RISMEDIA, July 29, 2011—Have you ever received repeated cell phone calls from an unknown number? Or opened a text message offering an update to a phone app you don’t even use? These are just a few of the situations that should raise security red flags, according to computer science and information technology students at the prestigious Information Systems and Internet Security (ISIS) Lab at the Polytechnic Institute of New York University. The students offer tips on how they keep their own personal information safe and dodge traps set by clever hackers.
When using social networking sites from your phone, skip the native apps – which know far more about your life than web browsers ever could – and access the sites through your phone’s browser. Also, use a password-protected screen lock to keep your phone secure.
Beware the false “update” link for apps! Verify the link you’re using to download an app before you click on it, or go directly to the company’s site to download the update. Sending fraudulent “update” links is a common method for directing users to sites where personal information can be compromised.
Clean up your apps regularly, removing those you don’t use. Some apps may be able to monitor and access various types of data on your phone, including your contact list. And if your phone has a SIM card, set a PIN code for the card — if the phone is ever lost, nobody can use the card.
Read the reviews of apps before you download, and choose reputable apps. Apps without many reviews and those that have been recently uploaded to the app market or app store are more likely to contain privacy and security problems.
Don’t trust Bluetooth! If you use a hands-free device to make cell phone calls, always use a wired headset. Bluetooth devices can be compromised and your personal data can be accessed or corrupted. If you do use Bluetooth, protect the connection with a longer, more secure password instead of a short PIN.
Watch out for apps that ask for too many permissions – if you’re installing a calculator app and it requests Internet and contacts permissions, that’s a bad sign. One way cyber-thieves exploit smart phones is by creating a good app with some extra code and overreaching permissions.
Log out of all Web services every time you’re finishing using them, or you may stay logged in indefinitely – even to sensitive sites like banking and email. On desktops, there’s a timeout period if you remain inactive, but not always with mobile access. If the phone is lost, anyone can access the sites you’re logged into.
Think twice before answering calls or text messages from unknown numbers, especially if you’ve received a call more than once. Phishing scams are often initiated through cell phone calls or texts. Google the phone number that’s calling you, and see if anyone has reported it as linked to a scam.