Organizations are rapidly embracing the use of mobile devices in their business processes, personal lives, and let’s face it, a messy blend between the two. While this BYOD (bring your own device) trend can improve employees’ work-life balance by allowing for more non-traditional work hours, it can also be a slippery slope for some.
Without the proper security measures with mobile apps and basic online security measures, your mobile device can turn into a mobile headache. And that can lead to a host of problems for you as well as your employer or employees. You’re already likely aware of the critical importance of a personal VPN like PRIVATE WiFi to encrypt all of your data in public WiFi environments. But if you’re not already using a VPN, consider that a new report from Javelin Research says 25% of all data breaches related to credit and debit cards lead directly to identity theft. Javelin says U.S consumers lost $21 billion to identity theft last year, and it cost them up to 37 hours to fix the problem.
“In this age of mobile technology advancement, hackers are focusing more of their attention on the security vulnerabilities of the devices consumers have come to rely upon. We have become a society reliant on instant gratification which has its rewards, but with it comes risk,” says Tim Rohrbaugh, a security analyst at Intersections.
“Consumers don’t need to stop using devices; they just need to take some basic, but necessary steps to protect their personal information from falling into the wrong hands,” he adds.
The Federal Trade Commission seems to understand this is a problem (but some federal agencies are accused of not fully understanding the threats). That’s why the FTC is planning a free workshop to explore consumer privacy and security issues posed by the growing connectivity of devices and BYOD policies. (The workshop, on November 19, is free and open to the public in Washington, DC, and will also be webcast.) More importantly, the workshop’s invited security analysts will serve to inform the FTC about important developments in this area. Some of the questions to be posted that day include “How should privacy risks be weighed against potential societal benefits, such as the ability to generate better data to improve healthcare decision-making or to promote energy efficiency?” and “What are the unique privacy and security concerns associated with smart technology and its data?”
All of these questions come at a critical time, since connected devices now communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, healthcare providers, or even other consumers.
Lookout: We’ve Got Your Back
We applaud the FTC for taking this step to work together with technology leaders. One company that is not associated with the FTC’s planned meeting but is already doing this sort of work is called Lookout. The San-Francisco based startup is taking aim at companies and government agencies by telling the users of its mobile app whether anyone/anything suspicious is messing around with their mobile device. For example, let’s say you lose your smartphone and the thief tries to unlock the passcode; Lookout can even email you a snapshot of the thief if he fails to guess the right passcode. Another cool feature? Lookout’s app includes Signal Flare—a lost-device feature that saves your location when your battery charge gets below 10%. If you lose your device when the battery is low, you can log into www.lookout.com, see where it was last, and have a fighting chance of getting it back. Apple’s Find My iPhone does not have this feature.
Skycure On WiFi Security
Another company, Skycure, enables organizations to embrace the BYOD trend, but still provide strong protection and control. But be careful which WiFi hotspots you use, says Skycure, as it has just revealed a web-based exploit that lets attackers hijack a iOS device on the same network through its mobile apps.
What happened is that the Skycure team actually observed their own app redirecting to a wrong address. They realized they could make many other apps exhibit the same behavior. As a result, apps that display news, stock quotes, social media content, or even some online banking details can be manipulated to display fraudulent information and intercept data sent by the end user. After an app has been tampered with once, it will continue to connect to the hacker-controlled server for an extended period of time, with no outward indication it is doing so. The weakness, dubbed HTTP request hijacking, is estimated to affect at least 10,000 titles in Apple’s App Store.
Yep, we said at least 10,000. That means it could be more than that. Something to think about before you download that next shiny app indeed.