Personal Insecurity; the problem with smartphones

We spend a lot of time talking about avoiding viruses, phishing scams, and laptop security.  These things are all very important.   But, if you own a smartphone, chances are, you’ve got a much bigger security risk in your hands.  Consider how easy it is to lose your phone or have it stolen.  It’s compact and fits neatly into the palm of your hand, or a bad guy’s hand.  It’s easily set down and easily walked away from.  It’s easy to pull from a pocket or purse.  It’s easy to have knocked off of your belt in a crowded area.  In short, it’s easy to be separated from your mobile phone.

So, what’s so bad?  I call my carrier and they lock the phone right?  Well, kind of.  Part of that depends on how quickly you can get to your carrier and just because they can clamp down on somebody sending calls out, can they stop them from using WiFi?   Let’s say you give a thief just one hour.  What can they do?  Well, if you store your username and password in your web browser or apps and you haven’t locked your phone, they can do plenty.   People are doing real work on their mobile devices these days.   As an example, let’s suppose that I stored my credentials in all of my apps, then left my phone on the table at a restaurant.  I know, shame on me for even having it out at a place of dining!  What could you do with my phone?  Well, depending on the apps I have installed, you could take all of your friends to the movies on me, drop in on my brokerage account, drain my checking account and saving account, wreak havoc on all of my social networks, take over my satellite receiver, make changes to my mobile phone account, and worst of all you could run amok on this blog!  That’s some serious damage pretty fast!  All of those are just examples.  Depending on what apps you are running, the damage to you could be much worse.  We haven’t even talked about storing your username and password to your most frequented websites or that all of your contact’s information such as work and mobile numbers has just been given up!

So, what to do?  Well, first, take an inventory.  What apps have you installed?  What websites are in your history and your list of favorites?  What is your risk if your phone is lost or stolen?  If you are uncomfortable in the least at that thought, you have a couple of options.  First option is just to not save credentials.  Don’t allow any of your apps or the websites you visit to remember your login information.  That won’t make your friends any happier when some creep is calling them on their mobile phone because they got it from your phone, but that’s your call.  If you absolutely must store information, you’ll need to set a password for unlocking your phone.  This is going to be less convenient than not storing your credentials because you will have to enter that code to use your phone for anything, including simply making a phone call (who does that?).  There are multiple levels here.  Some phones will only let you enter a four digit numeric pin.  Better than nothing, but for the more paranoid (used in a good way here) some phones allow you to use numbers and letters.  Using a combination of numbers, uppercase letters, and lowercase letters makes the password harder to crack.  In addition, some phones allow you to hard lock the phone after a certain number of failed login attempts, which means the phone will no longer accept a password attempt and is therefore useless.  The iPhone has a setting that will erase the phone after 10 failed password attempts.  Both of these options mean you will want to backup your phone to your computer very regularly.  If your phone is locked or erased, chances are it’s going to end up in a dumpster somewhere and not back in your hands.  If you want full on paranoia, opt for a solid password using a combination of numbers and letters, lock down or erase after a number of failed attempts, and don’t store your credentials in apps or the web browser.  That is certainly not going to be the most convenient phone to use, but if you do lose it, you’ll be able to breath a little easier.   You will have to find the level of balance that is most comfortable for you.  Just don’t make it easy for the bad people.   You could just drop the data plan altogether and not worry about it, but that would be just icky!  And of course getting a smartphone without a data plan is becoming increasingly difficult.

Advertisements

2 responses to “Personal Insecurity; the problem with smartphones

  1. I have a passcode on my iPhone, and it’s set to wipe after 10 failed attempts. I’m more mindful of the cost of replacing the phone than any data that could be extracted from it.

    I regularly keep all of the information synced to my computer, and getting up and running with a new phone would take minutes, provided I could actually get one.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s