commission (MCMC), our multimedia industry nurturer and regulator, also said that it does not act alone when pursuing offenders.

“We look at each case individually and help other agencies like the police, for example, when upholding the law,” said Sheikh Raffie Abd Rahman, MCMC head of strategic communications.

Simple safeguards to keep your devices secure

While the mobile security and privacy threats remain very real and imminent, the steps to prevent such problems are really quite straightforward and easy to do.

Following are some practical tips, courtesy of security specialists Symantec Corporation, Sophos Ltd, Trend Micro Inc and F-Secure (M) Sdn Bhd, that you should take note of:

1. Use your device’s built-in security features 

Configure your security settings so that functions such as location sharing are disabled and passwords are not saved but need to be manually keyed in each time.

You can also make your device more secure by activating its lock function and requiring an identification action such as a fingerprint scan, keystroke pattern, numeric PIN or alphanumeric password in order to access the device.

2. Use strong passwords and secure Internet connections

Unique and strong passwords will help prevent valuable information from being stolen from your device. Using a different password for each and every app would be best but you would need to ensure that you have a good way of remembering those passwords if you choose to go this route.

Avoiding open and unsecured Internet connections such as free public WiFi will also reduce risk of online threats on your mobile device.

3. Never jailbreak or root your device 

Use your device as recommended by the manufacturer instead of modifying the version of the iOS or Android operating system that has been installed. This is usually done to install pirated games and apps for free but this makes it easier for spyware to operate on your device.

4. Be cautious when choosing and installing apps

It’s a vast universe out there in the World Wide Web and, at times, it’s hard to tell the good guys from the bad ones. It therefore pays to be extra careful when downloading apps from the Internet. If something is too good to be true, it probably is. Do background checks on developers if you need to be sure, and scrutinise an app’s ratings and reviews as well.

It’s also a better idea to download apps directly from the Google Play Store for Android devices rather than from third party websites since downloads from some of these sources may contain malware.

Do have a close look at the Terms and Conditions as well as permissions requested by an app prior to installing it, as you don’t want to unknowingly allow developers to track and collect personal data which is unnecessary for running the app.

5. Scrutinise notifications and services running on your device 

Stay alert whenever you receive any notification on your device. Some may contain malicious links or cleverly trick you into submitting personal information to cybercriminals.

Also, pay special attention to services running in the background on your device that seem unfamiliar or strange. You will have to refer to online guides on how to check, as it differs among devices.

The principle of “when in doubt, throw it out” could help save you a great deal of trouble later on.

6. Log out immediately

This is especially crucial for social media apps where the chances of your data being misused are higher. Make it a habit to log out of such apps and re-enter login information each time you use them.

7. Stay up-to-date

Take time to pick out a preferred mobile security software and install it on your device. Make sure to constantly update it, and don’t forget to check for updates for all your apps and to install any available patches for your device’s operating system as well. Set up routine scans for your device, and review the logs each time a scan is concluded.

No comments:

Post a Comment