“How in the world are people going to steal my money – or my identity – through my phone? I mean, what are the chances of that really happening? I just don’t believe it’s possible; After all it’s not a computer! It’s just a phone!”
Gone are the days when a phone was just a phone. Back in the nineties my phone of choice was a blue Nokia 5100. I loved that phone because it simply worked; it made calls. It received calls. And that’s what a phone is supposed to do, right?
It did SMS, too which was pretty cool back then. It didn’t have a camera. But that wasn’t a problem because its 5-line, LCD screen wasn’t capable of displaying pictures anyway. And hey, I could play snakes on the thing! That was real cutting edge stuff at the time.
But to put it simply, my Nokia did exactly what it said on the tin. It was a well-designed phone with good battery life that kept me in touch with others. No need to worry about viruses, identity theft, or getting hacked. Leave all of that malarkey to my PC!
Fast forward to September 2011, a report by UK telecoms regulator Ofcom showed that nearly one in three adults in the UK now uses a smartphone. Apple’s iPhone was identified in the report as being the most popular; however teenagers (like my two) seemed to favour RIM’s BlackBerry devices due to their popular BBM (BlackBerry Messenger) instant messaging services.
Indeed, the summer riots that engulfed London and other parts of the UK in 2011 were orchestrated in part by BBM; teenagers would message each other in closed groups, enabling them to co-ordinate and plan which centres to rob and stores to loot away from prying eyes. In fact David Cameron, the Prime Minister of the UK at the time, considered shutting down the BBM service as part of his measures to contain the spread of rioting.
If there ever was a top ten list of how not to use your smartphone, organising a riot would be way up there.
Internet usage on handhelds has mushroomed over the last two or three years with, not surprisingly, FaceBook leading the pack of popular online destinations with a staggering 43 million hours spent there by UK users in December 2010 alone.
Figures like these show us that smartphones are definitely here to stay. They have become much more affordable and, therefore, accessible to a much wider spectrum of users. And as well as them becoming more affordable and accessible with each year that passes, they also become more powerful and feature packed.
Used wisely, smartphones are ultra-useful and amazingly adaptable – they can be used to book your theatre tickets, check your bank balance, read a book, write a book, listen to music, watch movies, catch up on news, the list is endless.
Oh yes; they make calls too.
However, use your smartphone incorrectly, and you’re potentially letting yourself in for a world of pain.
A while back my sister-in-law, Ruby, took the plunge and bought an iPhone. She loves it! All that pinch-to-zoom stuff has really got her hooked. However it wasn’t long before she wanted my help as she was having problems understanding how to set up her calendars correctly.
“Sure!” I said. “No problem”. So I had a look. Immediately I saw that she didn’t have a passcode set; as soon as I slid the slider to unlock I was looking at the last app she had used – which just happened to be her email.
This didn’t look good to me.
Now, the chances are that over 50% of people reading this book would have lost a phone at some point or another. I know I have. And it sucks. In fact, it really sucks. I explained to Ruby about the importance of setting a passcode just in case the unthinkable happens; maybe you’re travelling on the London Underground and when it’s time to get off you leave the train – and your phone – behind.
If something like this happens, and your smartphone then gets into the wrong hands, you want to make it as difficult as possible for someone to gain access to your information. And a passcode is your first line of defence.
In Ruby’s case, my nephew (her son) had also set up shortcuts for her on her home screen so that she could easily get into her online banking and other websites that she used frequently.
This was starting to look ugly.
I showed Ruby how I was able to access her FaceBook account, update her status, and even change her password in order to lock her out if she tried to log on from another computer. I showed her how I could send & read email from her account, read her notes, and that I was able to access her photos too.
When she left some time later not only was she a calendar-whizz but her iPhone was much more secure, and so her personal information was much more secure.
Yes we’d set up a passcode, but that wasn’t the only thing; I’d also raised her awareness of the threats that follow every smartphone user from the moment they open the box and power up their new device. I also armed her with practical advice and knowledge that she could implement to mitigate her exposure to those threats.
What would anyone want with MY data?!
Rest assured; the bad guys will find a use for it. Think about the spammers who send out hundreds of thousands of spam emails every day to random recipients. They realise that the vast majority of those emails will most likely get deleted or blocked by the anti-spam programs that the recipient or their Internet service provider has installed. The spammers also know that, of the emails that do get through, only a very small minority of recipients will actually open them and act on their contents. But for the spammers, that small minority is enough. Which is why they continue to spam, of course.
So, in a similar vein, the bad guys also realise and accept that only a small number of users that they target will bear fruit. But, as with the spammers, that small minority is enough.
Your mission, should you choose to accept it, is to ensure that you do not become one of these users who bear fruit.
Who would have thought that the smartphone you have in your pocket (or even the smartphone that you’re reading this book on) could make you a victim of identity theft, fraud, or much more serious crimes?
Many people buy a smartphone because the slick marketing campaigns tell them they’ll be able to surf the web, pick up email, hook up with friends, and tweet, post, and poke with the minimum of fuss and maximum of enjoyment.
While much of this is true, you should never lose sight of the fact that, just like laptops and desktop computers, smartphones and tablets have a much less savoury side to them which can turn around and bite you in the butt if the device isn’t used with due care and attention.
This is mainly because the bad guys (the hackers who like doing bad things such as accessing your bank account without your permission) are always looking for new ways of duping and scamming people out of their money. And unsuspecting smartphone users like you are a fantastic opportunity. The bad guys employ many different tactics to achieve their goals; from the fake Wi-Fi networks as described in the Preface, to what is fast becoming their favourite method: malicious apps.
Let’s get this straight – the only way for your smartphone or tablet to be totally secure is for you to leave it sitting in its sealed box with Wi-Fi and Bluetooth disabled, ensuring that your device is not connected to any type of network. But it wouldn’t be much of a smartphone if it’s stuck in a box would it?
So you’re about to unbox your new device, power up, set up your email, get online, and download some apps. Follow the lessons in this book first to understand where the dangers are and how you can guard against them.
Identity theft facts
Identity theft is one of the fastest growing crimes in many countries around the world. For example, in America there were more than 15 million victims in 2011.
Quite simply, identity theft, also known as identity fraud, occurs when the bad guys steal your personal information and impersonate you in order to buy goods or services, obtain information that only you should be privy to, or to commit a crime in your name.
Personal information is simply information that specifically defines you – for example your name, address, national insurance number, social security number, bank account numbers, credit card numbers, etc.
To obtain this information, identity thieves tend to prefer one of two approaches:
Some identity thieves like to target you. Their objective is to take assets, mainly financial, from you – maybe by gaining control of your bank account through your computer or smartphone.
Some identity thieves like to target others while impersonating you. Their objective is to obtain assets such as loans or credit cards in your name.
Neither of these is a good thing. You could end up in trouble with the law and your credit score will very likely be affected which means that when you need a legitimate loan, you won’t be able to secure one.
So can you really become a victim of identity theft through your smartphone or tablet? Absolutely. On the traditional computer, hackers have found it relatively easy to target unsuspecting users and make money from them. Normally this happens through so-called ‘client side’ attacks where a weakness (often called a ‘vulnerability’) in a web browser such as Internet Explorer is exploited by the hacker in order to compromise the computer. In plain English, this just means that the bad guys look for loopholes in popular programs which they can use to gain access to the computer without the user realising.
While the web browser is a popular target for these vulnerabilities, other applications which have not been updated (or ‘patched’) to the latest version, such as Adobe Reader or Flash, can also be targeted.
While it’s true that most smartphones and tablets are susceptible to being hacked, some are more susceptible than others. This is mainly down to the design of the Operating System (the set of programs that enable your device to function, play music, take pictures, etc.).
For example, when you compare a device running Google’s Android Operating System, with another running Apple’s iOS, you’ll be struck by their similarities. However, closer inspection will highlight major differences in the implementation of these devices:
iOS is a so-called ‘closed’ platform which imposes strict restrictions on the apps that developers can write for, and run on, it. In addition, apps for iOS devices can only be obtained and installed via Apple’s iTunes Store. The closed nature of iOS frustrates some users who would like to have more control over what they run on their device. This has led to the practice of Jailbreaking. See Lesson 7 for more details on this.
Android, on the other hand, is an ‘open’ platform. It provides the user with much more control over their device and the types of apps they can install to it. In addition Android also allows the ‘side loading’ of apps where users can bypass the official Android store and, instead, download and install apps from developer’s websites or other sources. Of course, like many things, this is a double-edged sword; Android’s popularity and openness make it a much more desirable target for hackers and identity thieves.
Criminals follow crowds
It goes without saying that the more popular a computer system is, the more inviting it appears to hackers and cyber-criminals. We’ve seen this all before with computer viruses where the more widely-used Windows computers had many, many more times the amount of viruses than Macs did. Therefore, taking these things into account, Android devices are more at risk of being hacked than iOS devices. And Windows Phone 7 and Blackberry devices come somewhere in between.
The sheer popularity of smartphones and tablets leaves criminals with rich, and sometimes easy, pickings. Recent figures show that new-device activations for the iOS and Android platforms grew from an average of 1.5 million per day during the first three weeks of December 2011 to 6.8 million devices on Christmas Day - a whopping 353% increase. Compare that to a total of 2.8 million new-devices activations on 25th December 2010 to get an idea of how fast the market is growing. To the bad guys, this is a massive opportunity.
But fear not. No matter which device you’re currently using, slight changes to your behaviour will make a world of difference and help to ensure that you get the absolute best out of your purchase with the minimum of risk.
QR Codes
When you’re out and about, have you ever wondered what those funny square barcodes are that you see popping up all over the place? If you're not sure what I'm talking about, they look like this:
You see them in magazine adverts, bus shelters, on the tube or metro, at the theatre, literally all over the place. They're called Quick Response Codes but are more commonly known as QR Codes. The idea behind QR Codes is great: You simply point your smartphone or tablet at them and scan them in the same way that your groceries get scanned when you're out shopping. Then, miraculously, your device shows you more information about the product or service that the QR code was attached to. Simple!
In fact, it's not really miraculous. In most cases the QR Code simply contains a website address. So when you scan it, your smartphone simply takes you to that website and shows you the relevant promotion or information.
But not so fast - while QR Codes are great, and a really convenient way of getting information about goods or services, they can also be extremely dangerous. You see, when you scan them, you're essentially using them blind.
When you look at a QR code such as the one above, what do you see? A square with a bunch of patterns that could mean absolutely anything. Even if it is just a website address, you can't tell it's a website address. The QR Code is smartphone-readable sure, but it's definitely not human-readable, and this means that the advert or poster containing the QR code can say it does one thing, (like claim to give you free stuff or a great deal), but in reality when scanned it can take you somewhere quite unexpected such as a hacked, cracked, or compromised website which can then proceed to infect your computer, tablet, or smartphone with malware.
And you can't tell just by looking at it; at least with a traditional website address you have a fighting chance of seeing where the link will take you before you click on it.
Some bad guys have been known to print QR codes to their own compromised or virus-infected websites and stick the QR Code over legitimate QR Codes on posters in the subway, or at bus shelters. This trick catches out a lot of people; they see the advert for a product that interests them and then scan the QR Code that the bad guys have stuck on top of the legitimate one. As soon as the code is scanned and the compromised website is opened, the device can potentially become infected.
So if you haven't guessed already, be wary of QR codes. Especially QR Codes that look like they have been stuck on or altered in some way. Generally, QR Codes printed in magazine adverts or other professionally produced publications or documentation will be safe to use, however use caution when scanning codes if you are out and about.
If you have any doubts, instead of using the QR code, just open your browser and find the product on the internet yourself. It won't be that hard and will be safer than scanning a code you're unsure of.
Now that you know all about QR Codes, try scanning the code above to get some free Apple stuff!
And just so that you know, the code above will take you to the How NOT To Books website here: http://www.hownottobooks.info/index.php/free-stuff
NOTE: Some devices come with a QR Code reader built-in. If yours doesn't, you might need to download a QR Code reader app from your favourite app store.
What not to do
Don’t make the mistake of thinking that your smartphone is just a phone. It’s not.
Don’t leave your Bluetooth in discover mode. If you have Bluetooth connectivity, set it to non-discoverable mode when you are not using it.
Don’t leave Bluetooth enabled if you’re not using it. Disabling Bluetooth will make your device that little bit more secure and you’ll save battery life, too!
Don’t underestimate the importance of your PIN/passcode. It’s your first line of defence and, at a minimum, will stop people being able to snoop at your messages and other data without you knowing.
Don't scan every QR Code you see. As an alternative, browse to the website for the product manually.
Don’t use your smartphone to organise and co-ordinate riots. It’s just not cool.