Embed Size (px)
DESCRIPTION
Citation preview
A DIGITAL LIFE E-GUIDE
The 4Ws and 1Hof Mobile Privacy
You’ve been tinkering with your new gadget for a few good days, sending email, downloading apps, browsing Facebook and whatnot, when all of a sudden, one of those pesky pop-ups indiscreetly hogs your screen.
It’s another product page that’s not in any way related to what you’re currently doing on your device. But you do remember seeing that page before. Perhaps it’s because you just searched for it earlier, yet why does it suddenly feel like it’s searched for you instead?
That’s just one example of how your privacy is breached even while using mobile devices. What do you do to protect your privacy from mobile threats like this?
Who? You and your right
to mobile privacy
The United Nations recognizes everyone’s inherent right to privacy.1
This right is violated every time someone tries to access your personal information, in any form or platform, without lawful reason or your consent. If a friend, for example, borrows your smartphone to spy on your Facebook account, he or she disregards your right to privacy.
Cybercriminals are notorious violators of mobile privacy. They create malicious apps such as data stealers, which target your personal and financial information. Free, high-risk apps also pose a number of privacy issues with the amount and type of information they collect. For instance, some of Germany’s top Android apps can possibly expose your location, equipment identity, and address book.2
1 http://www.un.org/en/documents/udhr/index.shtml#a122 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-
know-what-data-your-mobile-app-discloses/
What?Key areas to look over
Your Device’s Connectivity Features
Your device’s connectivity features are viable ways for cybercriminals to get information from you. These features are seen as locked doors they have to pick to get in. Such is the case of Bluetooth and wireless connections, both are intended to make communication easier but they can also be used for malicious reasons. Cybercriminals have accomplished this on Mac desktops using the INQTANA worm, which is able to send malicious files to available Bluetooth devices that accept them. The worm opens computers to further malicious routines, like malware dropping and information theft.
More manufacturers are incorporating near field communication (NFC) standards on devices as well. This technology allows you to share content, make payments, or perform other external transactions with a tap on a scanner. As convenient as it may sound, this can also be a point of entry for malicious routines.3
3 http://blog.trendmicro.com/trendlabs-security-intelligence/good-nfc-habits/
Your Device Settings
Default device settings can be seen as strongly-worded suggestions that you can further optimize for added protection. This means, you are allowed to change your mobile device’s security settings to make sure no one has easy access to it.
Your Mobile Behavior
Having mobile devices can make you surf online more frequently, but does it change your behavior when it comes to security? Remember that you become more vulnerable to mobile threats as you immerse yourself in mobile activities like social networking, shopping, and banking. Oversharing, not checking app permissions, and clicking on malicious links are ways to invite cybercriminals.
When it comes to app usage, you have mobile adware to consider. Although most advertising networks are perfectly legitimate, some are known to collect personal information and push ads as notifications, often without user consent.4
At least 7,000 free apps using aggressive advertising modules were downloaded over a million times as of October 2012.
4 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_mothly_mobile_review_201209_the_growing_problem_of_mobile_ad-ware.pdf
How?“Privacy in peril” scenarios
Free Apps
Who doesn’t love free stuff? There are thousands of free apps from legitimate and third-party app providers you can choose from. But downloading free apps often has a trade-off: free service for your personal information.5
Surprisingly, a majority of consumers (73%) are willing to trade personal information if they get something in return, like free mobile service. Remember that even the smallest bit information you give, like an address or a birthday, is all that cybercriminals need to take advantage of you.
Device Loss or Theft
In a survey done in September 2012, nearly one in three cellphone owners lost their device or had it stolen from them.6 Even if you try to guard your apps and device settings, when you lose your phone, the information it has can still put you in a sticky situation. This is more so because of an existing lucrative market for stolen devices and the information they contain.7
5 http://www.pwc.com/sg/en/tice/assets/ticenews201208/consumerintelli-gence201208.pdf
6 http://online.wsj.com/article/SB10001424052702303815404577334152199453024.html
7 http://online.wsj.com/article/SB10001424052702303815404577334152199453024.html
Ever-Changing End-User License Agreements (EULAs)
You’ve seen it before, those online services asking you to agree that they can change their EULAs at any time, with or without notice. Home movie provider, Blockbuster.com, was rejected in court for using the said line to their privacy policy.8
However, this doesn’t seem to stop popular services from applying caveats on EULAs that are detrimental to user privacy.9 By not reading EULAs, you may already be allowing developers to sell your photos, track your web activities, or hand over personal information to authorities.
Bring Your Own Device (BYOD)
Three in four companies allow employees to use their personal devices such as laptops, netbooks, smartphones, and tablets for work-related activities.10 As the BYOD trend continues, cybercriminals will use it as a motivation to get past your defenses to access both your personal and work information.
It’s not just cybercriminals, though. Your company’s IT department can use a set of protocols that do not differentiate personal from work-related data, allowing them access to your information.
Your device can also be used as evidence in court. You can be obliged to submit the device for review, with all information intact, even if only work-related information is pertinent to the case.11
8 http://www.jdsupra.com/post/documentViewer.aspx?fid=3897327d-161d-49df-b31c-0b448bb1898a
9 http://business.time.com/2012/08/28/7-surprising-things-lurking-in-online-terms-of-service-agreements/
10 http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive-analytics-consumerization-surveys.pdf
11 http://consumerization.trendmicro.com/consumerization-byod-privacy-personal-data-loss-and-device-seizure/
Why? All about the money
Cybercrime is driven by one agenda: money. Your mobile devices are simply a means to an end for cybercriminals. They gain by stealing the information stored on your smartphones and tablets and then finding ways use them for profit.
And just like your data, your reputation is also at stake every time a cybercriminal gets hold of incriminating information against you or the organizations you represent. There are malware, like the SMS spy tool for Android, that steal private SMS messages and uploads them to a remote server.
What you stand to lose in the case of a mobile privacy breach really depends on how you use your device.12
12 http://about-threats.trendmicro.com/RelatedThreats.aspx?language=de&name=PIXSTEAL+and+PASSTEAL+Sport+New+Ways+To+Steal+Data
Mobile privacy breaches may appear to be easy for cybercriminals, considering the problem areas discussed. However, there are still stops you can pull to prevent being victim to such scenarios.
Follow this General Checklist:
□ Control how much information your device shares by changing its privacy and browser settings. Here you can tweak settings on location and network sharing.
□ Activate screen locks, and change your passwords every three months to minimize chances of hacking.
□ Remove compromising photos, videos, and files that you’re not comfortable with from your device.
□ Regularly clear your mobile browser cache to escape data leakage in case a malware tries to sniff your device for information.
□ Monitor your app and account settings, to make sure sharing and connectivity are secure.
□ Adjust your device’s data encryption and configure your passwords.
What now? Reinforce your privacy
Pay Attention to Apps
• Remove apps not in use.
• Select which apps really need location or address book access.
• Use your mobile browsers’ or browser apps’ private browsing settings, especially for sensitive banking transactions.
Prepare for Device Loss or Theft
• Take note of your account credentials or use a convenient password manager in case you need to reset them because of device loss or theft.
• Backup files in the cloud. Trend Micro™ Mobile Backup and Restore automatically stores the irreplaceable information from your device without wasting its battery life.
• Prepare to contact the authorities, your service provider, and any concerned organization to avoid the malicious use of your identity and to block bill charges.
• Enroll your devices to a remote service that allows you to find, lock, or wipe them. Trend Micro™ Mobile Security Personal Edition does these and prevents uninstallation without your password.
Ask these about BYOD Agreements
• Are you required to produce personal devices for forensic analysis?
• Does this apply to devices shared with other family members?
• Who will get access to the personal information stored in your device?
• Can your company track your location? Under what circumstances can this happen? Are you required to let them? Do they notify you if they do this?
• Are these systems active outside regular work hours?
• Are your personal online activity monitored and logged?
• Is this information retained when you leave your organization?
©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
TRENDLABSSM
TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity.
TREND MICRO™
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge—from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.
