Sunday, November 20, 2011

Secure Your Mobile Phone

Secure Your Mobile Phone

Good info from wired.com

Lock it down

Password-protecting your smartphone should be a no-brainer. If you haven't already, turn on the password lock feature on your phone. It's a mild inconvenience to type your password every time your phone comes out of sleep mode, but it's your best first line of defense against would-be snoops.

If your phone allows it, set it up to automatically wipe your data after a few failed password attempts. That way, should anyone try to guess your password they'll automatically delete your data after a few tries. Be careful, though; the data gets deleted whether it's a cop trying to hack your phone or just your toddler playing around with it.

The U.S. courts are, thus far, unclear on whether or not you can be compelled to hand over your password to law enforcement. If nothing else, having one in place should help buy you some time to get in touch with a lawyer or wipe your data remotely.



Button it up

While it isn't absolutely foolproof, full-disk encryption is the best, most practical method of safeguarding your phone's data from the prying eyes of law enforcement (or just that creepy guy who found your phone in a bar).

Sadly, most phones don't support full-disk encryption. Apple's iOS 4 introduced a feature dubbed "data protection," which encrypts some types of data when the phone is locked or turned off. There are encryption APIs in iOS so other apps can protect your data, but how many actually do is unclear and support varies on an app-by-app basis. There is no way to completely encrypt your iPhone.

Android doesn't fare much better. So far, Android doesn't offer a built-in encryption option, though there are some third-party apps that can do it. If you have a Nexus S or Nexus One, the new Whispercore app can do full disk encryption. If you've got a different Android model and you're looking for a full disk encryption solution, well, you're not alone. Even DARPA, the famed U.S. Defense Advanced Research Projects Agency, has put out a call for help when it comes to finding full-disk encryption for Android.


Wipe it Away

What to do if the cops seize your phone and take it off to the bat cave where powerful hackers will defeat all your best encryption tools? Remote wipe it, of course.

If you've got an iPhone, set up Find My Phone, which includes an option to delete all your data from afar.

Android users can wipe their phones with a number of apps, including SeekDroid and Webroot, both of which offer additional security measures as well.

Blackberry users have several options, but for individuals the easiest thing to do is set up Blackberry Protect.

One problem with remote wipes is that it's easy to defeat -- just remove the SIM chip. If there's no way to connect to your phone, there's no way to wipe it. Another problem is that in some cases wiping your phone might be considered destruction of evidence.

Smartphone security is just beginning to get off the ground. Right now our phones seem more like fun little toys to tote around than potentially incriminating data stores, but that's starting to change. At the moment, Blackberry remains the most secure platform out there, thanks to its strong background in enterprise and business environments. After that, iOS and Android both offer similar features, though both can, with access to right tools, still be compromised.


more @ http://howto.wired.com/wiki/Secure_Your_Mobile_Phone
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)