Is Your Smartphone Snitching on You?
Our lives are intimately connected to our smartphones. They are as precious as our government-issued IDs. Smartphones aren’t just phones; they are tiny computers that can also make phone calls. We use our smartphones as web browsers, payment methods, banking tools, and GPS devices. That makes it all the more frightening when they are stolen, lost, or compromised.
When you connect to that free Wi-Fi or your cellular network, can someone see the activity coming from your phone? Does the GPS on your phone serve as a tracking device to someone else?
How secure is your smartphone? How many ways can your phone be compromised?
Your Phone Number
Your cell phone number itself is an important identifier. According to a study conducted by the National Center for Health Statistics, nearly half of all American households use a cell phone in place of a landline.
There may be a time when you don’t want to give out your real cell number. If you must give a number, there are two services that can help.
Sideline – Sideline is a service that will add a business line to your phone. This service uses your carrier’s minutes to make phone calls. You will get a separate voicemail box and unlimited free texting. For additional fees, you will also get international calling and voicemail-to-text.
Google Voice – Google Voice only requires a Google Account and a computer with Internet access. Not only will it work with your smartphone, it will work with old-fashioned cellphones and landlines. You will get transcripts of voicemails, the ability to text from your computer, and free calls to the U.S. and Canada. International calling is available for an additional fee. Sadly, Google Voice is only available to Google account holders in the U.S.
The Safety of Public Wi-Fi
Many businesses provide their customers with free Wi-Fi access; this is something we have come to depend on. But the downside is that they’re not very secure. Consider also the possibility that the “network” that you’ve just detected may not be a real network at all. Criminals have been known to run fake Wi-Fi access points in order to steal people’s data. These fake Wi-Fi access points are actually packet sniffers.
When you you use the Internet, everything you see is transmitted to you in pieces known as packets. A packet sniffer is a type of software that observes and records packets that are being transmitted across a network, much like a wiretap allows a third party to listen to a phone call. In other words, it’s something that copies all the data sent to and from your phone.
How can you protect your privacy on a public network? A virtual private network, or VPN, can keep whatever you send or receive from being watched by others. There are many VPN apps and browser extensions available; some of them are free, others charge a monthly or yearly fee.
In IT circles, there is a concept known as least privilege: give a user the least amount of privileges needed to do their job. Your phone can do many things, but it doesn’t need to do everything at once. Having too many services running at once not only drains your battery, but also opens you to a potential attack.
There are three types of attacks that use Bluetooth to access your phone.
Bluejacking is when someone sends unauthorized messages to your phone. This kind of attack only works if your phone is in Bluetooth discovery mode. To prevent this, only turn on discovery mode if you are actively trying to connect to another device.
Bluesnarfing is similar to bluejacking, but instead of sending messages, it is the theft of a victim’s data. An attacker using bluesnarfing will target a phone in discovery mode and copy its files – contacts, photos, and videos, among other things.
Bluebugging is the most dangerous (and fortunately, the rarest) type of attack; this is when an attacker takes complete control of the victim’s device. Unlike bluejacking and bluesnarfing, bluebugging only works when the victim’s phone is paired to the attacker’s phone. Bluebugging attacks aren’t very common today, due to manufacturers providing software updates to vulnerable phones.
In conjunction with Google location, this may be too invasive. It’s not just navigation apps that use GPS. Web browsers may need to use your current location, along with banking, retail, entertainment, and social media apps. Not to mention GPS tracking apps, which can find your friends and family; examples of this are Find My Friends and Glympse. They can be handy for keeping track of your kids, perhaps it’s not always a good idea to tell the world where you are every second…
Your Web Searches
As I mentioned before, sometimes web browsers need to use your current location. The information from your browsing sessions is valuable – the sites you visit, what you search for, what you watch on streaming video sites. Marketers use this information to build profiles in order to market to you more effectively. Who else is looking at your data?
Google and Bing
The two most popular search engines are Google and Bing. If you have accounts with their parent companies, there is a record of all your searches. But you can decide how much of your data you want to be used and seen by others.
The privacy section of your Google account settings will tell you how your data is used and gives you the choice to opt out of services such as Location History.
To see a history of all your Google activity, go to Google’s My Activity site. Here you will see such things as all the Google searches you’ve done, all the voice commands you’ve given, and all your activity on Google services such as YouTube.
In your Microsoft account, you can erase your Bing search history and web browsing history in the Privacy section.
Private Web Browsing
Most web browsers have a setting called “incognito” or “private.” It should be said that incognito browsing doesn’t mask the traffic coming from your computer. Your ISP (or your employer or school, if you’re on someone else’s Internet connection) can still see what you are doing. Incognito browsing only does one thing: it prevents data from that browsing session from being stored on that device. It doesn’t keep a history of the websites you’ve visited, it prevents websites from installing cookies on your device, and keeps your activity from being tracked by websites.
To sum up:
When possible, use a substitute cell phone number.
To protect yourself on public Wi-Fi, use a VPN.
Turn off Bluetooth and GPS when you’re not actively using them.
Always accept updates to your phone and apps; these updates may include repairs to serious problems.
Know how to manage your personal information on your Google and Microsoft Bing accounts.