Monday, April 18, 2016

So you think your smartphone is secure?

Not according to CBS's '60 Minutes' program.

Hering is a hacker himself, he's the 30-something whiz who cofounded the mobile security company "Lookout" when he was 23. Lookout has developed a free app that scans your mobile phone for malware and alerts the user to an attack.

Sharyn Alfonsi: How likely is it that somebody's phone has been hacked?

John Hering: In today's world there's really only -- two types of companies or two types of people which are those who have been hacked and realize it and those who have been hacked and haven't.

Sharyn Alfonsi: How much do you think people have been kind of ignoring the security of their cellphones, thinking, "I've got a passcode, I must be fine?"

John Hering: I think that most people have not really thought about their phones as computers. And that's really starting to shift.

Sharyn Alfonsi: And that's what you think-- it's like having a laptop now?

John Hering: Oh absolutely. I mean, your mobile phone is effectively a supercomputer in your pocket. There's more technology in your mobile phone than was in, you know, the space craft that took man to the moon. I mean, it's -- it's really unbelievable.

Sharyn Alfonsi: Is everything hackable?

John Hering: Yes.

Sharyn Alfonsi: Everything?

John Hering: Yes.

Sharyn Alfonsi: If somebody tells you, "You can't do it."

John Hering: I don't believe it.

There's much more at the link.  Highly recommended - and disturbing - reading.



Judy said...

If you are hooked to the internet in any way; you are not secure. Because what one man can do; another can undo.

MrGarabaldi said...

Hey Peter;
That is why I limit what is on my financial data. Also I use the "lookout" app. I consider it very good.

Old NFO said...

What Judy said... sigh

Eric Wilner said...

Ditto MrGarabaldi: the phone is not for financial data, confidential documents, singing-in-the-shower vids, etc.
If someone gets ahold of my mobe snaps of the cats, things seen on morning walks, and various (non-secret) work-related hardware, it's no big deal.
If I lose the phone, I gotta change a couple of passwords, but they're not for anything critical. (And, at the next infrastructure iteration, I'll probably change that from "change passwords" to "revoke certificates", and make sure no actual passwords are stored on the phone at all.)
It's kind of alarming to see the hints of how much Google is learning about me from my phone... but kind of reassuring to note that some of it is wildly wrong (e.g., Google's idea of where I work, based on where I go first thing on weekday mornings).

Bibliotheca Servare said...

And now their evil AI is correcting that mistake... just kidding...mostly. God bless!

Anonymous said...

There is a reason why I recommend the Nexus phones. They actually get security updates in a timely manner.

Now, that doesn't mean that they can't be hacked, but it is much harder than the phone/tablet that is released and then never updated again.

If someone can't get a Nexus device, I recommend phones that can run Cyanogenmod (i.e., someone has already gotten an official port done) since they update fairly regularly.

It doesn't help that most of the devices are running kernels that are never updated, regardless of the rest of the operating system.

Yeah, android is (mostly) not pretty.

Borepatch said...

While everything is hackable, some hacks are easier than others. This was exceptionally difficult in a couple of ways. It made for good TV, but most people should worry about password security or phishing/social engineering attacks and keeping their system updated instead.

Boyd K said...

A lot of the intercept attacks were (they said) aimed t SS7 (these were the guys in Berlin). Mmmm, that's not about cell phones. That's about the digital interconnect IIRC. Actually more troubling IMO.