This document provides tips for improving mobile security and avoiding common threats. It discusses how smartphones and tablets have become ubiquitous, yet many users are unaware of security risks like malware, phishing scams, and unsecured wireless connections. The document outlines three main categories of threats - email/communication, malware, and phishing. It provides specific safety guidelines, such as disabling unnecessary wireless services, using app ratings to identify trustworthy software, avoiding suspicious email attachments and links, and promptly changing passwords if a device is compromised. The overall message is that mobility benefits from an informed approach and sense of responsibility regarding digital safety.

1. Mobile Security
For the modern tech mogul
Andrew Schwabe, Founder

2. Background
• WCU Computer Science Alumni
• Entrepreneur
• Mobile, Social, Cloud Developer
• Founder of Point.IO

3. A Whole New World
• Smartphones, Tablets
and Phablets
• Mobile will overtake
desktop in 2015
• BYOD trend

4. … Same Sandbox
• You leave a “digital footprint”
everywhere you go
• Most smartphones have
services enabled that you
don’t know about
• 50% of enterprises have had a
mobile data security breach

5. Being a safe netizen

6. Becoming a safe netizen
• Mobility is awesome

7. Becoming a safe netizen
• Mobility is awesome
• ignorant < you < paranoid
• Be informed and you don’t
have to fear
• Mobile power requires
responsibility

8. Not all devices are equal
• Each OS has different security goals
• Apps have different screening
processes
• Apple i-devices
• Android
• Blackberry
• Windows Mobile
• Symbian/Palm/Others?
• Which is better?

10. Safety goals:
• Not losing your device, duh
• Prevent identify theft
• Prevent loss of passwords and dignity
• Prevent family and friends from suffering
the same fate…
• On their own accord, or…
• Because you gave it to them

11. Apps and Tweets and Phreaks, oh my!
• Lots of things can get’cha, but…
• That’s no different than swimming in
the ocean. You just need to know
places to avoid sharks and other
baddies.
• Use common sense.

12. Three categories of “bad stuff:”
•Email and communication threats
•Malware
•Phishing

13. Email:
• Viruses can be spread through email
• Usually Attachments
• Usually only affect desktops
(this will change over time)
• You don’t want the virus (or to spread it)
• Best course of action:
• Don’t open email from unknown/weird
addresses
• Don’t open email attachments you were
not expecting

14. SMS and MMC:
• Generally pretty harmless
• Sometimes contain links to websites that look
weird. E.g. hax0r.me/pinkbunnies
• The age of spam and sms attacks
will come
• Thumb and others are ok
• Best course of action:
• Don’t click links from unknown/weird addresses
• Don’t click links you were not expecting

15. WiFi Vulnerability:
• Do you hotspot? Do you know if your phone
CAN hotspot?
• Some smartphones let you configure a
hotspot with no password.
• Best course of action:
• Know if your phone supports it
• Disable it if you aren’t using it
• Disable wifi when you are not home

16. Bluetooth Vulnerability:
• Unconfigured services are sometimes active
by default
• A skilled hacker can connect to
open bluetooth services and take
control of your smartphone
• Best course of action:
• Disable bluetooth if you aren’t
using it
• Learn how to disable services you are not
using

17. Malware:
• “My friend Mike’s Android phone had been
acting strangely for awhile. In the middle of
the night, the phone would come alive. It
would meander down various menu paths,
send texts that were gibberish and start
playing poker. Was it bug in the operating
system? Or had Mike been hacked?”
- Forbes (link at end)

18. Malware:
• “how come my phone|tablet|uber device is
going so slow all of a sudden?”
• Not all mobile apps are by quality (ahem…
‘moral’) developers
• Some apps can install “spyware” which reads
your personal info, runs keystroke loggers, or
create popups.

19. Malware (cont…):
• Beware of apps that request your personal
information, or that install new services
• Read reviews and ratings before just
downloading apps
• Android more
susceptible than iOS

20. Phishing:
• They are the ‘fishermen’ and you are the ‘fish’
• Smart scammers who want to trick you into
giving up personal information like:
• Bank account info
• Usernames/passwords
to websites

21. Phishing (cont…):
• Obviousness
• If its too good to be true,
it probably is.
• You do not have a rich distant
uncle in Botswana that left
you $20M
• If you did, why would you
have to pay a fee to get it?

22. Phishing (cont…):
• Social Media
• Emails meant to look
like Facebook or
twitter asking for your
password
• Services usually won’t
send you an email asking for this information
• “Change your password” emails should only
be trusted if YOU requested them

23. Phishing (cont…):
• Sp00f websites and DNS poisoning
• Alternate websites meant to
look like your bank.
• When you try to log in, they
capture your username and
password, but return a
“account not available right
now” or similar message

24. ALWAYS and NEVER list:
• Mama always said to never use ‘always’ and
‘never’ in a sentence…
• … Mama didn’t carry
no Android Phablet…

25. ALWAYS and NEVER list:
• NEVER open email links and
attachments from suspicious
or unknown people
• Includes unusual attachments
from people you know, but you
were not expecting
• “crazycool_giraffe_parasailing.
mov.pif”

26. ALWAYS and NEVER list:
• NEVER open links from emails that are asking
you for usernames and passwords.
• Almost always a scam (real sites know
better than to send emails like that)
• If your spam filter caught it, best to leave it
alone
• If it’s a bank email, try calling your local
branch. If they never heard of it… danger!
• If in doubt, throw it out

27. ALWAYS and NEVER list:
• NEVER post anything on any site unless:
• You are ok with the whole world knowing it
• Family picnic and birthday pics = ok
• Skinny dipping pics = never ok
• Ever read the EULA for facebook and
others? They OWN your content…

28. ALWAYS and NEVER list:
• NEVER email or post personal and sensitive
information if at all possible:
• Credit card numbers
• Bank info
• Maybe home address, vacation info
• Never know who will see it
• Easy to exploit your weaknesses

29. ALWAYS and NEVER list:
• ALWAYS use basic security
lock on your mobile devices:
• PIN codes on Apple
devices
• Password/pattern locks
for Android

30. ALWAYS and NEVER list:
• ALWAYS use apps that YOU installed:
• Verify that they are from a trusted author
• Read ratings/comments
• Use a bank’s APP instead of website if
possible

31. ALWAYS and NEVER list:
• ALWAYS disable services you don’t need:
• Disable wifi/bluetooth if/when you don’t
need them
• NFC, ssh, jailbreak and root apps
• BONUS! Fewer running things = less battery

32. Symptoms of a hacked phone:
• Unusual restarts
• Slow response time
• Web browser redirects to
inappropriate sites
• Phone sends text messages
on its own
• Online credit card charges start
showing up
• Plane tickets to Amsterdam

33. What to do if you are hacked:
• Log out from your app or website
• Switch to a different device
• Change your password
• Call your credit card company
• Request a credit alert with
credit bureau
• Erase/restore your mobile device

34. Tips for being safe:
• Incognito mode in some web browsers
• Read the manual that came with your device
• Learn all the the stuff you don’t know
• Google ‘security tweaks for Samsung galaxy
note 2’ (or your device)
• Use a lost and found service
• Apple has several app and gps based choices
• 3rd party labels – foundkarma.com

35. More reading:
• Cloud storage (Box, Dropbox, others)
• Google and Facebook’s new privacy rules
• Read ‘technology’ channel using Flipboard

36. Reference and Stories:
• Your Phone Has Been Hacked
• Signs and Symptoms of a hacked smartphone

37. Thank You!
• Blog: www.PainInTheApps.com
• Personal Email: andrew@schwabe.net
• Twitter: @aschwabe
• This presentation will be posted on my blog
and my twitter

38. Special Thanks to:
• http://www.theoatmeal.com for cartoon
awesomeness used in this presentation
• Kim Slattery and West Chester University for
the opportunity to share
• All the attendees who participated in our
session!