Chapter 6: Mobile security – Security in the Digital World-

CHAPTER 6: MOBILE SECURITY

When you are mobile you are at your weakest as you are operating in insecure environments. At home you know you have security on your device and your network; when you are mobile you rely on the security put in place by the Internet access provider, which is usually a lower priority than availability.

Mobile devices need to be manageable because they need to be mobile, which also means they are easier to snatch from a laptop bag or from a table in a coffee shop.

6.1 Laptop

The security of laptops is primarily achieved by how the device is configured and the software that is installed. This is covered in the ‘Operating system – computers and laptops’ section.

Laptops need extra security because they are designed to be portable, so the main requirements are to prevent them being stolen, to protect the information on the device if it is stolen, and to protect the information while it is mobile.

Devices such as Kensington locks are very useful to prevent laptops being stolen. Encryption and backup are essential to protect your information if your device is stolen. A VPN is also essential to secure your information when you connect to Wi-Fi outside your home or regular network.

Kensington lock

The main threat to the domestic user is laptop theft. Thieves are not after the data on the laptop but the laptop itself because they can resell it. Each laptop has a Kensington port, which is a rectangular hole in the body of the laptop into which a Kensington lock can be fitted. Thieves will be less likely to steal a laptop if they can get no money for it because it is damaged, which breaking the Kensington lock will do. The Kensington lock is circled in the image below.

The Kensington lock will not stop the laptop being stolen, but it will break the body of the laptop and significantly reduce the value of the stolen device, to the extent the thief may see the device as valueless and not worth the potential risk or effort.

Kensington locks are available in two versions: with a key or with a combination lock.

A keyed Kensington lock fitted to secure a device:

A combination Kensington lock:

You can also use a Kensington lock to secure the laptop if you leave it in a car. Preferably put the device out of sight in the boot or use the Kensington lock to secure the device to the seat frames.

Screen filter

A basic security measure that can be applied to your laptop is a screen filter. The screen filter sits on your laptop screen and prevents someone from seeing what is displayed on the screen unless they are sat directly in front of the device as shown in the image below.

The laptop screen filter prevents a threat called ‘shoulder-surfing’, which is where somebody stands behind you and reads what is displayed on the screen. Screen filters are very easy to fit: they usually just sit in the screen recess on laptops with plastic guides to hold them in place.

Screen filters make the screen appear black to anyone other than the person sat directly in front of the screen.

3M is the primary manufacturer of screen filters which can be bought through Amazon or other vendors. Search ‘privacy filter’ and find the correct size for your device.

Screen lock

If a Windows device is not touched for any period of time, the best practice is to have a screen lock in place. The screen lock is managed through the Control Panel, under the Personalisation options.

The screen saver stops access if you are away from the device, and can include a message.

The screen lock is managed through the screen saver. The screen saver can be text or a picture, and can include a message that will deter potential thieves. The text in the image above reads ‘I am encrypted’, which tells an attacker three things:

  1. 1. You understand security and are committed to protecting yourself and your information.

  2. 2. You have applied encryption to protect the information on the device.

  3. 3. The attacker will not have access to the information if they take the laptop.

Used in combination with a Kensington lock, the screen saver presents a number of challenges to a thief.

When configuring the screen saver, tick ‘On resume display logon screen’, which means the device’s passphrase is required to unlock the screen. Set the time in ‘Wait’ by using the arrows to select the minutes – this defines the length of time the device remains unlocked and the information accessible without it being touched. The ideal period of time is three minutes. There are a number of reasons three minutes can be regarded as the ideal setting;

  1. 1. By the time an attacker got access to your laptop, three minutes would not leave much time to view or copy your information.

  2. 2. If you moved away from the device a good amount of the three minutes would have expired before the device was out of your view.

  3. 3. Three minutes would allow you enough time to do a quick task away from the device and return before the screen locked, i.e. get something from your bag, put the kettle on, etc.

  4. 4. It is unlikely most users would remember to change this setting before travelling so three minutes would be an acceptable time setting for this circumstance as well.

You can also lock the screen if you are moving away from the device for a few minutes: press Ctrl-Alt-Delete at the same time to lock the screen and require the passphrase to open the device again. You can also hold the Windows key and ‘l’ to lock the screen.

6.2 Public Wi-Fi

Do not use insecure wireless Internet access because attackers may be able to intercept any information you send through the connection. Never use an insecure connection to send or access valuable information, such as financial or personal information.

If public Wi-Fi is the only option available, make sure you use a VPN.

Do not assume the Wi-Fi is secure in your hotel room or other temporary accommodation. The only indication a Wi-Fi network has any security is when a network key is required, which is a password to access the network.

Whether or not you have to use a password to access the network, best practice is to use a VPN.

The VPN gives you some security even if the network security level is weak. It is possible to check the level of security that has been applied to the network, but best practice is still to open all browsers with a VPN in place.

If you need to open a browser to access sensitive information when you are away from home, always use a VPN for the connection.

6.3 VPN

Using a VPN provides greater security when connecting to the Internet because it launches an encrypted link between the source and the destination computer. This ensures there is a secure link between your system and the destination system.

The VPN also generates an IP address that means the user’s true IP address is not revealed, further reducing the possibility of being attacked.

A number of free VPN solutions can be found through FileHippo.

Once you have installed the VPN make sure you understand how to turn it on and what you need to see to show you are connecting through a VPN. Alternatively, depending on which browser and VPN solution you use, configure the browser so that it only opens in a VPN.

VPNs should be used when connecting to public networks and also when using mobile networks, whenever possible.

Mobile networks are the networks you connect to when you are ‘roaming’, either in your home country or overseas.

6.4 Public computers

Internet cafés are readily available in every city. Caution must be exercised when using the systems in Internet cafés as these systems are susceptible to attack by such devices as keyboard loggers or other low-tech attacks. The main thing you can do is avoid using internet cafes or any other public systems to access sensitive sites, such as your online banking.

As Internet cafés are open to the public there would be no difficulty in someone fitting and subsequently removing a keyboard logger. The attacker only has to keep reviewing the information captured by the keyboard logger until they capture the access credentials for a financial site, or your security credentials to access your online profile, or even your card details where you might have made a purchase.

6.5 USB devices

Depending on where you are travelling, new USB storage devices could have malware installed that would transfer to your device when the USB is inserted, even when they are in the manufacturer’s packaging. This risk may not exist in every country you travel in, but best practice is to get in the habit of checking USB devices before you use them.

When you buy a USB storage device install a means to encrypt the key and protect the information if the key is lost or stolen. Some USB storage devices come with embedded encryption, saving you this effort.

Only buy encrypted USB keys from trusted reputable providers, such as Western Digital or Seagate.

Ensure the firmware on the device is backed up before formatting the device or that any necessary firmware is readily available from a trusted source, preferably the manufacturer’s website.

I recommend formatting every USB device before it is used for the first time:

In ‘Computer’, left-click the device to select, right-click the device and select ‘Format’.

The format control panel will appear with two options:

  • Quick format – erases the registry of the device, which is the index showing the location of all information on the device. Deleting this index means the information cannot be found.

  • Full format – erases all data on the device.

Once the device is formatted install an encryption application for the USB storage device. There are applications for doing this at www.filehippo.com.

6.6 International travel

The basics of mobile security are the same wherever you are, but there may be additional advice or considerations if you are going to specific countries.

Travelling in the EU is fairly straightforward as the majority of countries are aligned with EU legislation. Other countries in the world may have different requirements, e.g. some countries restrict encrypted devices being brought in.

For the most up-to-date information, check your government’s travel advice for the country you are travelling to.

In Ireland, this advice is given by the Department of Foreign Affairs and Trade at www.dfa.ie/travel/travel-advice.

In the UK, this advice is given by the Foreign and Commonwealth Office at www.gov.uk/foreign-travel-advice.

EU roaming charges

Roaming charges were abolished across the EU from June 2017. This means if you have a contract with an EU mobile provider that includes data, you can use your allowance anywhere within the EU without incurring roaming charges.

From a security perspective this is very good news as you can now use your mobile data allowance to connect to the Internet through your smartphone hotspot instead of using insecure public Wi-Fi networks.

Encrypted devices

Some countries have restrictions on bringing in encrypted devices and information.

In these countries, border control staff could demand the password for the device and take the device away for a period of time. Remember that it can take as little as two minutes to copy the entire contents of a device.

There are things that can be done to reduce the amount of information that is taken or viewed if you are challenged in this way, or if you have to open the device or even give the device and the password or passphrase to border control staff.

Laptops

Have as little information on the device as possible. Consider carrying important information on a USB device that you carry separately.

If you have a personal Cloud/network attached storage device, use this to store important information and launch a VPN to access it. If you have an iCloud account, use this to access important information.

Another option is to send yourself the information in an email that you can access but is not stored on your device.

Mobile phones

If you have an older smartphone, take this with you to access the Internet over Wi-Fi, but make sure you will not need to access sensitive sites such as e-commerce, e-banking, etc.

Don’t take your new smartphone with you!

As with the laptops advice, use iCloud, or send yourself the information in an email that you can access through your account.

Posture

Be comfortable, be clever!

There is no shame in wearing gloves when it is cold, no matter how hardy you are. Wearing gloves means you do not have to keep your hands in your pockets when you are walking, which not only improves your posture but also shows you are not restricted if you need to respond to an attacker. Every little action you do to deter a potential attacker can work together to make them think twice about attacking you.

6.7 Summary

There are some basic security measures you can put in place to prevent your device being stolen. If it is stolen, these measures will prevent your information from being compromised.

  • Do not leave the device unattended and unsecured.

  • Do not travel with your backup device and primary device together in the same bag.

  • Do not use locally bought USB devices.

  • Do not use USB ports to charge devices – use a travel plug and appropriate cables.

  • Do not log onto public Wi-Fi networks unless you have a VPN in place.

  • Do use a Kensington lock.

  • Do use a screen filter.

  • Do make sure your device is encrypted.

  • Do install a VPN.

  • Do make sure your device has a robust passphrase.

  • Do have an encrypted USB to back up information or for transferring information.

  • Do carry the power cable, travel plug and cables for charging smartphones.

  • Use your email or a secure Cloud to store important information if you need to access it.