All posts for the month May, 2015

Mobile Devices

We all get used to the convenience of our mobile devices. We get spoiled by the instant access to magic levels of communications access. We get seduced by the ease with which we can see and do and talk. We get lazy.

There are so many ways your devices make you life easier, it’s easy to lose track of the fact that the ease they bring to us comes at the cost of risk – the risk that all of our personal data will fall into someone else’s hands.

Luckily, there are really only a four vectors of that risk and each of those vectors is relatively easy to block.

The first vector of privacy breaches is at the systemic or bulk level. Most mobile devices use some kind of a cloud backup system for the data you put onto the device. In most cases, the companies providing that cloud backup are reliable and dedicated to keeping your data safe and secure. In most cases you can be confident in their ability to keep your data safe, after all, if they are breached, the bad press goes globally viral immediately and they’re looking for a new business. If you are concerned, you can always take the most obvious step and not keep sensitive stuff on your phone in the first place. If it is isn’t on your device, it can’t be stolen from your device or from your cloud backup. You can also exclude sensitive stuff from cloud backups. Most devices and services offer some kind of granularity in deciding what is backed up and you can almost always exclude things if you want to.

The second vector is by way the communications channel your device uses to access the cloud. Be very cautious of unencrypted channels! If you see an open, unsecured WiFi node, be very hesitant of using it. Many are legitimate and safe to use, but there are lots of cases of malefactors setting up open WiFI nodes in public places in order to snoop on the unencrypted traffic that ensues. Keep in mind that if the channel is not password protected, any traffic sent over that channel is open to snoopers.

The third vector is that of the physical connection to the phone. In at least one case, malefactors set up a ‘charging station’ in a busy airport. Travellers plugged their phones into the provided USB charging cords, unaware that the cords were plugged into a computer programmed to not just charge the phones, but to download everything from the phones via the USB link for later examination. If you need to charge your device, plug your charger into the wall and plug your phone into it.

The final vector is via the device itself. If you lose your device, everything on it is right there for whoever finds it. Taking such simple steps as setting a passcode or swipe pattern to unlock the device will not completely prevent someone from accessing your data, but it can slow them down enough that they give up or at the very least it may give you time to remotely brick the device.