20 tips to make your mobile malware-proof after Saudi Prince ‘hacked’ Jeff Bezos’ phone – The Sun
IF it can happen to Jeff Bezos, it can happen to anyone.
The Amazon boss allegedly had his phone hacked after opening a WhatsApp video message from Mohammed bin Salman, crown prince of Saudi Arabia.
The video reportedly let hackers steal racy messages and pictures from his mobile, which were then allegedly used in a blackmail attempt.
Saudi Arabia has denied the allegations and called for an inquiry.
So how can you protect yourself from getting hacked?
Follow these 20 tips to avoid losing control of your phone . . .
1. Don’t open videos from people you don’t know well
Hackers can take advantage of a vulnerability called “buffer overflow” – flooding the phone with too much data in a file that then cracks open the device.
The app is given too much information to handle, so it gives up following its logic, allowing the execution of malware that cedes control of a phone
2. Don’t put off installing app updates
Updating apps can be a chore, but it is important. Every app is a potential window for a cybercriminal to crawl through – and holes continue to be found, which is one reason why updates are regularly recommended by developers.
3. Don’t ignore operating system updates
It’s even more important that when Android or Apple send a message saying your phone’s operating system (the software that makes everything on the phone run correctly) needs an update, you take heed. These updates are often rolled out in response to a vulnerability.
4. Don’t trust that the person calling you is who they say
iPhones now try to pull data from emails you’ve received in order to figure out if they can understand who is calling you.
If malicious actors are able to harness a phone’s attempts to help us by flashing up “bank helpline” as the caller, for instance, it may make us more susceptible to being convinced to give over information on the phone that could clear out our bank accounts.
5. Don’t forget to treat text messages with suspicion
Likewise, it’s very easy for people to spoof the name of senders of text messages. Check the grammar and spelling of such messages and double-check any links contained within. If they don’t match the official website, don’t click on them.
6. Don’t back up all your data to iCloud or other cloud services
The cloud (internet-based storage) has been great for those who don’t have enough storage on their devices. But the cloud could be – and has been – hacked. Think about what you wouldn’t want viewed by others.
For example, that photo of your passport saved for convenience contains a lot of data. Don’t back it up to the cloud. Ideally, don’t store it on your phone at all.
7. Don’t forget to put a PIN on your phone
Without one, your private communications and financial information are unsecured. And don’t make it an obvious number. Hackers will go through a list of the most used PINs (which, yes, does include 1234).
For strong PIN safety, make sure you don’t re-use them from other accounts, and make sure that they aren’t directly connected to important dates in your life. If a hacker knows your age, they are likely to be able to guess your PIN if it’s your birthday.
8. Don’t download apps from anywhere other than official app stores
Unofficial apps often harbour malware. If you have an Android phone, you should use the Google Play Store.
If you have an iPhone, it’s the App Store. Apps on these stores go through safety checks.
9. Don’t download an app from an official store without double checking
Some bad apps slip through: the checks mentioned above aren’t always that rigorous.
In October researchers discovered 42 apps containing malware on the Google Play Store that had been downloaded eight million times.
Look at the logo (is it the official one?), the name (is it the name of the app?) and the developer (the name under the app name).
10. Don’t forget to turn off wifi on your phone when you leave the house
You can fall victim to a man-in-the-middle attack: This is where a hacker taps the connection between your phone and services it uses, secretly siphoning off data such as usernames and passwords you enter into apps and transmit to computer servers.
One of the easiest ways such an attack occurs is by setting up wifi hotspots that your phone automatically connects to.
11. Don’t forget to install antivirus software on your phone
Phones are as vulnerable as laptops and often contain more personal data.
Norton Mobile Security is developed by a large computer antivirus maker and provides Android and iPhone versions.
12. Don’t give your phone to anyone to use
Allowing your grandson to play a game is all well and good, but he could accidentally download an unofficial app or click on a spoof website link.
13. Don’t rely on WhatsApp to secure all your information
Use Signal instead: Despite professing end-to-end encryption (securing everything you send), other WhatsApp features, such as group chats, are able to leak data. But Signal – the fully encrypted messaging service – has so far proven to be airtight.
14. Don’t re-use passwords
Strong passwords include a mix of letters, numbers and symbols, are not words from dictionaries, and aren’t personally tied to you. They are hard to remember.
If you’re struggling, consider using a password manager such as Last Pass.
15. Don’t surf the internet without an adblocker
Lots of malware is often surreptitiously installed through pop-up or pop-under ads (which aren’t immediately visible).
Installing an adblocker such as Adblock Plus helps – although tinker with the settings to allow ads on your favourite sites.
16. Don’t assume you are always in charge of your phone
Hackers can socially engineer access to your phone through a process called SIM swapping, smooth-talking their way past a call centre worker to reassign your SIM card to their number.
They can then reset accounts without you knowing and access your data. Check often with your phone operator that your phone number is still assigned to you.
17. Don’t leave Bluetooth on
Just like with wifi, don’t keep Bluetooth turned on all the time. When it is on, make sure it requires a PIN to connect.
18. Don’t have all your money in the bank account you use for Apple Pay
The same goes for any contactless payments. Because contactless credit cards and phone payment systems don’t require you to insert a PIN, anyone can use them, albeit up to a limit.
There are two potential risks: One is that people sweep by with a hidden payment terminal and charge money from your phone (this happened with contactless cards a few years ago).
The other is that they take your phone, and then have access to your bank.
19. Don’t get your phone screen repaired at unofficial outlets
Apple stores and official shops run by mobile phone network providers, such as EE, O2 or Virgin Mobile, are the safest.
20. Don’t assume an iPhone means you are secure
There have been fewer big hack attacks on Apple computers and devices, but that doesn’t mean Apple is automatically more secure.
It is purely down to economics. Android has three quarters of the global market, so hackers go after those more. Apple malware does exist, and is just as dangerous.Source: Read Full Article