Posts

iPhone Security Crash Course: 13 Hacker-proofing Tips

iphone security - privacy expert John Sileo

iPhone Security In the Mid/Post-Pandemic World

We are no longer just addicted to our iPhones; we are officially in a committed relationship, thanks to the pandemic. We mobile office from them, bank from them, attend doctor’s appointments, kids’ classes and Zoom happy hours from them. And in the midst of all of this critical and effective use, we are dropping our guard when it comes to iPhone security. 

But there is good news! Changing your default privacy and security settings keeps you from being shark bait (because hackers usually go for the easy kill). Even for iPhone users, who often mistakenly believe that all security is taken care of by Apple. Spoiler – it’s not. Smartphone security takes mindful tweaks on your part – even if Apple does a good job of rooting out malicious apps. Here is a short description of what steps I would take first to to defend your phone (other than never losing it). 

Too much reading? Check out the webinar – in less than an hour I’ll walk you through HOW to do it all for less $ than an Apple dongle!


smartphone privacy

iphone Security Webinar: Wednesday, June 24 @ 1pm ET

Cost: $29

Register: Sileo.com/webinar

Course Description: iPhone Security – See Below (Note: Android OS will not be covered)

 


The Lucky 13 –  iPhone Security & Privacy Tweaks   

  1. Prune Your Apps. You have far more apps on your phone than you use regularly. Outdated and extraneous apps are a backdoor into your privacy. Delete those you don’t use often (Apple can help automate this) and reinstall when needed. Before you install a new app, find trusted reviews online to determine the company’s privacy and security record.
  2. Auto-Update Your iOS. Turn on automatic updates for your iOS operating system so that security patches are installed immediately upon release. This protects you from something called zero-day exploits, which I will explain as I demo how to turn this on during the webinar). Safari is part of the operating system, and just as vulnerable to hacking  as on your computer, making these updates even more critical.
  3. Hide Your Location. Your flashlight app (not  the Apple one) may be spying on you.Third-party apps often request access to iPhone features and data they don’t really need, like your location, camera, contacts, and microphone. Turn off location sharing on most apps, and set it to “Only While Using App” on most of the rest. Bring your app-specific location questions to the webinar.
  4. Hide Your Contacts, Photos & Conversations. Many apps have access to your contacts, calendar, photos, Bluetooth, microphone, camera and health data. Customize these settings to only allow access to apps that you trust or that have to have access to work.
  5. Robustify Your iPhone Passcode. Four digits is not enough! Six-digit numeric codes are still vulnerable to cybercriminals. Even if you conveniently unlock your iPhone with a thumbprint or facial recognition, the passcode behind the biometric is what gives it all of its strength! Lengthening codes is a bit confusing, so I will save it for the online demonstration.
  6. Password Manage Your Online Accounts. Mobile password aggregators help you create unique, long and strong passwords for all of your online accounts. The iPhone integrates with many common password managers to make logging in to critical sites faster and safer than the old fashioned way. Happy to make “endorsement-free” product recommendations if you need them.
  7. Double Your Passcodes. When you turn on two-step logins (aka, two-factor authentication), a hacker’s ability to break into your online accounts plummets. Having a passcode you know (the one you memorize to get into your phone) and a passcode you have (from a passcode authenticator app or text message), makes you exponentially safer. Enable this on every cloud service you use, from email to banking, health sites and business logins to social media. And make sure you turn it on for iCloud, which stores a backup of everything on your phone.
  8. Backup Your Phone. Whether you back up to a physical computer or to iCloud, this is the best way to recover from ransomware or a lost, stolen or hacker-scrambled phone.
  9. Stop Brute Force Logins. If you’re worried about your device falling into the wrong hands, you can prevent an attacker from brute-force break-ins using the “erase data” option. This automatically deletes all data on your phone after 10 consecutive failed login attempts. Just don’t ever forget your code, and be careful that your kids don’t erase your data by entering the wrong code too many times!
  10. Shut Down Eavesdropping Advertisers. Many websites use cross-site tracking to monitor your surfing habits so that marketing companies and advertisers can push products and services tailored to your interests. This can be turned off in Safari for iOS. It is also possible to block pop-ups, enable fake website warnings, disable location-based and interest-based ads and switch from Google’s search engine to a more private source like DuckDuckGo.
  11. Enable Location Tracking and Wiping
  12. Secure Your Free Wi-Fi Hotspots (VPN)
  13. Disable Creepy Photograph Tracking

If you are looking for a bit of hand/phone holding, join my webinar, where I will walk you through HOW to implement all 13 iPhone Security Steps.


Webinar: iPhone Security Crash Course: 13 Ways to Keep Hackers & Advertisers Out

Every website you visit, location you frequent and app you use on your iPhone can be tracked, hacked and abused. By default, your smartphone is open to cellular providers, digital advertisers and cybercriminals. Until, of course, you proactively take steps to minimize how your private data is being captured, shared and sold. 

In this iPhone-specific workshop, John will perform a live demonstration of 13 critical iphone security and privacy settings. Bring your iPhone to the webinar, as you will be actively changing settings during the presentation. 

Smartphone Privacy & iPhone Security Tools Covered Will Include:

  1. App pruning and vetting
  2. Operating system patches and automatic updates
  3. Limiting location tracking performed by Apps
  4. Keeping hackers out of contacts, photos and voice recordings
  5. Hack-proof passwords (almost)
  6. Implementing a password manager
  7. Turning on two-step logins on vital online accounts
  8. How to back up your phone in case of loss or ransomware
  9. Eliminating brute-force logins
  10. Disabling advertising tracking and sharing
  11. Enabling location tracking and wiping in case of loss
  12. Installing and utilizing a VPN to protect Wi-Fi usage
  13. How to disable creepy photo location tracking
    If time permits:
  14. Evaluating of the Pros/Cons of biometric passwords (fingerprints and facial recognition)
  15. A discussion on the security of Apple Pay and Wallet options
  16. Banking and investing vulnerabilities on you smartphone

By the end of this webinar, your iPhone will be 99% more secure than the average smartphone user. Time for Q&A with John will be provided at the end of the demonstration.

SCAM ALERT: Target Texting Scam

SCAM ALERT! There is a Target texting scam going around. The text looks similar to the one in the picture to the left, and generally says you’ve won a $1,000 gift card if you simply click on the link and collect the money. When you click on the link, it takes you to a Target-looking site that a criminal has set up to collect your private information. The information is then used to steal your identity. In other cases, clicking on the link installs a small piece of malware that takes control of your phone and forwards your private information to the criminals.

Where do the criminals get my mobile phone number to text me in the first place?

  1. They purchase it off of black-market sites on the internet
  2. You give your mobile number away to enter contests, vote on reality shows, etc.
  3. You post it on your Facebook profile for everyone to see
  4. Data hijackers hack into databases containing millions of mobile numbers
  5. Most likely, the thieves simply use a computer to automatically generate a text to every potential mobile phone number possible (a computer can make about a million guesses a second).
What can I do to protect myself and my phone?
  • If you receive a text from any number you don’t know, don’t open it, forward it or respond to it
  • Instead, immediately delete the text (or email)
  • If you accidentally click on the link, never fill out a form giving more of your information
  • Place yourself on the national DO NOT CALL list.
  • Stop sharing your mobile phone number except in crucial situations and with trusted contacts
  • Remember when you text to vote or to receive more information, enter sweepstakes or take surveys via text, they are harvesting your phone number.
  • Resist the urge to post your mobile number on your Facebook wall or profile

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust. He is CEO of The Sileo Group, which helps organizations protect their mission-critical privacy. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation  or watch him on Anderson Cooper, 60 Minutes or Fox Business.

Smartphone Survival Guide Now Available For The Kindle!

Identity Theft Expert John Sileo has partnered with Amazon.com for a limited time to offer the Smartphone Survival Guide for Kindle at 1/4 of the retail price.

Click Here to Order Today!

The Smartphone Survival Guide: 10 Critical Tips in 10 Minutes

Smartphones are the next wave of data hijacking. Let this Survival Guide help you defend yourself before it’s too late.

Smartphones are quickly becoming the fashionable (and simplest) way for thieves to steal private data. Case in point: Google was recently forced to remove 21 popular Android apps from its official application website, Android Market, because the applications were built to look like useful software but acted like electronic wiretaps. At first glance, apps like Chess appear to be legitimate, but when installed, turn into a data-hijacking machine that siphons private information back to the developer.

The Smartphone Survival Guide gives you extensive background knowledge on many of the safety and privacy issues that plague Smartphones, including iPhone, BlackBerry, Android and Windows Phone. Mobile computing is an indispensable tool in the modern world of constant connectivity, but you must protect these powerful tools. Mobile access to the web is here to stay, but we must learn to harness and control it. So whether you are reading this to help protect your own personal Smartphone, or valuable corporate assets, the Smartphone Survival Guide will start you in the right direction.

John Sileo’s Smartphone Survival Guide was recently mentioned in the New York Times.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.


Identity Theft Expert Releases Smartphone Survival Guide

In response to the increasing data theft threat posed by Smartphones, identity theft expert John Sileo has released The Smartphone Survival Guide. Because of their mobility and computing power, smartphones are the next wave of data hijacking. iPhone, BlackBerry and Droid users carry so much sensitive data on their phones, and because they are so easily compromised, it’s disastrous when they fall into the wrong hands.

Denver, CO (PRWEB) March 7, 2011

Smartphone Survival Guide

Smartphones are quickly becoming the fashionable (and simplest) way for thieves to steal private data. Case in point: Google was recently forced to remove 21 popular Android apps from it’s official application website, Android Market, because the applications were built to look like useful software but acted like electronic wiretaps. At first glance, apps like Chess appear to be legitimate, but when installed, turn into a data-hijacking machine that siphons private information back to the developer.

In response to this new threat facing iPhone, BlackBerry, Droid and Windows Phone users, identity theft expert John Sileo has just released “The Smartphone Survival Guide: 10 Critical Security Tips in 10 Minutes.”

“Once you download a Trojan app” says Sileo, “the thief has more control over your phone than you do. Your privacy is an open book… your identity, contact list, files, emails, texts, passwords… all of it. This doesn’t just threaten the individual phone owner, it threatens the organizations they work in and the data they handle every day.”

At the heart of the problem is the breathtaking convenience and efficiency provided by mobile phones that have become “Smart” because they also function as computers, books, GPS devices, payment systems, web browsers, radios, iPods and so much more. Unfortunately, blinded by the thrill and functionality of the latest app, users rarely take the time to vet the software that can be installed in seconds, from anywhere.

“There are no significant barriers to entry, for either us OR the thieves,” says Sileo of the app-based model of acquiring new software. “You can read about an app on a web page, download it and be using it in under a minute. And you probably didn’t even have to pay for it… at least with cash.” You’re paying dearly, Sileo

maintains, by trading away private information, surfing habits, bank account numbers or company financials.

The Smartphone Survival Guide outlines the major threats posed by mobile phones with internet access and gives a range of solutions for drastically lowering risk. Sileo points out that most data stolen off of Smartphones isn’t just a technology problem:

“Despite the intoxicating power of technology, the underlying problem is always a human problem. Don’t waste energy trying to fix the gadget – that’s someone else’s responsibility. Focus on the behaviors that allow employees to maintain a healthy balance between productivity and security. Deliberate, focused training has the highest ROI, not obsessing over the latest data leakage.”

The Smartphone Survival Guide describes a range of solutions in a quick and accessible fashion, such as:

  • Turn on auto-lock password protection and corresponding encryption.
  • Enable remote tracking and remote wipe capabilities in case the phone is lost or stolen.
  • Minimize app spying with security software and smart habits.
  • Customize geo-location and application privacy permissions.
  • Be wary of free apps – users are almost always paying with private data.
  • Before downloading an app, ask a few questions: How long has the app been available – long enough for someone else to detect a problem? Is the publisher of the app reputable? Have they produced other successful smartphone applications, or is this their first? Has the app been reviewed by a reputable tech journal?

Smartphones and the data on them are obviously at risk, but it remains to be seen whether users will alter their behavior before it’s too late. If not, it will be but one more example of human choices leading to technological data hijacking.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.

Trojan Apps Hijack Android App Store

Google removes 20+ Apps from Android Market, signaling that malware distribution has gone mainstream, and not just for Droids.

The Adroid Operating System is open source – meaning that anyone can create applications without Google’s approval. It boosts innovation, and unlike Apple iPhones or Blackberrys, Droid Apps aren’t bound by all of the rules surrounding the Apple App Store. But this leniency can be exploited by hackers, advertisers and malicious apps. And now those apps aren’t just available on some sketchy off-market website, but on the Android Market itself. As smartphones and tablets become one of the primary ways we conduct business, including banking, this development shifts the security conversation into high gear.

A recent discovery forced Google to pull 21 popular and free apps from the Android Market. According to the company, the apps are malware and focused on getting root access to the user’s device (giving them more control over your phone than even you have). Kevin Mahaffey, the CTO of Lookout, a maker of security tools for mobile devices, explained the Android malware discovery in a recent PC World article (emphasis mine):

“DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it… Unlike previous instances of malware in the wild… DroidDream was available in the official Android Market, indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smartphones.”

An example of a Trojan App, as I like to call it (because it hides an attack beneath a harmless – or even attractive – exterior), is a Droid app simply called “Chess.” The user downloads it assuming that it will allow them to play chess on their phone. Once downloaded, however, the app assumes root control of the device, transmits highly sensitive user data back to the author and leave a ‘Back Door’ open to allow further malicious code to be added to the phone at any time. Disguising malicious apps as legitimate and popular software is what makes this game so easy and profitable for hackers. That the apps are then available on a well known app site (run by Google), gives them an air of legitimacy.

Here are several tips from The Smartphone Survival Guide to help you begin protecting your mobile phone, whether it is a Droid, iPhone, BlackBerry or Windows Phone:

  • Be wary of free apps – almost all of them, legitimate and otherwise – are siphoning your information to the developers.
  • Before you download an app, perform a bit of due diligence, including but not limited to:
  • If it hasn’t been out for long enough to have been tested, don’t download it (let the marketplace approve it first)
  • Research the publisher of the App to see if they have a clean track record.
  • Perform a Google search for reputable reviews on the app (Macworld, PC Magazine, PC World, Wall Street Journal).
  • Don’t automatically believe the reviews on established App Stores (Apple, Android, BlackBerry, Windows) as they are often written by the developer (or malware author).
  • Realize that legitimate, fully vetted apps like Pandora are siphoning your information too, though in a more benign way.
  • Always check your app permission settings (if available) to see what information they are forwarding back to the creator of the app.
  • Install security software on your phone (if available).

Smartphone Survival GuideRemember, all apps are not malicious, just a small fraction are bad apples. And Android isn’t the only source of this problem, it’s simply the most open of the App platforms and therefore more susceptible. Apple has pretty Draconian rules for getting apps approved, which has helped minimize exposure on iPhones. But if you aren’t taking steps to educate yourself about this latest and greatest fraud source, you’re going to get stung.

John Sileo is the award-winning author of the Smartphone Survival Guide: 10 Critical Security Tips in 10 Minutes and four other books. He speaks professionally on playing information offense to avoid identity theft, social media exposure, cyber fraud, data breach and reputation manipulation. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.