Recent news stories about mobile phone security – or, more precisely, about mobile phone insecurity – have been more dramatic than usual.
That’s because we’re in what you might call “the month after the week before” – last week being when the annual Black Hat USA conference took place in Las Vegas.
A lot of detailed cybersecurity research gets presented for the first time at that event, so the security stories that emerge after the conference papers have been delivered often dig a lot deeper than usual.
In particular, we heard from two mobile security researchers in Google’s Project Zero team: one looked at the Google Android ecosystem; the other at Apple’s iOS operating system.
Natalie Silvanovich documented a number of zero-day security holes in iOS that crooks could, in theory, trigger remotely just by sending you a message, even if you never got around to opening it.
Maddie Stone described the lamentable state of affairs at some Android phone manufacturers who just weren’t taking security seriously.
Stone described one Android malware sample that infected 21,000,000 devices altogether…
…of which a whopping 7,000,000 were phones delivered with the malware preinstalled, inadvertently bundled in along with the many free apps that some vendors seem to think they can convince us we can’t live without.
But it’s not all doom and gloom, so don’t panic!
Watch now
We recorded this Naked Security Live video to give you and your family some non-technical tips to improve your online safety, whichever type of phone you prefer:
(Watch directly on YouTube if the video won’t play here.)
Pkg Wopaz
If the main part of the article is a video, please add summary bullet points in the article so we don’t have to spend extra time watching another video.
Paul Ducklin
This article exists for those of our readers who like to consume content in other forms than just written pieces. (Many of our readers watch our Live-Series videos on Facebook, which you can do without needing a Facebook account, but some prefer to watch later on YouTube, which is where the embedded video here is hosted.)
So this video isn’t a video version of an article – it’s meant to exist in addition to our written coverage. If you don’t like spending time watching videos then this format isn’t for you… instead, you probably want to click through to the original articles that we linked to above.
Videos generally make poor articles when transcribed or summarised, because written and spoken English are essentially different languages. So for those who like reading, there are the written pieces mentioned above; for audio/visual fans, this video; and for quite a few Naked Security regulars, both formats.
HtH.
ParanoidCanuk
Two comments,
– You don’t mention anything about Tablets… I have a paperweight iPad2, with Sophos Security installed, but do not use it for anything important anymore because of the many bugs in Safari, even though I use MSEdge for iOS and the Startpage Browser neither of which has been (or should I say “can be”) updated.
To replace my paperweight, I got an Amazon Kindle Fire tablet with the Fire OS (Android based) but as much as I ask about about the Amazon store and apps eyes just glaze over.
I did download a reputable anti-virus/app scanner and I try to use apps written by known vendors but no one seems to scan the Amazon apps for malware.or evaluate apps sold there.
Any advice for us folks?
– Also I have a Samsung SIII like you that I inherited but have never used (mobile plans can cause bankruptcy in Canada). My security software says the OS is out of date (Yes, its seven years old). You mentioned something called Lineage(?). Their page says my particular phone,Samsung SIII International) is not supported but you seem to indicate that it can be loaded….If so perhaps I’ll spring for a cheap plan.
Paul Ducklin
The Android phone I showed in the video is an Galaxy SIII GT-I9300 (International)… and it is no longer on the official build list for LineageOS. I had to dig around on the XDA Android forum to find an unofficial firmware build. It mostly works (but I don’t have a SIM card in it so I have never used it as an actual phone), but I know almost nothing about the enthusiast who “cooked” that firmware ROM for the community. So I am running an unknown build of Android with unknown modifications to the source code built by an unknown person in an unknown country. Therefore I don’t use it for anything personal, just for research. I wouldn’t login to my email account from it, for instance, or access Twitter or Facebook.
Spryte
Many Thanks for the background info.