Smartphone security is important as phones store a significant amount of personal data. However, many users do not properly secure their phones. Basic security practices include using strong passwords, updating software, and enabling encryption. More advanced practices involve remote wiping apps and encryption. Recent news has highlighted security issues like Hillary Clinton's use of a private email server while Secretary of State. Proper smartphone security protects users from physical theft and online hacking.
271 Information Governance for Mobile Devices .docx
Everything You Need to Know About Smartphone Security
1. What Is Smartphone Security
Malasta Hill
Information Security Concepts
Kennesaw State University, Kennesaw, GA, USA
Abstract
There are over 6.8 billion cell phone users in the world and it is a necessity that data
stored on those phones is protected. Smartphones are nothing more than personal
information made portable. Roberto Baldwin stated in an article that one third of
smartphone users in the U.S. don't bother to secure their phones. Smartphone security is
the most important feature of mobile devices in today’s society. The misconceptions of
data security will be revealed s to that he reader will have a better understanding of what
smartphone security is.
This discussion will break down and explain what makes information on smartphones
desirable to hackers. This report will also take a look at why we secure smartphones and
examine smartphone security best practices. Smartphone security techniques include
everything from basic four digit pins to complicated data encrypting. Businesses are
importing more data to smartphones requiring several additional layers of security.
This discussion will also cover current events involving smartphone security and data
breaches which have headlined the news in the last year. In particular we will review a
trending discussion in the news regarding Hillary Clinton’s cell phone security and email
usage.
2. Introduction
In today’s society people have become smartphone dependent in more ways than just
telephone service. People are now heavily reliant on smartphones for a wide range of
services and activities. Statistics show that by the year 2020, globally there will be
approximately 6.1 billion smartphone users accompanied by substantial growth in less
developed markets. The same 6.1 billion population of smartphone users account for 70
percent of the world’s population. Estimates say these 6.1 billion users are expected to
acquire smartphone technologies within five year's time. (Luden, Ingrid) Nearly two-
thirds of all Americans own a smartphone. Roughly 19% of Americans rely to some
degree on smartphone technology for accessing online services and information
exchange. More than any other device, Americans depend on their smart phones for
staying connected to the world around them. Seven percent of smartphone users in
America have no other form of online usage at their home other than a smartphone.
Smartphones are widely used for navigating important life activities. Smartphones assist
users by helping them with activities like researching a health condition. Smartphone
users can access secure bank account information, personal information, educational
resources, and sensitive data. Users are also likely to turn to their phones for navigating
job and employment resources. Smartphones store the locations of users, visited places,
family and friends. 67% of smartphone owners use their phone at least occasionally
for turn-by-turn navigation while driving, with 31% saying that they do this “frequently.”
(Aaron Smith)
3. All smartphone users must realize that although today’s devices are convenient, they also
serve as easily accessible breach points for local, regional, and worldwide hackers. To a
hacker smartphones are nothing more than personal information databases made portable.
For this reason proper smartphone security precautions are always warranted.
Smartphone Awareness
Roberto Baldwin stated in an article that one third of smartphone users in the U.S. don't
bother to secure their phones. One article suggests that only eleven percent of people use
PIN’s longer than 4 digits. Fourteen percent of people install antivirus applications,
seven percent of people use security features other than lock screens, twenty-two percent
of people have software on their phone that allows the user to recover the smartphone if it
is lost, and eight percent of those surveyed have installed software that will erase data on
the phone as soon as the phone has been compromised. In 2013 over four million smart
phones were stolen and never recovered according to Consumer Reports. It might be
assumed that the low numbers are because “most people don't see the need for security of
their mobile devices” as Timo Hirvomen stated. He addressed the fact that people are
very shortsighted considering the kinds of information that people have stored on the
phones. There are also concerns around the ease of access of smart phones. Smart
phones users are carrying their devices around everywhere. Most people don’t believe
their cell phones can be stolen or hacked. When asked, those with little to no security
measures on their smartphones indicated they don't feel that they will be target for cyber
crime. Overall, there was a confidence that the information on their smartphones is not a
serious target breach. These findings support the belief that the majority of owners do not
4. value the importance of information that is on their phones. A smartphone is very similar
to a computer and it needs to be secured as such. (Weisbaum, Herb)
Information stored on an unlocked phone can be directly accessed by anyone who has
possession of the device. The average thief can easily turn a minor inconvenience into an
embarrassing situation. Negative impacts can range from having unwanted pictures and
information uploaded on the Internet to destroying the victim's credit. The common thief
that steals a phone id not the smartest person, nor are they savvy computer hackers.
Security Practices
Most smartphone technologies share the common vulnerability of being compromised if
proper security steps are not taken. Smartphones are typically extremely user friendly and
come equipped with basic security features. Some of the best practices to adopt will
include: performing updates when required; enabling a lock code that is more than four
digits and is not a common reference such as a birthday or street number. These
precautions can create a basic security barrier on a smartphone. Approximately 98% of
all smartphones in America have the ability to use a fingerprint code on the phone. It is a
best practice to utilize this feature. Fingerprint codes prevent thieves from looking over a
user’s shoulder to steal a passcode. Disabling features that would allow the device to
automatically connect to untrusted networks is also a good line of defense against
hacking. Wi-Fi security will allow a user to set connectivity into an undiscoverable mode
so that it is not detected to other devices. Adjust the settings on smartphones to lock
5. automatically in the shortest time allowed and not for convenience. Turn off the
Bluetooth and near field communication when it is not in use. Be careful not to accept
request for any unknown devices on via Bluetooth or the near field communications. For
more security on a smartphone search and install applications that are trusted through the
app store in the operating system that is currently in use. These steps will ensure users
have a basic form of security even if the phone is stolen by the common thief. (Munson,
Lee)
Advanced Security Practices
To enhance the security of smartphones, applications can be installed to find a device in
case it is a lost or stolen. Apps such as “find my phone” are very powerful tools. This
particular app utilizes the phone's GPS system to locate devices. Some applications come
installed with a remote wiping feature. Remote wiping will wipe all of a phones data at
once. The wipe command on an app then cleans the data once the phone accesses the
Internet. Other apps protect phones from malware, virus, and other malicious hacking
software that attempts to attack your phone through apps and other the Internet.
Following these steps can allow users to secure their phones from most threats. This
protects smartphones both physically and across the World Wide Web.
6. Encryption
Taking a deeper dive into cellphone security means examining additional techniques such
as adding encryption. Smartphone encryption to the basic cell phone user sounds
complicated and unnecessary. An average user would have several things to consider
before encrypting smartphone device. There could be a small performance drop that to
most is not noticeable. On the start up users will be required to go through additional
steps to startup the phone. If a smartphone has been rooted there will also be a need to
unroot the phone prior to entering the encryption phase. If smartphone encryption proves
undesirable to the user, it may become necessary to perform a factory reset to undo the
process.
An encryption on a phone takes the smartphone to one of the highest levels of security
available. Encryption is taking data on the phone, securing the data, and filtering the data
using a secured method. The most commonly used encryption method for smartphones is
called the Advanced Encryption Standard (AES). AES is a symmetric encryption
algorithm that is designed to be efficient on both the hardware and software, and supports
a block length of 128, 192, and 256 bits of data. To simplify the terminology think of an
encryption as a written message that requires a key to read. The key acts as a decoder of
the message and must be given at some point to the other party in order for the recipient
to understand to successfully read and decode the message. Encryptions can be difficult
to hack and for the average user encryptions help to render cell phone security measures
impenetrable. (Weise, Elizabeth)
7. Smartphones for Business
Smartphone usage is becoming the norm in the businesses world. Businesses are using
servers and applications to send information to phones through apps. At times this
process requires additional layers of security in order for the application to work. BIG-IP
Edge Portal, in combination with customers’ existing BIG-IP Edge Gateway and BIG-IP
APM or FirePass SSL VPN deployments, provides portal access to internal web
applications such as intranet sites, wikis, and Microsoft SharePoint. This portal access
provides a launch pad that IT administrators can use to allow mobile access to specific
web resources, without risking full network access connections from unmanaged,
unknown devices. Mobile users can sync their email, calendar, and contacts directly to
the corporate Microsoft Exchange Server via the ActiveSync protocol. This solution also
enables corporate IT to grant secure mobile access to web-based resources.
Headline news
Events involving smartphone security and breaches have headline the news in the last
past year. A trending discussion in the news is Hillary Clinton’s cell phone security and
email usage. Early in 2015 it was made public that presidential candidate Hillary Clinton
allegedly used her private email server for official communications as Secretary of State.
She was only authorized to use the email accounts on her phone that were maintained
through the federal servers for classified information. If this were true it would have been
a clear violation of federal policies on email usage and a very high security risk within
8. her job. Clinton’s response to the allegations indicated the use of personal email was in
compliance with federal laws and State Department regulations, and that former
secretaries of state had also maintained personal email accounts, though not on their own
private email servers. IT security experts such as Chris Soghoian had previously advised
Secretary Clinton against this during the early part of the cabinet appointment. The main
security issue was regarding the transmissions and whether or not the servers were
properly encrypted. According to one source, Clinton’s servers was configured to allow
remote access by way of Microsoft’s Desktop Services which is not considered to be a
reliable form of classified usage as it is used as a standard in Microsoft Windows
applications. A federally secured server that resides in centers provides constant
monitoring for viruses, off-site backups, generators, redundancy, and instant protection
from hackers. The government desires to keep security as a high priority within the
government and for government national security. (Gillum, Jack)
Conclusion
To some the security measures outlined in this discussion may seem like overkill.
However, it is important to remember that smartphones carry some of our most prized
personal data, including credit card numbers and financial records. A strong password
and reliable encryption are a one-two combination that will ensure your smartphone and
the valuable data it contains are secured against unwanted use or intrusion. One can
expect the industry to develop even more complicated, impenetrable security features in
the future.
9. Resources
1. Smith, Aaron, U.S.Smartphone Use in 2015,Pew Research Center,
http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/, April 1, 2015
2. Lunden, Ingrid, 6.1B Smartphone Users Globally By 2020,
6.1BSmartphone Users Globally By2020,Overtaking Basic Fixed Phone Subscriptions,
https://techcrunch.com/2015/06/02/6-1b-smartphone-users-globally-by-2020-overtaking-
basic-fixed-phone-subscriptions/, June 2, 2015
3. Weisbaum, Herb, Most Americans don’t secure their smartphones,
http://www.cnbc.com/2014/04/26/most-americans-dont-secure-their-
smartphones.html , April 26, 2014
10. 4. Munson, Lee, 10 Tips for Securing your smartphone,
https://nakedsecurity.sophos.com/2013/10/08/10-tips-for-securing-your-smartphone/ ,
October 8, 2013
5. Weise, Elizabeth , USA Today, What does it mean that a phone is encrypted,
http://www.usatoday.com/story/tech/news/2016/02/20/phone-encryption-iphone-apple-
qa/80623208/ , February 20, 2016
6. Baldwin, Roberto, Don’t Be Sill Lock Down and Encrypt Your Smartphone,
https://www.wired.com/2013/10/keep-your-smartphone-locked/ , October 26, 2013
7. Gillum, Jack; Hillary Clinton used private server for official email,
http://www.pbs.org/newshour/rundown/ap-finds-hillary-clinton-used-private-server-
official-email/; March 4, 2015.