Big Data - gathering personal data in a large scale - anybody has heard of it - anybody was at least one time a victim of data gathering of this manner. Especially when using Smartphone Apps in connection with social networking and media.
Regarding messenger services such as WhatsApp, Signal, Telegram, et cetera you should better be carefull! The end-to-end encryption does not prevent other users having your phone number stored in their address book from finding out the IP address by sending messages, making calls and comparable. This offers the possibility of locating your current location (IP geolocation). Besides these software products often have their own automatic update functions which could be used to inject malicious software if the operating system is secured poorly. The same applies to VNC software which is executed with administrative rights (software to control devices remotely which we compare to mainstream fellowships of Sub7 a.c.) or Adobe Flash Plugins originated from unsafe sources. If those are not secured or as mentioned above providing ultimate backdoors (which are used for "updates" officially) users may already have lost beeing hacked, stalked, harassed,etc.
There are several easy steps to follow to make your smartphone leak less private/personal data:
- Use VPN Connection for your Internet Connections.
- If you use applications like Facebook, Twitter and comparable you should always be aware that your VPN Server's IP will be associated to your person by different data gatherers. This means you can be associated maybe to things you might not want to be associated with since there might be other users of the same VPN Server which do nasty shit on the net...
- Skimming (fake Login interfaces of Google/Facebook/etc.) which is done with ATMs occasionally has become less rare our days. That is why you should check twice if the Plugin you are using to login is really originated from the source it tells you.
- Messenger software should reject messenges/calls/etc. coming from unknown numbers which are not saved in your contacts. Besides it is important to not open attachments of unknown sources. A flash plugin offers the possibility to gain adminisrative rights and thereby inject malicious software by scripts or the plugin itself to the user or system environment.
- Using a smartphone for serious applications (money,stocks,etc.) can be dangerous if you are using it for things which could have harmed your system before. Divide and Conquer!
- Always encrypt your connections to social web- and media services like Facebook/Twitter/etc. by SSL - There are Apps like HTTPS Everywhere which ensure using HTTPS if possible. Note: Many Webservers still use the RC4 cipher(2013-2018) - This is not very safe because most browsers will drop back to the lower ciphers available. Check with : https://www.ssllabs.com/ssltest/analyze.html
- Android Users having Jelly Bean (<= Android 4.1.1) installed need to update their operating system. Jelly Bean >=4.1.2 or KitKat 4.4 are nor vulnerable to the Hearbleed Bug. I recommend changing any password for accounts used with a vulnerable device. Take care you are using different passwords for each account.
- While playing games you should deactivate any Data Connection (Offline-/Airplane-Mode). Most games donot need any internet connections. Btw you will get rid of adds(-tracking) and save CPU-cycles so you will recognize a performance increase.
- Deactivate Mobile Data Connections, GPS, Geolocation and WLAN, etc. and activate manually if needed.
- Most Android Versions authenticate applications as safe ones if the data files contained within the APK(Install Package) file are signed by a random self-signed(created) certificate. This means you should be aware of RATs(Remote Access Tool) which could be shipped along with an APK downloaded from some third party website(weblinks,etc.) or underground app store. To check for RATS(RemoteAccessToolS) there are no 100% proof root kit hunters available for smartphones. The only way to check for a RAT is to monitor your network traffic and processes running at the device. To monitor your device's connections you need setup any computer/laptop as WLAN Access Point, set it up as a router and connect your device to it. For a live impression of all established connections while using apps, social media, etc. you need to use Wireshark or comparable to dump and analyze the packages sent and received by your device. This way you could also sniff your friends IP locations as mentioned above already.
- Android : The hidden folder .face contains all pictures which are suitable for biometric identification (more or less - the algorithmn seems to be not very good). This could be used to identify possible users of the phone and related persons.
- Get rid of the smart phone or just keep it for multimedia and wlan internet connections without a sim card and make sure to use encrypted VPN. If you choose to keep it you could flash your phone from time to time with a secure and clean os image just to be sure. You can never protect such embbed systems 100%.Posted at 2014-04-27 20:28:36 ( updated at 2020-12-23 14:52:25 by $3b4sh )