Let’s talk about your mobile phone…
First of all, I’d like to welcome you to the SecurStar Security Blog. Here we will discuss a lot of subjects related to information security. Hope you enjoy it, comment and subscribe.
The mobile phones’ features grow light speed. We can’t even call some of them just “Phones” anymore – now they’re being called “Mobiles”-. You use them for everything. A mobile tells you what you have to do today, how is the weather, take pictures and make movies of your birthday party (and publish it on the Internet), play high quality games, tells you how to get somewhere. You can even play the guitar on some of them!
What I’m trying to say is that your mobile knows where you are, because it’s with you all the time, who you are, cause it has a lot of information about you, and knows what you’re doing right now (oh, twitter!), as you are using it for everything, all the time.
There are lots of security issues that can be related to mobile phones, with different levels of danger, and different types of people. Ordinary people are unaware that when they lose their devices, they can get bigger problems than just losing some bucks. Even cheaper devices can store personal information like home address, email addresses, social network addresses. Using this information, a malicious person could gather even more personal data, and use this information to prejudice the owner of the device in many ways.
Moving into a business scenario, we can enumerate a lot of possibilities – we can start with wiretapping -. A lot of classified business information travels through GSM communication, and it’s well known that GSM has eavesdropping vulnerabilities. There are a lot of devices that can capture and record a conversation, and they are being sold on the internet for anyone who wants it. I think maybe you will check your office’s light switches and sockets today…
With GPRS and 3G technologies, things could get worse. You can do a lot of things connected to the Internet more than just talk to people. You can send and receive documents, check your bank account, etc. For this you use a lot of different protocols, and these protocols might be vulnerable to certain attacks. With the right tools and knowledge, a person can perform a MITM (man in the middle) attack and intercept your information – and that includes VoIP -.
Do you think you need to be talking at the cell phone for someone to hear your conversation? Think twice. With the right software installed on your device, a person could activate your phone’s microphone remotely and hear all sounds nearby.
Another widely discussed issue is about geographic positioning. You probably have seen some kind of spy movie where someone is being tracked through his mobile phone, and thought “Yeah right! They can’t do that!”. Well, I assure you: They can. And not only the CIA or FBI, anyone can do it using the Internet.
Well, hope I didn’t scare you (much). So, what can you do to protect yourself? Let’s see some solutions:
- Keep your device off and remove the battery (easy, isn’t it?)
- Use a voice and SMS encryption tool (Did I say PhoneCrypt? Yes!)
- Keep your Bluetooth off, or at least configure an authentication for someone to connect.
- Before installing apps and games, search the net for security issues with them.
- Do not open or reply SMS of a unknown source.
- Keep an ear for breathing or click sounds at the background of your call.
- Don’t leave your mobile alone for a long period; people can get it and install malware.
- Beware other people’s phones left alone near you, they can use it as a eavesdropping device.
That’s it for the first post.
Hope you enjoyed it and found it useful.
A lot more will come soon.
Be safe! Bye!
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
