Tag: iPhone

Mobile Security: 10 Simple Things You Can Do

Mobile Security: 10 Simple Things You Can Do:

BYOD (Bring-Your-Own-Device) concept is a popular trend in recent times. As per surveys just 23 percent of enterprise employees are using company sanctioned mobile devices, remaining 77 percent of employees using their own devices.

Mobile devices are more prone to malware attacks compared to earlier. Either you are using your personal mobile device or company sanctioned mobile device at work, you should be aware of latest security threats.

To understand the threat better, it’s important to review the stats found in recent study of IT Professionals:

  1. 51% organizations had experienced data loss, 59% organizations experienced an increase in malware infections as a result of insecure mobile devices in the workplace.
  2. Found 59% employees circumvent or disengage mobile security features, such as passwords and key locks, on corporate and personal mobile devices.

A single successful mobile attack can open the door to possible identity theft or worse, results in financial loss to either you or your organization.

Most of the mobile devices vulnerable because of the apps, users use to download from the internet.

In case of iPhone Apple strictly controls and inspects its App store which apps are approved for listing, but it’s not clear exactly what security measures they are checking for.

Android is more open with more distribution channels including third-party market places. Security researchers startled to find that Android malware (malicious apps) grew 3,325 percent in 2011 alone.

 App store have been very quick to remove malware once discovered, but that is typically after the damage is done.

 F-Secure has found that between Q1 2011 and Q1 2012, the number of Android malware families has increased from 10 to 37, and the number of malicious Android APKs has increased from 139 to 3,069.

For full F-Secure mobile threat PDF report, check the below link:

http://www.f-secure.com/weblog/archives/MobileThreatReport_Q1_2012.pdf

It’s time to start protecting our smartphones just like we all learned a decade ago to protect our laptops and PCs from online threats and to think seriously after looking at the sobering facts on rising mobile attacks.

10 Ways to Secure Your Mobile Gadget:

1.    Use Password protected access controls:

All mobile devices come with the ability to set a lock requiring a passcode or pattern for access. Some mobile users don’t employ even this basic safety feature! It may take you a couple extra seconds to unlock your smartphone before using it, but it could take a thief a very long time to figure out your PIN.

PINs aren’t the only locking mechanisms in use.

 Grid-based pattern locks work fine, but they leave smudge marks on the touchscreen that may be easier to guess than passwords.

 Some devices are rolling out facial recognition as an access mechanism, but this technology isn’t perfected yet so it’s not recommended.

 2.  Control Wireless Network & Service Connectivity:

 Turn Wi-Fi off completely and turn it on only when you need it, which will also save your battery power.

 It’s safest to set your phone to automatically connect only to your trusted networks, and to ask you before connecting to any other network it finds. The general rule is to limit your phone’s automatic connection capabilities to just the networks that you know.

 Select Bluetooth connectivity option also manual.

3.    Control Application Access & Permissions:

 Many of the apps store sensitive data that must be protected.

 Most of the apps require a network connection to operate. They may store data in the cloud, constantly track your location, or push updates to your smartphone. Get to know the permission settings of each app or service and what data or systems they access. You may be permitting services to access your phone without prior approval, or your apps may be pushing alerts and updates when you aren’t specifically requesting them. You can restrict all notifications at once by looking under your device’s settings.

 Turn off location based services entirely as well, so your phone isn’t constantly broadcasting your GPS location, no matter which apps request it.

4.  Keep Your OS & Firmware Current:

 Your device has an operating system that runs all of its apps and services, as well as firmware which runs the device hardware itself. It’s definitely important that you routinely accept the major updates from Apple, Google, or whoever the manufacturer is.

 Criminals are innovative; their attacks are at an alarming rate, with growing sophistication. Connect often and download security patches and other minor updates that are released to block the latest exploits. Most of these updates will be free of charge. No manufacturer wants a major attack to cripple its users, so they have a vested interest in helping you stay up-to-date.

 Android users currently using outdated firmware and OS versions that can’t be updated due to hardware incompatibility. Upgrade your device every couple years, if and when promotions are offered by your carrier.

5. Back Up Your Data:

 Small and compact, mobile devices are easy to lose or steal. Take time to backup your data, it is useful in case your phone lost, stolen or corrupted. Take data backup daily, weekly or monthly depends on your mobile usage.

6. Wipe Data Automatically if Lost or Stolen:

 Enroll your phone in a “find my phone” service. It will help you to locate your device when it is lost or stolen. These services typically have the ability to wipe your phone data remotely.

On some devices you can add extra protection such as a total device reset if the PIN is guessed incorrectly a certain number of attempts.

7. Never Store Personal Financial Data on Your Device:

 As a behavior that all mobile users should adopt, this one is pretty straightforward. Never store personally identifiable information such as such as Social Security Numbers, credit card numbers, or checking account numbers on your smartphone, especially in text messages.

8.  Beware of Free Apps:

 The problem is, more and more free and innocent apps are trying to make money from their offerings, so sometimes they track your personal information with limited disclosure or authorization, then sell your profile to advertising companies. The app developers in question may not even be aware of their privacy violations – leaking your location, gender, age and other personal data to embedded mobile ad networks while in the pursuit of revenue. Free apps are just wrappers for malware, unfortunately.

9.  Try Mobile Antivirus Software or Scanning Tools:

 The well-known PC antivirus vendors are now offering similar services to mobile users that scan and protect your smartphone just as they did your desktop.

 Some even offer additional mobile security services such as download protection, SMS/call-screening services, parental controls, and anti-phishing features.

10. Use MDM Software:

Mobile Device Management or MDM is being increasingly employed by IT departments to secure, manage and support all mobile devices that are authorized to access enterprise networks. These services control and protect sensitive and confidential business data by distributing mobile application.

 The goal of MDM is to optimize the functionality and security of your mobile computing experience, not to impede the way you like to work.

 If your organization doesn’t offer MDM, there are other options like SIM card locks and credential storage functions protect the phone by requiring a passcode to use network dependent services, and operate similar to screen/key access PINs. SIM locks prevent anyone from making unauthorized calls with your smartphone, or from removing your SIM and using it in another phone.

source: veracode,f-secure

QR Code: How Useful

QR Code:

A QR Code (abbreviated from Quick Response Code) is a matrix barcode, also known as a two-dimensional code.

Quick response (QR) codes are among the latest in the stable of marketing tools. These have been devised to effectively bridge the gap between offline and online marketing. QR code was created by Toyota’s subsidiary Denso Wave in 1994 to track vehicles during the manufacturing process and was initially confined to the automotive industry. With the evolution of smartphones, users got a mobile QR code reader in their pocket, which they could use to scan and read QR codes easily.

QR code linking to my blog (https://lakkireddymadhu.wordpress.com)

Note: To scan the image above, download the free QR reader application on your iPhone or Android device.

What is it?

 QR Code, a registered trademark of Denso Wave Inc., is an enhancement over the conventional bar codes placed on objects such as product packaging or containers.

 Bar codes store a smaller amount of information than QR codes because these store information only in the horizontal direction. A bar code scanner reads only the width and space between vertical lines and the vertical space (second dimension) is wasted.

 

QR code vs traditional bar code

In QR codes (2D codes), information is stored in both vertical and horizontal directions. So these can store the same amount of data as a bar code in only a tenth of the space.

 A QR code may contain a huge amount of complicated numeric, alphanumeric or binary data. Storing up to 4296 characters, QR codes are internationally standardized under ISO 18004.

The technology of dots

 The smallest square dot or pixel element of a QR code is called a module. As with bar codes, it is recommended to have an empty area around the graphic, which makes it easier for devices to read the QR code. This quiet area is ideally four modules wide. The minimum dimensions of a QR code depend upon the resolving power of the cameras that are used to scan the code. According to a Kaywa whitepaper, it is recommended to use a minimum size of 32×32 mm2 (1.25×1.25 inch2), excluding quiet zone, for QR codes that contain a URL. This guarantees that all camera phones can properly read the QR code. The above rule applies to perfectly printed codes that the user has direct access to.

For good reader accuracy, good contrast between the background and the dots colour is very important. The dots should be dark in colour and placed on a light background. The printing specifications of a QR code recommend a high dpi and solid colours.

 How it works

 A QR code system includes a QR code printer and a QR code scanner. To generate QR code, one needs a special printer and QR code creation software. Applying the right size to the QR code is important to make the code readable.

There are various factors which should be considered while determining the size of a QR code: Symbol version, data capacity, character type, error-correction level and module size based on printer performance.

 Symbol version. QR codes have symbol versions from 1 to 40. Each version is differentiated by the number and configuration of modules. ‘Module’ refers to the B&W dots that constitute a QR code. Each version has a maximum data capacity that is decided by the amount of data, the type of characters (numeric, alphanumeric, etc.) and the error-correction level. So the more the data stored, the bigger the size of the QR code.

Error-correction level. QR codes have four levels of error-correction capability, viz, level L, M, Q and H in ascending order. With error correction, the user can read and retrieve data from a damaged QR code.

It is possible to create artistic QR Codes that still scan correctly, but contain intentional errors to make them more readable or attractive to the human eye, as well as to incorporate colours, logos and other features into the QR Code block.

Artistic QR code

Encryption

Although encrypted QR Codes are not very common, there are a few implementations. An Android app, for example, manages encryption and decryption of QR codes using DES algorithm (56 bits). Japanese immigration use encrypted QR Codes when placing visas in passports. 

Source: ELECTRONICS FOR YOU, Wikipedia, Beqrious, qurify, hackcollege