By Ondrej Krehel,
There are more than 200 million iPhones and iPads out there in consumer land. Most of them are connected to a Mac or PC via iTunes, Apple’s popular music player and file sync program.
Every time the phone or tablet is connected, by USB, to the host computer, iTunes can automatically sync your selected music, documents, photos and contacts. There’s no prompt when you download Lady Gaga’a new album and add it to a playlist that’s on your phone. The music simply shows up on your device after a short background sync.
But what about when you use multiple computers for multiple devices? What about those pesky wires? This is what Apple’s trying to work around with its recently announced iCloud service.
By Ondrej Krehel,
As our smartphones have become our wallets and personal computers, holding everything from banking to social network information, they’ve become targets for hackers, scammers and criminals. Our phones hold a treasure trove of data—and the bad guys know it.
A screen lock is no longer enough.
Dream Droid, a botnet-type of malware program, recently . It got its name because the malware activated at night, affecting users while they were asleep. Originally it was thought that 21 apps were infected, but an independent security firm found an additional 30 apps. Google flipped its famous kill switch—a scary, but seemingly necessary, piece of code that accesses phones without users’ permission and deletes the offending software. About 260,000 Android users were hit. The phone’s IMEI identifier numbers were stolen, but no other personal user information was breached.
by
There’s a lot of hullabaloo right now about turning your smartphone into a wallet. Phone companies and major banks hope that someday people will reach for their phone instead of their credit card or cash to buy coffee, gas and household items (especially since processing a bunch of ones and zeroes is much cheaper than handling loose bills).
Internet giant Google is in on the action, having recently . The idea behind the mobile payment plan is to build a system where consumers can buy stuff and receive coupons and loyalty rewards all with their Sprint smartphone.
(more…)
by
“We’re adding one more piece to the menu of bank customers, which already includes branches, ATMs, Internet banking, mobile banking, and now person to person payment,” says Tom Kelly, a spokesman for Chase.
The new system is intended to be simpler to use than PayPal, which does not offer checking accounts, and thus requires people to fund their PayPal account by withdrawing money from accounts at other financial institutions. With clearXchange, the transaction is intended to be smoother, as long as both parties to a transaction have a bank account with one of the three participating banks.
by
While a written privacy policy does not guarantee consumer privacy won’t be violated, “posting a privacy policy is the essential first step for companies to take to be accountable for their practices of collecting and using online data,”
(more…)
By Ondrej Krehel, Identity Theft 911
is a regular morning stop for consumer tech news and I can’t stop thinking about its recent posts on the .
It all started when Google from the Android Market, the app store for the Google smartphone OS. It later came out that there were 56 malicious apps affecting at least 260,000 users. The apps were up to all kinds of no good, including uploading phone information to third parties and setting up backdoors so new software can be remotely installed.
Then Google flipped the kill switch.
This company-installed backdoor—Apple and Microsoft phones have them, too—allowed Google to remotely access its users’ phones and delete the offending apps. It went one step further by installing a new security patch. Think of it as an auto-update and auto-delete, over which you have no control.
by Ondrej Krehel
There’s a host of articles online about and to secure your smartphone. And for good reason: The risks have never been higher. Potential threats range from simply losing a device loaded with your personal and sensitive information to sophisticated unauthorized dialing, SMS scams (smishing) and data leakage scams.
There are several mobile security applications, such as , for all major smartphone platforms. They’re well worth exploring. Yet there are two simple things you can do—one low-tech, one hi-tech—to up your security game.
Get out the pen and paper, or your word processor. Seriously. Make a physical list of everything on your smartphone—all the accounts and documents (or types of documents) it can access. Big corporations call this data classification. If you log into Gmail and Facebook and Twitter, write the names of those sites down. Online banking? Shopping? Put down the names of your banks and credit cards. In the event the phone is lost or stolen, this list will be a lifesaver. You’ll have a clear guide to all the passwords you need to change and a list of the documents that may be at risk.
[Related: ]
With that list stored in a safe place, you might want to take one extra step and delete all the login names and passwords stored in your phone. Yes, you’ll have to type your Facebook login and password every time you access it on your phone, but that extra four seconds could save hours of headache if the phone is compromised. If you can’t remember all your passwords, install , which stores them in an encrypted database.
The hi-tech solution is for a worst-case scenario: remote data wipe. This amounts to logging into a website that sends a signal remotely to your lost or stolen phone to erase its internal memory. Lookout, linked above, offers this option for free for Android, BlackBerry and Windows-based phones. Apple offers the service through , but at the steep rate of $99 a year. Of course even this security layer has a weakness: The new “owner” of your phone can just pull the battery.
Is all this worth the trouble? Consider the list of accounts and documents stored on your phone. What would it cost to restore them, or even worse, what would the consequences be if a hacker or identity thief took them over.
Ondrej Krehel, Chief Information Security Officer,
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.
Image by , via Flickr