Lest you think the tech giant missed having a finger in this particular pie, Google surprised no one by debuting their own wireless carrier service earlier this week. Though the service is invite-only at the moment and only offered on Google’s own Nexus 6, they’ve negotiated a deal with both Sprint and T-Mobile to piggy back on their existing, nation-wide infrastructure to create a coverage area without having to build it. According to Google, the limited launch of this service is more of an experiment as opposed to a direct challenge of reigning champs ATT and Verizon. The major differentiator to their service? A low-cost, pay as you use it, data plan with data tethering, wi-fi calling that can also be used from other mobile devices such as tablets and laptops.
What this means for you:
Unless you have an invite in hand, you can’t jump onto the Google Wireless bandwagon yet, and if Google stays true to the “we’re just testing the waters” mantra, maybe not ever. But if Google can deliver a solid service for a fraction of the price that the big 4 carriers are charging now, it’s going to have repercussions on the entire mobile landscape. As they’ve done with Google Fiber, this particular foray into the bloody wireless markets is an exercise in forcing a change in the status quo where major carriers are squabbling over how to charge consumers more for less service. However, Google surely has an agenda that includes profit (they are publicy held), and you musn’t forget that the largest revenue stream for them is advertising and data mining. The mad scramble for dominance in the mobile data market is about as close as we’ll ever get to seeing a modern gold rush, and you can bet Google has been preparing to stake a claim since before you and I even knew there was “gold in them thar hills!”
Laptops and cellphones were once the sole domain of high-powered business executives, but thanks to the proliferation of high-speed internet and falling hardware prices, they are pervasive not only in professional environments, but in just about any walk of life. As you can probably guess, this also means an exponentially expanded attack surface for cyber criminals who are no longer focusing on traditional targets. Anyone who has a bank account or credit history is a potential victim, and younger targets can be exposed to potentially dangerous privacy invasions. Rather than enumerate the various ways in which your security and safety could be violated (we all have enough nightmares as it is), I’d like to focus on some positive actions you can take to make your mobile, digital life safer and more secure.
- Password protect your devices.
Even the most careful professional will misplace their mobile device on occassion. While passwords won’t stop determined hackers, it will keep most everyone else out until it can be recovered or remotely wiped. Laptops normally do not have remote wiping capabilities, so don’t stop at just a password for protecting these types of devices. - Use built-in apps, or purchase location-tracking software.
Late-model Android and iOS devices have location tracking and recovery capabilities built-in, but they must be enabled. You can add location tracking or a “phone-home” program to your laptop, but it requires the device to be connected to the internet in order for it to report its location. - Don’t store sensitive information on mobile devices.
With any portable device, the chance of it falling into the wrong hands is high. If you don’t have an IT department managing your device and controlling what can be stored on it, you should inventory what is stored on the device (sensitive client info, photos, personal financial data, passwords) and consider whether you need that information to be stored on that device. If you do, make sure you observe #4. - Encrypt any storage media.
All late-model Android and iOS devices have the capability to encrypt all data stored on the phone. It’s on be default on iPhones, but must be enabled manually on most Android devices. If you have to store sensitive data on your mobile device, make sure encryption is enabled and working. While it’s not completely necessary to encrypt your entire laptop hard drive, it is possible, and many financial service firms require it on their laptops. At minimum, store your sensitive data in an encrypted partition or folder, or on an encrypted thumb-drive. - Back up your data.
Do I even need to qualify this particular practice? Backups should be stored separately from the hardware being backed up. It should be transmitted and stored encrypted if it’s internet/cloud based. It should be as frequent as the minimum period of data loss you are willing to lose, e.g. if you can’t stand to lose an hours worth of work, your backups should run on an hourly basis. Be aware of the performance hits this may have on your hardware and network bandwidth. - Hide devices in parked cars or take them with you.
Mobile device thefts from parked cars is consistently at the top of all loss categories. Thieves know to target cars coming and going from office parks, universities, airports, and the retail/service businesses near these locations. Before you drive away from your work location to a Happy Hour or a quick bite or some grocery shopping, stow your laptop bag in the trunk or hide it in a hard to access part of the car. Don’t do this when you reach your destination, as the thief may already be there, watching for someone to do just that. If you can’t secure it or hide it properly, take it with you. - Add a leash.
If you are highly mobile and work from many locations, it’s easy to misplace your smaller electronics, and sometimes even laptops. Add a colorful leash to your thumb drives so you don’t forget them, and maybe even consider the same for your phone if you are prone to misplacing it. If you have to take your laptop bag with you to a place where you don’t plan to use it (because of #6), attach the strap to something you will be using at that location, whether it be to your jacket or purse, or even to your leg if you are sitting in a location with lots of noise or distraction. It’s easy to forget work-related tools when you are focused on non-work activities. - Be less conspicuous.
In open public places with crowds, conspicuous use of expensive mobile devices will flag you as a target for bold thieves. I’ve talked with victims whose laptops were pulled right out from under typing hands in a sidewalk cafe or picnic table, and have read numerous reports of smartphones and tablets being grabbed in broad daylight. If you want to work on your device in a busy environment, keep one eye on your surroundings, and place yourself and your device in a position where it will be less easy to snatch by a fleet-footed thief. - Educate your friends and family.
Even though you may be cautious and secure, the people around you can undo your careful preparations with carelessness or even well-meaning intent. Be mindful of everyone around you who might not be as savvy as you in technology, and choose carefully how you interact with them via email, social media, and even device sharing. Work laptops are notorious for being infected by family members who don’t have the same security concerns as you do. Quieting a young child with your smartphone may seem like a good idea at the time, but maybe there is some other way you can entertain them that doesn’t involve your work phone. - Report thefts/losses immediately.
Eventually, it will happen. Whether the device is stolen, damaged or infected and compromised, you should work immediately with the appropriate authorities and professionals to make sure you limit the damage, both to you and your organization, as well as any customers or clients who might be affected. Don’t wait.
A flaw in an Android open source web browsing app found on nearly half the active Android user base could potentially be used by malicious websites to steal user information. Reported by white-hat hacker Rafay Baloch earlier this month, this bug affects the Android Open Source Platform browser – also known as “Android Browser” – which was the default browser on all Android phones shipped prior to Android OS 4.2, when Google switched the default browser to Chrome. Even then, parts of Android Browser were still being used by other OS applications up until version 4.4, when Google swapped those parts out for Chromium ones. A survey of web browsers used shows that nearly half of all Android users may be using Android Browser actively, which could equate to nearly 40 million potential victims.
What this means for you:
Note that “Android Browser” (with capital B) is the actual name of this program, and should not be confused with the Chrome app, which is also an “Android browser” – as in it’s an app that lets you browse the internet on your Android device. If you still have the Android Browser app installed on your 4.X Android phone, you should replace it with Chrome. However, this may only solve part of the problem, as many other apps that have some form of internet browsing built into it may be using the flawed engine embedded inside the app itself, and there is no clear way to know for sure without asking the developer.
Now that Google has officially acknowledged the bug, a fix is supposedly in the works, but hasn’t said when it will release the update, which will have to be delivered as part of an OS update (ie. going from 4.3 to 4.4) and not throught Play Store. Also, it’s not clear whether that update will trickle down to the many apps that still use the engine to power their own embedded browsers. For now, stick to using Chrome, and be wary of apps that have built-in web browsing capabilities.
Did you know that if you jailbroke your iPhone (or any locked smartphone) without your mobile carrier’s permission anytime between early 2013 and now, you were actually breaking a federal law? That’s right, due to an expired clause in the Digital Millenium Copyright Act, it’s actually illegal to unlock a smartphone you own. This bit of nonsense was courtesy of a Congress that was deadlocked on just about every issue big or small, so it’s no surprise that only just now they are getting around to fixing an issue that both the FCC, Whitehouse and even mobile carriers recognized was just plain wrong.
What this means for you:
The “Unlocking Consumer Choice and Wireless Competition Act” was passed by Congress on July 25 and is now awaiting the President’s signature, but the impending law seems like a token gesture in response to what is now more of a symbolic stance from a vocal minority of smartphone users. In the intervening 18 months, the mobile marketplace has seen a fierce rise in competition, including some carriers offering to pay off early termination fees to woo customers away from the competition. Most carriers now also offer plans that incorporate no-penalty upgrades to new hardware, another incentive to not bother unlocking phones or switching carriers. And to top it all off, the CDMA/GSM network divide continues to limit your unlocked phone to a single alternative (if you want nation-wide coverage).
The carriers, even though they “allow” you to unlock your phones once your contract has expired, still do not always make the process easy, nor is it always a simple technical process, especially on the Android platform. In the end, if you aren’t already a veteran jailbreaker, you are better off interrogating the salesperson at your local carrier store about upgrade options and no-contract plans rather than worrying about whether you can take your phone over to the other guys.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net