Smartphone security

Friday, January 14, 2022    Post   730 words   4 mins read

If you’re still new to the world of smartphones (or even if you’re not), you may be a bit suspicious about the level of security afforded by these rather complex devices. And while modern smartphones nearly always come with a standard assortment of security features, there are still steps you can take to keep your sensitive personal information safe at all times.

Signs that your smartphone is compromised

  • Slow smartphone performance. Your phone now uses a lot more memory, CPU or battery power, gets hotter under normal use and/or gets hot when it is idle.

  • Advertising popups. A sign of adware/malware is the appearance of popup windows on the phone screen or in the web browser, these can be advertising banners of various content, elements that interfere with the normal operation of your smartphone or are constantly opening new web browser tabs.

  • Unknown applications and/or files. Applications that you did not download yourself may appear on the device, files you are not familiar with appear on the memory card (if there is one in your phone), calls or messages may also be made without your knowledge.

  • Data usage jumps. Malware can and will use your phone’s resources in the background, monitoring your activities 24/7 and upload your data to rogue remote servers.

  • Strange application behavior. Applications turn on and off themselves, perform any action without your knowledge or interaction and maybe crash.

How did your smartphone get compromised

  • Downloads. The most popular method of infecting a smartphone with malware is downloading the software itself by retrieving files from third-party resources or opening suspicious links. The consequences of such an infection can lead to theft of personal data, accounts, credit card data, etc.

  • Public WiFi networks and/or charging stations. Attackers can create fake WiFi hotspots and redirect you to malicious websites via MitM attacks, as well as steal your data via USB connections at charging stations.

  • Spyware. Absolutely anyone can install spyware on your smartphone, no additional knowledge is needed for this; such software can be easily downloaded from the Google Play Store or the Apple Store. This allows an attacker to remotely monitor all your activities.

  • Phishing attacks. Any messages in social networks, mail, instant messengers containing suspicious links can lead to phishing pages that are indistinguishable from the real ones.

  • SIM-swapping attacks. An attacker, having taken possession of your personal data (for example, passport data or other information), can try to “recover” your SIM card. If he manages to convince the mobile data provider’s employees, he will have access to your phone number and the ability to receive SMS on it, thereby restoring all accounts linked to the number.

What can you do

  • Update your smartphone’s OS with the latest security mitigations issued by your device’s manufacturer.

  • Always lock your smartphone when not using it, set a PIN that only you know. Never hand out your unlocked phone to anyone you don’t trust.

  • Never enter your personal details on suspicious websites.

  • If you need to recharge your phone in public places always use your own Power-Only (or Charge-Only) USB cable (with missing data wires).

  • If you don’t trust the current WiFi network you might want to postpone checking your email. Also, never connect to WiFi networks you don’t control and trust.

  • Use proper ad-blocking solutions for your smartphone web browser.

  • Don’t store sensitive data on the SD card or encrypt it if possible.

  • Enable Android device encryption if you have an Android smartphone.

  • Don’t leave network connections enabled at all time (Bluetooth, WiFi).

Paranoid mode (the unrealistic mode)

Playing ♫ Garbage - I Think I’m Paranoid in the background, of course.
  • Your smartphone could have its cameras and microphones removed; use a headset when you need to do calls IF you want to use a SIM card.

  • Android phone with CalyxOS or GrapheneOS installed, or Linux phone.

  • Removable battery, only plug it when using the phone.

  • Use a proper application-level firewall on the phone, blacklisting all incoming connections and whitelisting only required incoming and outgoing connections.

  • Epoxy the SIM card slot if you don’t intend to use a SIM card. If the phone has a SD card slot, epoxy that one too.

  • Briar secure messenger, no SIM card, only connect to a WiFi network on your portable router that has OpenWrt installed, firewalls and routes all traffic over Tor.

Do read the text on the image to the right.