10 February 2011
Everyone who owns a computer likely hears about the plethora of latest security issues, viruses and whatnot- and for all those Windows users, may have figured out that Microsoft releases security updates on the second Tuesday of the month. For the most part, that’s outside the scope of this article, although it is relevant. Viruses and hackers are the bane of any computer user and many of us spend seemingly ridiculous amounts of time making sure our virus scanner is up to date, that Windows Security Center reports back that everything is fine, and otherwise being extremely careful with our computers. We set up (hopefully) strong passwords for all of our online accounts, and from there, try to lie low and hope that no hackers come our way; and hope that if they do, all the defenses we threw up for them are strong enough.
It seems that so much effort is put into making sure that computers and Facebook accounts are secure, that the most dangerous devices we have in our lives are completely forgotten from a security standpoint- or measures are taken to accommodate them that the security of everything goes downhill as a result.
The issue is that ease of use seems to often take a higher priority than security for many people. As mobile devices with admittedly crappy keyboards become increasingly prevalent, crappy passwords follow. That’s not to say that all mobile devices are difficult to type on since more and more sport full QWERTY keyboards in some form or another. Remembering and typing also plays a role- obviously it’s much easier to remember a simple (and easily hackable) password such as ‘letmein’ instead of a stronger password such as L3+mE!n. (Simplicity vs Security; The Philosophy of Nate)
Even worse, once our mobile device is no longer attached to us; forgotten on the bus, pickpocketed, whatever, security suddenly becomes a massive problem. Hacking a cell phone is disturbingly easy in most cases even if it is password protected. My phone, for example, uses a 4 digit PIN for security, with unlimited attempts. Many phones include a method by which the manufacturer can boot the phone and bypass security measures for transferring data to a new phone, or a hidden recovery mode. The sad fact is though; most people don’t secure their phones for the sake of ease of use, and those who do are unable to secure them well.
Now, moving past just a simple phone and on to other mobile devices- Palm OS (legacy Palm OS) includes built-in encryption and access control, which indeed makes it more difficult to steal data from. Other than devices with security tools there is, once again, a disturbing lack of actual security. iOS (iPad/iPhone/iPod Touch) allows a user to password-protect their device, and thankfully many people make use of that feature; though for a large part because it’s extremely easy to use. To put it bluntly, I sincerely hope that very few people carry confidential data on their iOS device, although I know I’m wrong because they include a web browser and various apps for Facebook, Google, and the like. iOS can be hacked in no more than 6 minutes (including the theft of passwords) and nearly any data not encrypted on some level is fair game. Even I have the ability to hack into iOS should I choose to; I have all the resources and know-how to do it. (article)
Having physical access to any electronic device instantly makes it hackable on a number of levels. However, the fact that mobile devices are exactly that; small and mobile, physical access to them is that much easier to obtain considering the many places they seem to be forgotten, and from there that much easier to hack considering how unbelievably bad their security tends to be. If you carry sensitive or data that’s at all private on a mobile device (especially flash drives), consider encrypting it if you have no choice but to carry it.