By Stephen Lovell, GÉANT
Protecting your devices pretty much follows on from protecting your network (remember last week? So long ago…).
You’re happy that you know about every device on your network. Your passwords would make security experts cry tears of joy. Good job. Amazing work. Why not download a game on your ‘phone to celebrate?
Bad News. There are naughty people out there on the Internet who want to cause mischief. Or damage. Or steal all your money (and they don’t even have to ask for your wallet).
These ne’er-do-wells target ‘phones, tablets, laptops… anything where normal people such as you or I might download games or applications. So you see, their “audience” is potentially vast and we must all do what we can to stop the flood of infected devices. They say in some cities you’re no more than 20 feet away from a rodent when you walk the streets at night. I wonder if we’re ever more than 100 feet away from a malware-infected device during the day?
Rule 1 – Always keep your devices updated
Sounds simple, and it is. Regardless of what type of device you have, if it’s supported then the vendor will offer you updates for security issues and/or functionality. Please update. No, really. Do the updates. Seriously. Please.
And if you can’t update – eg, if like me you have a ‘phone that isn’t supported by the manufacturer any longer (and they tell you they won’t supply updates after a certain date) then… the writing’s on the wall. You need to get yourself a new ‘phone/tablet etc. It’s a shame and it will cost money to buy a new device but, that’s the world we’re in, I’m afraid 😔.
Rule 2 – antivirus*, firewalls* and anti-malware* applications
That’s rather a lot of “*”.
If you have a laptop, you probably want antivirus software and a firewall and you might want anti-malware too, for good measure.
On a ‘phone? The jury’s out. I don’t have any of those things on my ‘phones. That doesn’t mean I’ve made the right choice, though. When it comes to ‘phones/tablets, I am careful; especially when it comes to installing new software…
Rule 3 – Be careful what you download and install!
At one end of the spectrum, some malware for ‘phones invades your privacy with advertisements – building a profile of you using the “unique identifier” for your device over time (if you let it). At the other end of the spectrum some malware will try to steal credentials you have stored on your device by masquerading as a “legitimate” app (eg pretending to be from a courier company or a bank).
Or how about malware that sits on your ‘phone, reporting “home” on network usage, app usage (eg a banking app), and since it is doing this on your home network that could be yet another set of data points to profile you. People in the world have received ‘phone calls claiming to be from their ISP or mobile provider or bank… usually random but data is available to those bad people wanting to spend time collecting and using it.
Put simply; if you can think of a legitimate app and use of that app on your ‘phone, there may well be a version out there (somewhere) that is pretending to do the same job, but is very bad.
None of this will ever affect me!
Gosh! Wouldn’t that be nice. If you take away from this article a renewed desire to Keep An Eye On Things, then it has affected you – and that’s great!
Otherwise, why not potter around on the ‘Web for a while doing some research of your own. There are plenty of articles reporting the consequences of compromised devices and fake apps…
What to do?
Sorry. That sounds really dull. But in reality, that’s it – be careful, be watchful of what you install on your devices. Keep your devices updated. I’ve written mostly about ‘phones above, because their prevalence means a wider (and sadly, easier) target audience for bad people. However, any device you can download software onto could be vulnerable.
If it looks suspicious, don’t install it (without researching…)
- Found a free or cheaper version of a game that should cost 5.99? Research the name of the company and the game’s title – has anyone else been burned? Is it too good to be true?
- A new version of your mobile banking app has appeared on the Store ? Why would your bank release something new and not tell you about /an update/ to what you already have? Check the bank’s website, check check check…
(and the same goes for shopping apps too)
- If you’re on a laptop and you see an advert for a 1.99 program called “Photoshoop” – it’s probably a fake…
- If it’s too good to be true, be /very/ careful.
- If it’s free, you’re the product and the maker(s) are going to monetise you somehow.
(Of course, the maker(s) could be really really kind but… please do your research).
A final point
If you’re out and about, and connecting to wifi networks (rather than your mobile provider or eduroam) then you might want to use a vpn. One example is eduVPN. Others are available, but I’d suggest caution; do your homework and look at as many reviews as possible of a service you’re considering. Not all VPNs are created equal, and if it seems too good to be true, it may just be…
That’s week 3. Once again, we’ve only scratched the surface here, and there’s more to read about; please do go and have a look at other news items & articles; there’s a lot of good advice out there.
Also this year GÉANT joins the European Cyber Security Month, with the 'Cyber Hero @ Home' campaign. Read articles from cyber security experts within our community and download resources from our awareness package on https://dev.connect.geant.org/csm2021