Recent mobile phone hacks in Hollywood and the emergence of an entertainment answer to WikiLeaks should remind everyone to follow these mobile security mantras.
In the past week, actresses Scarlett Johansson and Mila Kunis have illustrated the dangers that smartphones can pose to one's privacy. In Johansson's case, hackers appear to have stolen nude self-portraits from her phone, while in Kunis' case, they lifted semi-racy photographs taken of her Friends With Benefits co-star Justin Timberlake.
The FBI is reportedly investigating both breaches, but in the interim, one security takeaway is clear: Smartphones that store information of a sensitive nature must be properly secured. Regardless of whether or not you've got paparazzi camped outside your door, according to mobile security firm Lookout, most phones today get hacked in one of four ways:
1. Weak passwords. One of the best techniques for ensuring your password doesn't get hacked is to avoid password reuse. In 2008, for example, hacker Josh Holly told Wired that he'd accessed teen celebrity Miley Cyrus' Gmail account by first socially engineering a MySpace employee and gaining access to an administrative panel that listed members' passwords in plaintext. Finding one for Cyrus, he tried it against a Gmail account Cyrus was known to use, and it worked. At that point, he pulled a collection of racy images that the singer and actress had sent via email.
2. Public Wi-Fi. Using unsecured public Wi-Fi hotspots means you're sending data in unencrypted format, which leaves it open to eavesdropping attacks. To illustrate the dangers posed by eavesdroppers, one security researcher last year unveiled Firesheep, which enables an attacker to automatically sniff public Wi-Fi connections for traffic and capture credentials related to popular websites, such as Facebook, Twitter, and Amazon.
3. Malicious applications. As with PCs, so too with smartphones: Only install software from reputable sources, lest it contain malware. For Apple iPhone and iOS device users, this means you jailbreak your device and install non-Apple-approved applications at your own risk. Meanwhile, for Android, which doesn't review applications before allowing them to be listed on the official Android Market, only download and install applications from reputable sources, and consider adding security software that can block malicious activity.
4. Outdated software. Outdated smartphone software containing known vulnerabilities can give attackers a vector for exploiting devices. Unfortunately, smartphone operating systems don't have the equivalent of a Windows Update. Instead, smartphone users must rely on their cellphone carrier to push an update. Outside of Apple, however, seeing smartphone security updates can be a rarity, perhaps because the carrier and phone manufacturer have already been paid. In such cases, smartphone security software can add another layer of protection.
Anyone can sharpen their smartphone security using the above tips. But celebrities may not want to wait, since a WikiLeaks spinoff calling itself "Hollywood Leaks" has vowed to release everything from major scripts to nude photographs culled from hacked email accounts. "We're simply here to facilitate the free flow of information from a place which was previously overlooked, Hollywood," a member of the group told Gawker last month.
In light of that threat, security expert Graham Cluley, senior technology consultant at Sophos, offers one piece of additional security advice, in the form of a "cut-out and keep reminder" for celebrities to tape to their mirrors: "Must not take any nude photos of myself today."
SaaS productivity apps are good to go--if you can get past security and data ownership concerns. Read all about it in the new, all-digital issue of InformationWeek SMB. Download it now. (Free with registration.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.