Security of smart devices
Almost all of us have a smartphone in our pockets, a smart watch on our wrist, and many of us carry a tablet in a bag so we could get some work done quickly and conveniently. For all the possibilities these small and powerful devices offer, there are also a number of risks associated with using smart devices that can put your data, wallet, and privacy at risk. Here are some suggestions on how to reduce these risks and make your smart devices safer to use.
Use a PIN or a password-protected lock screen
To protect your device, use a PIN or a passcode that consists of at least six digits. Avoid screen patterns – they are more convenient, but they leave a mark on the screen that can be used by unauthorised people to guess the right pattern and get into your phone. When you enter your password, make sure no one can see it.
A device without a screen lock is like a bank card without a PIN. Without it, messages, documents, emails, pictures, etc. are available to anyone who gets hold of the device; moreover, they could send messages posing to be you or share information found in your device.
Set a secure PIN for your SIM
A SIM card without a PIN or with a default PIN is readable by anyone who gets their hands on it, even if the device is assigned access codes. If the SIM card on your device does not have a PIN code or it is 0000 or similar, change it immediately. SIM card security is particularly important if you use text message-based two-factor authentication.
Set up automatic locking
Always lock your phone when you put it down and set it to lock automatically after a short wait. In addition to increasing security, it saves battery power.
Update the software
The operating system and apps in your phone always contain weaknesses that might have not been apparent when the apps were created. Over time, vulnerabilities will be discovered and used by cybercriminals to gain access to data on your device or to gain full control of your device. Responsible developers will patch any discovered vulnerabilities as soon as possible and release security updates that should be installed on the device immediately. The longer you put it off, the greater the risk of unauthorised access to the contents of your phone. To avoid forgetting to install security updates, it is a good idea to set your device to install updates automatically.
Prefer mobile data communication to public Wi-Fi networks
If possible, avoid public and unknown Wi-Fi networks as they may not be secure. Instead, use mobile data, which is usually a safer option. If you do use a public Wi-Fi network, do so through a VPN (virtual private network), making your internet traffic unreadable to others.
Increase the security of your Wi-Fi access point
A Wi-Fi access point on your phone (hotspot) is useful if you want to share mobile data with another device, such as your computer. Protect the hotspot with a strong password, so that only authorised devices could use it, not all nearby devices. To protect your device and preserve the battery, turn off the hotspot when you are not using it.
Give apps only the rights they need
When you install an application, your phone will usually ask you which functionalities or data the application may access. Think carefully about whether the application really needs the access rights it is requesting. For example, the camera app needs access to images, but the flashlight app does not. Access to location data in the case of a map application is understandable, but in the case of a recipe application, asking for access to location data raises questions. Check the settings of your phone to see which permissions you have given to apps you have already installed, and make changes if necessary. Follow this principle: as much as necessary and as little as possible.
Use only official app stores
Download apps only from official app stores, and even there, remain vigilant. Before downloading an app and creating an account, read reviews about the app, use search engines for more information and feedback, review other projects of the developer, and check the time of their most recent updates. Scammers create malware that mimics a well-known app, and the use of such an app can lead to financial losses in addition to data theft if the user enters their bank card details or links the app to their Apple or Google account in good faith.
Be careful with links received via text messages
Many users who treat spam emails with a healthy dose of scepticism still fall victim to fraud when approached via text messages or messaging apps. In Estonia, we have seen both classic text message spam aimed at attracting users to sign up for a periodic and paid service as well as attempts to trick users into disclosing their bank card details or Smart-ID codes. Only use links in a message if you are expecting a message and you know the link is safe.
Use the security application created by CERT-EE
RIA’s Incident Response Department (CERT-EE) has created an app that protects smart devices from malicious web links and malware. CERT-EE keeps a list of websites that contain malware, are involved in phishing, or include other dangerous content. If the phone using the app tries to open one of these sites, the connection will be blocked. Read more about the app here.
Videos
