How to Protect your Smartphone from State Surveillance

We still call the mobile devices in our pockets “phones,” but let’s be honest, they’re much more than that.


Today’s mobile “phone” is a networked computer, a data storage device, a navigational device, and a sound and video recorder. It’s a mobile bank and social network hub, a photo gallery, and so on.


That’s great, right!?

Sure, however, all of these functions make our mobile devices extremely attractive targets for malicious actors.


Since most of us don’t want to give up the ease of having all of our needs on one device, what can we do to stay safe?


Two Words: Phone Security.

Phone security is the countermeasure to the States malicious attacks. It’s about defending against the wide range of mobile security threats confronting our mobile devices.


Phone protection steps, regardless of your operating system:

Set up fingerprint or face recognition

Losing your phone is probably not uncommon, and having a secure passcode (especially something like fingerprint/facial recognition) will keep your phone safe from anyone who might happen to find it.


Use a VPN

VPNs essentially provide you with a secure phone connection to a private server, instead of you having to share it with everyone else on the public network. This means that your data is safer because it is encrypted as it travels from server to server.


Enable data encryption

Many devices already have encryption enabled, if your device doesn’t, you’ll need to set that up. Data encryption can protect your information from hackers by scrambling it in a code they don’t recognize as it travels from server to server (when it’s most vulnerable).


Set up remote wipe capabilities

This ability enables you to remove any data from your phone, even if you no longer have the physical phone itself. It’s a great safety feature in case your phone is lost and you can’t find it. The process to set up remote wipe differs by device. This guide from the IT department at Northern Michigan University will outline how to enable remote wipe, whatever device you have.


If you have a device management product like Prey, remote wipe is likely part of the service they offer, along with other capabilities like tracking.

Using Prey, you can remotely execute a full format of your mobile device to make sure none of your personal information is accessed, on-demand, and at any moment.


Because it will delete everything inside the device including the Prey agent (that’s how efficient it is), Wipe should only be used when recovering the device is not as important as securing your data.

Mobile Protection for Android Users

  • Only buy smartphones from vendors who issue patches for Android

  • Do not save all passwords

  • Use two-factor authentication

  • Take advantage of built-in Android security features

  • Make sure your WiFi network is secure (and be careful with public WiFi)

  • Use the Android security app

  • Back up your Android phone’s data

  • Buy apps only from Google Play

  • Encrypt your device

  • Use a VPN


Mobile Protection for iPhone Users

  • Keep your iPhone operating system (iOS) up to date

  • Activate the “find my iPhone” feature

  • Set up a passcode longer than the 4-number preset

  • Enable two-factor authentication

  • Set the phone to “self-destruct” i.e. wipe itself after 10 failed password attempts

  • Regularly change your iCloud and iTunes passwords

  • Avoid public Wi-Fi and only use secure Wi-Fi

  • Use only trusted iPhone charging stations

  • Disable Siri on the iPhone lock screen

  • Revoke app permissions to use the camera, microphone, etc.


10 Ways to Protect Your iPhone


Locking your device


1. Touch ID

While just a few years a go it would have seemed like fingerprint access to your phone was something from a sci-fi film, it is very much a reality now. And what is more, it is super easy to set up.

Instead of typing out a password each time, a simple touch of your finger on the home button allows you to gain access. This protects you from anyone looking over your shoulder, no one can recreate your fingerprint but you.

To set this up: Settings> Touch Id & Passcodes> Add a Fingerprint…

TIP: When setting up your touch ID, it will ask you to move your finger, make sure you get as many different angles as possible to make it easier to recognise you.


Apple’s fingerprint sensor has been marketed as a security breakthrough for iPhone owners. But in reality, Touch ID is more about convenience than security. Once you've enabled Touch ID, your device still gives you the option to enter your passcode, so if it's easy to crack, you're not any better off for having Touch ID.

Setting a strong passcode is still the best way to stop others from accessing your iPhone.

But Touch ID can give you a big security boost: if you set a custom alphanumeric passcode on your phone (which is the toughest to hack), you don’t have to worry—since you use Touch ID, you’ll rarely have to enter it



2. Simple Passcodes

While Touch ID is great, it is always a good idea to have your passcode set up as a back-up. If you have had your iPhone for a while you are likely to still be using the original 4-digit pin option. Did you know though iOS now offers several different options?

As well as the 4-digit numerical code, you can choose a custom numerical code using as many numbers as you wish. Alternatively, make it even more secure with a custom Alphanumeric code – because what is more secure than a mixture of letters and numbers.

To set this up/change this: Settings> Touch ID & Passcodes> Turn Passcode on/Change Passcode> Select from the passcode options

3. Erase Data

For added protection, the “Erase Data” option can keep your phone extra secure. After 10 failed login attempts your phone will wipe all the data on the device (don’t worry it warns you if you are close to it being erased).

Your iCloud backup will save all your data so you can easily get set back up when you need to get back on your device after a passcode breach.

To set up: Settings> Touch ID & Passcode> Erase Data

Block Access to Your Data


4: Do Not Track + Website Warnings

Viewing websites on your iPhone can be just as dangerous on your mobile device. Your device stores data just like your laptop or desktop, it can also track your information. Apple allows you to ask websites not to track you. Not only this but it can warn you about fraudulent websites as well.

To set this up: Settings> Safari> Privacy and Security

Auto Logins

While you may be using password and authorisation tools like 1password and Dashlane on your desktop and laptops – did you also know you can use it on your iPhone?

Most of these services have apps you can download to store and encrypt your passwords.

You can download the apps from the App Store.

5. Strong Apple ID + iCloud Passwords

As previously mentioned, your iCloud will store your backed up data should your passcode be compromised and your data is erased. So it makes sense to ensure that your iCloud and Apple id passwords are secure.

Whichever password client you chose to use, make sure your Apple ID and iCloud passwords are encrypted as well to ensure maximum security.


6. Find my iPhone

Enabling the Find my iPhone tool is a godsend when you have misplaced your phone, whether you left it somewhere or you think the sofa ate it, there are several tricks to this feature that can help you locate your device. You can track your phone, lock it, and display a message for anyone that finds it. You also have the option to erase all data from the phone.

You also have the option to play a sound if you feel you have lost it somewhere near you.

To set this up: Settings> iCloud> Find my iPhone

If you need to use the features: You will need to find someone with an iPhone or log on to icloud.com/find and sign into your iCloud account.

7. Send Last Location

This feature will be handy when you have lost your iPhone and you are worried about it running out of battery. By enabling this feature, your iPhone will record the last known location before the battery dies.

To set this up: Settings> iCloud> Find my iPhone> Send Last Location

8. Lock Screen Abilities

Find my iPhone can only work when your phone has an internet signal, so don’t give thieves the ability to turn off your connection. If you have Siri or your Control Centre available to use while your phone is locked, anyone can put your phone into airplane mode. You can personalise these options to ensure no one has access to this.

To set this up: Settings> Touch ID & Passcode> Allow Access When Locked


Siri can help you in so many ways, yet if you're not careful, your digital assistant can help others to snoop on you. It can be pretty alarming to learn the variety of personal information anyone can access from your lock screen via Siri, including your home address and calendar appointments. If you’d rather not allow strangers to ask Siri for directions to your house among other things, just go to Settings, Touch ID & Passcode, and after entering your passcode, scroll down to Allow Access When Locked, and toggle off Siri.

9. New iPhone?

When you are upgrading to a newer iPhone, while your preferences for security will be switched over to your new phone through your iCloud, make sure you also erase the data on your old phone. You wouldn’t want information getting into the wrong hands.

Make sure you have synced your old iPhone to iTunes prior to erasing the information, then go to: Settings> Reset> Erase All Content and Settings


10. Use a Password Vault


It’s common for one person to manage dozens of online accounts for everything from banking to social media to online shopping, and it’s tempting to reuse passwords to make life easier. However, if one of your accounts is hacked, then all of your accounts will be compromised. Thanks to password managers like 1Password and iCloud Keychain, you can be both lazy AND secure. Just remember your one master password and let the password manager do the work of generating complex passwords and storing them for you in one secure vault.



11. Protect your Photos in iCloud


Remember a couple of years ago when hackers posted nude photos of celebrities stored in iCloud? While it's unlikely anyone's after your private photos, it can’t hurt to tighten up your iCloud security by enabling two-factor authentication.


Two-factor authentication is Apple’s latest security feature that’s built into devices running iOS 9 or later. It limits access to your Apple ID to just devices you trust.


Whenever you try to sign in on a new device, a six-digit code will be sent to a device you set up to be trusted.

To set up two-factor authentication on your iPhone, go to Settings > iCloud > and tap on your account at the top. Scroll down to Passwords & Security and tap Set Up Two-Factor Authentication.




Takeaways

As hackers continue to target mobile devices, it’s time to take phone security and mobile security threats more seriously. Mobile devices are just as vulnerable, if not more vulnerable, than PCs and other types of computer hardware. They are exposed to threats in the form of malware, social engineering, web attacks, network attacks, and physical theft.


Whether you are in charge of an organization’s security, or you are looking to protect your own gadgets, be someone with a plan. Start with awareness training and robust security policies, and then move towards taking more technical countermeasures to mitigate the risk.






29 views0 comments

Recent Posts

See All