Big Data - gathering personal data in a large scale - anybody has heard of it - anybody was at least once a victim of data gathering regarding this manner. Especially, when using Smartphone Apps in connection with social networking and media.
You should always be careful with messenger services such as WhatsApp, Signal, Telegram, and comparable! The end-to-end encryption does not prevent other users, having your phone number stored in their address book, from finding out the IP address by sending messages, making calls and comparable. This offers the possibility of locating your current location (IP geolocation). Besides, these software products often have their own automatic update functions that could be used to inject malicious software, if the operating system is secured poorly. The same applies to VNC software which is executed with administrative rights (software to control devices remotely that we compare to mainstream fellowships of Sub7 a.c.) or Adobe Flash Plugins originated from unsafe sources. If those are not secured or as mentioned above providing ultimate backdoors (which are used for updates officially) users may already have lost being hacked, stalked, harassed, etc.
There are several easy steps to follow to make your smartphone leak less private/personal data:
- Use VPN Connection for your Internet Connections.
- If you use applications like Facebook, Twitter and comparable, you should always be aware that your VPN Server's IP will be associated to your person by different data gatherers. This means you could be associated to things you might not want to be associated with, since there might be other users of the same VPN Server that do nasty shit on the net...
- Skimming (fake Login interfaces of Google/Facebook/etc.) which is done in the real world at ATMs occasionally has become less rare our days. That is why you should check twice, if the Plugin you are using to log in is really originated from the original source.
- Your messenger software should reject messages/calls/etc. coming from unknown numbers which are not saved in your contacts. Besides, it is important to not open attachments downloaded from unknown sources. A flash plugin offers the possibility to gain administrative rights and thereby malicious software could be injected by scripts or the plugin itself to the user/system environment.
- Using a smartphone for serious applications (money, stocks, etc.) can be dangerous, if you were using it for things which could have harmed your system. Divide and Conquer!
- Always encrypt your connections to social web- and media services like Facebook/Twitter/etc. by SSL - There are Apps like HTTPS Everywhere which ensure using HTTPS if possible. Note: Many Web servers still use the RC4 cipher(2013-2018) - This is not very safe because most browsers will drop back to the lower ciphers available. Check with : https://www.ssllabs.com/ssltest/analyze.html
- Android Users having Jelly Bean (<= Android 4.1.1) installed need to update their operating system. Jelly Bean >=4.1.2 or KitKat 4.4 are nor vulnerable to the Hearbleed Bug. It is recommended to change any password for accounts used with a vulnerable device. Take care of using different passwords for each account.
- While playing games, you should deactivate any Data Connection (Offline-/Airplane-Mode). Most games do not need any internet connection. Btw. you will get rid of adds(-tracking) and save CPU-cycles, resulting in a performance increase.
- Deactivate Mobile Data Connections, GPS, Geolocation and WLAN, etc. and activate manually if required.
- Most Android Versions authenticate applications as safe ones, if the data files contained within the APK(Install Package) file are signed by a random self-signed(created) certificate. This means that you should be aware of RATs(Remote Access Tools) which could be shipped alongside with an APK downloaded from a third party website(weblinks,etc.) or underground app store. To check for RATS(RemoteAccessToolS) there are no 100% proof root kit hunters available for smartphones. The only way to check for a RAT is to monitor your network traffic and processes running at the device. To monitor your device's connections, you need to set up a computer/laptop as WLAN Access Point. Set it up as a router and connect your device to it. For a live impression of all established connections while using apps, social media, etc. you need to use Wireshark or comparable to dump and analyze the packages sent and received by your device. This way you could also sniff your friends' IP locations as mentioned above.
- Android : The hidden folder .face contains all pictures which are suitable for biometric identification (more or less - the used algorithm seems to be not that good). Anyway, this could be used to identify possible users of the phone and related persons.
- Otherwise, get rid of the smartphone or just keep it for multimedia and WLAN internet connections without a sim card and make sure to use encrypted VPN. If you choose to keep it you could flash your phone from time to time with a secure and clean OS image just to be sure. You can never protect an embed system 100%.Posted at 2014-04-27 20:28:36
( updated at 2020-12-23 14:52:25 - b4sh )