In light of hackers stepping up their game, stealing sensitive personal information such as credit card numbers, Social Security numbers, and going so far as to even gain access to confidential government and military data, what does this mean for the future of internet and mobile security?
We have to ask two questions: what does it take to be completely secure? Is being completely secure even possible?
I’m no security expert, but here are some starters:
- If it wasn’t made clear to you up until this point, Wi Fi is not secure, especially if it’s accessible to the public. Basically, if your phone’s Wi Fi is turned on when out and about, it’s pretty much the same as walking around with a “Hack Me” sign on your forehead. So avoid using Wi Fi unless it’s a secure network (although those aren’t completely immune to attacks either).
- Do not open emails if you don’t know who the sender is. Opening the wrong email could be the way hackers gain access to your computer or smartphone to steal files and take control of your camera (if you have a webcam, it’s a good idea to cover it up).
- We’ve all signed up for newsletters (or were unwillingly added to them), but then comes a point that enough is enough and we go through an “unsubscribe” spree. It turns out that some of these unsubscribe links are another sneaky way to infiltrate your computer with malware by getting you to click on a link in the email. Instead of clicking the unsubscribe link, learn how to filter and automatically delete unwanted emails instead. It’s basically the same as unsubscribing, but safer.
- Best practice tells us to use different passwords for every site you visit. Most of us fall short of this…remembering all those passwords is cumbersome and frustrating, especially if you have to keep resetting the password that you forgot. For those who are password challenged, there is a temporary solution you can use in the meantime: two-factor authentication. In addition to entering your username and password when logging in, you’ll need to enter a code that is sent via text message. That way, hackers would also need access to your mobile device, making it a little more difficult for them to steal your information.
- Update all the apps on your phone and all the software on your computer.
But it turns out that even with precautionary measures such as those listed above, we’re not completely safe. For example, a recently revealed flaw in Google’s Android software shows, some phishing attacks can get harmful software on your phone whether or not you do anything to “invite” hackers in. The flaw, called Stagefright, means anyone using text messaging on an Android phone is at risk.
Furthermore, hackers can take advantage of security holes that software companies don’t know about or haven’t fixed yet. These attacks are called “zero-day exploits”. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. The good news is that cyber-security companies are developing security defense tools to protects enterprises against targeted and zero-day attacks utilizing the concept of polymorphism – in other words, by turning attackers’ tactics back on themselves. This innovative security method provides enterprises with the ability to detect attacks earlier than ever before, to block them, and to create fingerprint information of attacks.
However, just as security defenses are continuously evolving, so are hackers’ methods of bypassing them. Computers that aren’t even connected to the internet can be hacked. Yes, you read that right. Recently researchers at the Cyber Security Research Center at Israel’s Ben-Gurion University of the Negev announced that they hacked an “air gapped” computer, meaning they successfully attacked a computer that’s hasn’t once touched the Internet. They used a phone network and electromagnetic waves to compromise the computer using a cell phone. It turns out that banning smartphones in workplaces dealing in highly sensitive information isn’t enough.
For most of us, sticking to security best practices is enough but it seems like we’ll never be completely secure on the Internet.