Recent mobile phone hacks in Hollywood and the emergence of an entertainment answer to WikiLeaks should remind everyone to follow these mobile security mantras.
In the past week, actresses Scarlett Johansson and Mila Kunis have illustrated the dangers that smartphones can pose to one's privacy. In Johansson's case, hackers appear to have stolen nude self-portraits from her phone, while in Kunis' case, they lifted semi-racy photographs taken of her Friends With Benefits co-star Justin Timberlake.
The FBI is reportedly investigating both breaches, but in the interim, one security takeaway is clear: Smartphones that store information of a sensitive nature must be properly secured. Regardless of whether or not you've got paparazzi camped outside your door, according to mobile security firm Lookout, most phones today get hacked in one of four ways:
1. Weak passwords. One of the best techniques for ensuring your password doesn't get hacked is to avoid password reuse. In 2008, for example, hacker Josh Holly told Wired that he'd accessed teen celebrity Miley Cyrus' Gmail account by first socially engineering a MySpace employee and gaining access to an administrative panel that listed members' passwords in plaintext. Finding one for Cyrus, he tried it against a Gmail account Cyrus was known to use, and it worked. At that point, he pulled a collection of racy images that the singer and actress had sent via email.
2. Public Wi-Fi. Using unsecured public Wi-Fi hotspots means you're sending data in unencrypted format, which leaves it open to eavesdropping attacks. To illustrate the dangers posed by eavesdroppers, one security researcher last year unveiled Firesheep, which enables an attacker to automatically sniff public Wi-Fi connections for traffic and capture credentials related to popular websites, such as Facebook, Twitter, and Amazon.
3. Malicious applications. As with PCs, so too with smartphones: Only install software from reputable sources, lest it contain malware. For Apple iPhone and iOS device users, this means you jailbreak your device and install non-Apple-approved applications at your own risk. Meanwhile, for Android, which doesn't review applications before allowing them to be listed on the official Android Market, only download and install applications from reputable sources, and consider adding security software that can block malicious activity.
4. Outdated software. Outdated smartphone software containing known vulnerabilities can give attackers a vector for exploiting devices. Unfortunately, smartphone operating systems don't have the equivalent of a Windows Update. Instead, smartphone users must rely on their cellphone carrier to push an update. Outside of Apple, however, seeing smartphone security updates can be a rarity, perhaps because the carrier and phone manufacturer have already been paid. In such cases, smartphone security software can add another layer of protection.
Anyone can sharpen their smartphone security using the above tips. But celebrities may not want to wait, since a WikiLeaks spinoff calling itself "Hollywood Leaks" has vowed to release everything from major scripts to nude photographs culled from hacked email accounts. "We're simply here to facilitate the free flow of information from a place which was previously overlooked, Hollywood," a member of the group told Gawker last month.
In light of that threat, security expert Graham Cluley, senior technology consultant at Sophos, offers one piece of additional security advice, in the form of a "cut-out and keep reminder" for celebrities to tape to their mirrors: "Must not take any nude photos of myself today."
SaaS productivity apps are good to go--if you can get past security and data ownership concerns. Read all about it in the new, all-digital issue of InformationWeek SMB. Download it now. (Free with registration.)
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?