Mobile Phone Security

IN Resources | 25/09/2012

A mobile phone today, is not just a device that is used to make calls. Plenty of services like browsing the internet, video calling, listening to music and watching videos, GPS (only in GPS enabled phones) and many more value added services are accessible on a mobile phone. High end mobile phones provide extra services that we might never even use. This has made this device a very reliable and convenient gadget to stay in touch with the rest of the world. Also the main reason which separates it from a regular landline (apart from colored displays and no extra wires) is its mobility. Our mobile phone follows us wherever we go. So apart from providing us all the essential services that it does, it also makes us more susceptible to surveillance and thus affecting our privacy. There are various functions in a mobile phone that can provide details of our private lives to unwanted parties. Such possibilities exist in terms of both the hardware and even software of our phone. There are possibilities of bugs physically attached to your phone for the sole purpose of spying on you. Although such tasks will always be carried out by professionals and you won’t be easily able to know that your phone has such bugs.

How is spying through mobile phones possible?
Spying on a mobile phone could mean anything from tapping into your calls to installing spyware (softwares that send private data like email information, phonebook contacts, etc to third parties), accessing your mobile contents through an unprotected Wi-Fi network. Mobile phone provides wide varieties of possibilities for spying or surveillance. There are tools in the form of hardware and software that can be used to retrieve and obtain data without the consent of the owner of the mobile phone. Spying or snooping on a mobile phone could be done through tapping (your cellular services), internet (Wi-Fi), MMS (installing ‘malware softwares’ or copying contact phonebook without user consent), viruses (that store and send private data to third parties and also harm the mobile phone) and geo-tagging in content like photos and videos.
How would you know if someone has tapped your mobile?
Practically, it is a very difficult task to find out whether your cell phone is being tapped. Always keep in mind that if the tapping is done by a professional such as the government agencies, then there is no sure way of knowing about the tap. But if other unauthorized parties are doing so, then these indications could help you figure out the tapping:
What to do in case of physical bugs attached to your phone?
There are people or agencies that need to physically attach devices on or around you to spy on you. The best option for the spying parties is to attach a device to your mobile phone so that they can listen and track you at the same time. Using a mobile phone would also mean that you will use it as you move from location to location, so it becomes ineffective for the eavesdroppers to bug locations around you.
What is the legal view regarding mobile surveillance?
If someone is spying on you using your mobile phone, it is illegal as long as it is not a government authorized surveillance which that has been authorized by a court. Indian constitution guarantees under Article 21: “No person shall be deprived of his life or personal liberty except according to procedure established by law.” ‘Personal liberty’ includes ‘Right to Privacy’. So if someone is illegally spying on you via your mobile phone, that person can be tried under law. Only nine government agencies are allowed to tap into phones of people. No other agency or organization can tap phones. Let alone tapping, they can’t even ask for the permission of tapping phones. The authorized agencies that can tap phones include IB (Intelligence Bureau), RAW (Research & Analysis Wing), the Income Tax department, Narcotics Control Bureau and state police forces. The data and records collected through tapping by these authorized agencies has to be protected and not to be distributed in public domain. But there are instances where the tapping was done by an authorized agency, but unauthorized people gained access to those records, such as in the case of the Radia tapes.
What are the major kinds of threats?
As new technologies develop for phones, mobile phone security becomes increasingly essential. It is of particular concern as it relates to the security of personal information which is now stored on smart phones. Just like computers, phones are preferred targets of attacks. There are several elements of your phone that make it vulnerable to surveillance. 
These include:
We are using different types of phones which differ in shapes, sizes, features, technology, style and manufacturers. Phones range from simple ones that are capable of making just phone calls, to currently trending smartphones. But with more features comes more room for security risks. Smartphone users are exposed to variety of threats in addition to call based threats. Smartphones are used to store data which is at risk for being exposed to attacks. This data could be sensitive data like your credit card information, your personal phone contacts (including backups of contacts).
How can SMS pave way for threats?
It must be hard to imagine that even through SMSs; your phones’ security could be compromise your security. But the harsh truth is that it is true. Especially among smartphone users these risks are increased.
There are times you might receive SMSs telling you to click on a link (embedded in the SMS) that opens up your web browser of your phone. Many times these links have been known to point to malicious websites that are designed to harm the security of your phone.
What to do in case of snoopy SMSs?
EFF.org recommends minimum usage of SMS if you wish to counter surveillance.
According to Mayank Aggarwal in an article, data stored on phones including contact registries have been known to be compromised during such threats like the famous YXES sms worm in 2009. In the same year at a BlackHat conference, mobile security experts were able to take control of an iPhone by first sending it an SMS.
SMSs can even trigger shutdown of phones.
How do MMS-based threats work?
MMS service supports wider variety of media files that can be sent to users over mobile phones. With Multimedia Messaging Service you have the ability to send additional attached files with every MMS you send. This feature has been used by hackers to attack phones.
Usually these files are known to be attached with a virus and once the receiver opens the attachment, the phone gets infected.
Almost every time such a security threat has occurred, virus infecting the recipients’ phones has been known to send SMSs to all the contacts saved in the address book of the phone. Therefore opening attachments with MMSs you receive must be opened with precaution.
What to do in case of receiving MMSs?
What kind of Wi-Fi based security threats are there?
Smartphones can be regarded as personal computers with pocket size portability. They are also equipped with another feature; ability to connect to wireless networks. So simply put, the threats that you think might possibly affect your computer or a laptop, can also be threats to your smartphone. Now there are phones which might not be considered smartphones but are still equipped with Wi-Fi features.
Having a Wi-Fi means, you can connect to free Wi-Fi networks in coffee places or fast food restaurants. This creates a further risk of eavesdropping into your phone at the place where you are connected to the open network. Bluetooth enabled devices can be used to send or receive messages from and to your phone. The open Wi-Fi network also makes it easy to hack into phone and there is always a possibility that a professional hacker might just be having a cup of coffee at the same place that you are at.
So when should you use this feature carefully?
What is Geo-Tagging and how is it a risk for privacy?
Content like photos and videos also contain metadata information. Metadata is often referred to as “data about data”. It is used to store and view properties of content like photos, videos and web pages. Metadata for a photo may contain information like height and width of the photo, date of when the photo was taken, place or location where the photo was taken, the camera with which the photo was taken and also information like color, brightness and contrast settings of the photo. Metadata information is automatically or manually attached to such content.
Geo Tagging is a metadata which stores the location, where the photo or video was taken. Content like photos and videos are often uploaded and shared by us on websites and to other people on social networks. This metadata information can be used to keep a check on you of the locations that you have visited when you took such photos or videos. For the Geo-Tagging feature to work, GPS hardware is required in a mobile phone.
We are currently equipped with GPS-equipped smartphones which have the potential to tag or associate our ‘geographical locations’ to content like photos, videos or even activities on social networks. Many of us don’t even realize it that our locations are tagged with each of our social activity on social networks or photos and videos that we upload. Internet websites make money from information and the ‘information’ includes private information of people (of YOU!). Apps, websites, softwares, service providers and many other parties are always working to create content by which they are also able to obtain customer information and this customer happens to be you. This helps these companies in providing ads based on your personal information which includes your location. So you must always be alert about what apps you use and how you present yourself online.
How to protect yourselves from threats of Geo-Tagging on privacy and surveillance?
Different platform (iOS, Android, Windows, Blackberry) based phones have different ways of turning off Geo-Tagging.
For iOS (Apple):
Go to ‘Settings’ à General à Location Servicesà Turn ‘off’ (for each service that you want)
For Windows phones:
Go to ‘Settings’ à Application à Pictures & Camera à Keep location information on uploaded pictures (OFF) + “Include location (GPS) information on pictures you take” (OFF)
For Android:
Start Camera App à Slide open the menu à Settings à Geo Tag photos (OFF)
For Blackberry:
Start Camera à Menu à Options à Disable GeoTagging.
 
Useful Links:
http://www.propublica.org/article/thats-no-phone.-thats-my-tracker
http://lifehacker.com/5724683/how-to-secure-your-smartphone