Mobile is the modern digital platform of choice in many parts around the world. Sure, there are folks that still have traditional desktops, or slim designed brand new laptops, but the-go-to device; is the smart phone. My preceding article on cyber security provided you with the first steps in getting a password manager. I would suggest that you also use the advanced features on your iOS device. Use a complex password that you generated from your off-phone Password Manager, and use that with the finger print authentication, for plausible deniability. By doing this step, it will make you think twice about what you’re installing and upgrading (I have no idea what my mobile password is and would have to go to another machine to retrieve it). It also makes it difficult in the event your phone is lost and nefarious individuals try to use the variety of activities to guess your mobile password. Oh yeah, don’t forget to set the phone to destruct after five-bad password attempts to really piss off those black-hearted actors and wipe your personal information from the phone.
There are so many mobile platforms out there so, I will be addressing to two most popular in separate articles; iPhone (iOS) and Android. As part of my occupation, I was provided the opportunity to perform security testing and business functionality on the initial batch of iPhones in 2007. The preliminary thing I noticed even back then was that the platform was designed with security concepts in mind. For those of you in the military, or those that love military movies; think about the concept of a firebase (One of the best USMC movies out, is The Siege of Firebase Glory; starring R.Lee Ermey). The idea is that most important section that they were protecting was the internal center of the firebase. This is where the “Colonel” would be located, similarly the iOS “kernel” sits at the center to direct actions; it also needs protection. iOS built the security in both; how the hardware works collaboratively with the software. No other popular device has integrated the hardware and software with security built-in. So, without going into the super nerd stuff on how they do it, let’s talk about that you have a secure mobile device to start. How do you protect yourself while doing things that smart phones were made to do?
You might have seen the rash of ransomware (malicious software/applications that will seize control of your device and restrict you from using it the way you want. It also requires a ransom payment to regain control). How does this happen and how can you securely protect your device? Well if you didn’t know your smart phone does all kinds of things behind the scenes; like downloading apps, installing apps, locating your GPS coordinates, etc., all the while trying to connect to the best signal available. Many times, your phone will connect to a WiFi hotspot without your knowledge.
For example, if you have AT&T as carrier, your phone will connect to an AT&T WiFi hotspot automatically. You can stop this by forgetting the AT&T wireless hotspot and selecting “Ask to Join Networks.” A good first step in ensuring you don’t connect to a WiFi location you don’t want. To increase the security of connecting to WiFi hotspots you will want to get an application such as SkyCure or Trend Micro. These technologies, protect your phone from incoming and outgoing connections and identify malicious applications. Additionally, they can funnel traffic through bad networks securely using Virtual Private Network (VPN) tunneling. For example, you are at the British Airways lounge, and you’re attempting to submit a form over secure protocols for your next flight. The BALounge and many other hotspots will attempt to decrypt your traffic and read what you submitted. Skycure, can create a VPN tunnel to securely transmit your personal information without being decrypted (in many cases). It also will inform you if there is anyone scanning or attempting to target your phone and prevent those attacks similarly to your firewall at home.
The next three applications you will want to have on your phone to make your connections private, is a Virtual Private Network (VPN) service and a Secure Browser. These two are a must when you want to remain private and anonymous when connecting to the Internet via your mobile device. The third is to make secure your text-messaging activities. First, I would recommend a VPN service; this will anonymize your activities such as email and web browsing. I personally use HotSpotVPN it is a paid service, but I can use iOS natively, or push all my normal browser traffic through it (i.e., Safari or Google) to reduce my GEO location tracking that websites seem to want. If I really want to go anonymous, then I will launch RedBrowser.
RedBrowser is a bundle that leverages The Onion Router (Tor) network and a built-in web browser, so you do not have to install and connect manually and apply all the appropriate proxy settings. The core principle of Tor, “onion routing,” was developed in the mid-1990s by United States Naval Research Laboratory, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997.
The final item you will want, is secure text messaging with auto destruct features, so in case you are habitual text’er when you have one too many and added some ridiculous looking “selfies” they would be gone by the time your hangover is done. I recommend signal; it has these features as well as encrypted cellular communications, in the event your fingers are broken and just want to go old school.
There are many further activities that you might want to research to protect your iOS a device. This article was an attempt to provide you with some concepts that you will need as you get more attached to your smart phone and less to your laptop. If you do one thing, don’t jailbreak your iOS; you’ve just let the bad actor in the front door.
Concepts can be broken down into these items for further research to find the best for you:
- Mobile Device Protection – something to protect your mobile device from malware and attacks through signals (i.e., Wi-Fi, Bluetooth, NFC, Geo Location, etc.)
- VPN and Secure Web Browsing – something to protect your internet traffic and communications
- Secure Messaging – something to protect your texting, sms, etc., from yourself, and prying eyes.
