April 13, 2021
Good morning, everyone!
Apple recently released emergency updates for all mobile devices, warning that this vulnerability is being actively exploited. Be certain all your iThings are running the latest version: iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3. Apple also released an update for older iPhones, iOS 12.5.2 (which tells you how serious this is).
Hope y’all don’t mind I took a week off. I had to take some PTO and enjoy that beautiful spring weather! I always come back from a short break with a million ideas floating in my head, but I’ll stick to just one for now:
Securing Mobile Devices
It’s easy to forget sometimes that those little “phones” in our pockets are actually extremely powerful computers – far more powerful than the computers many of us worked on in school! Added to their inherent power is the power that we bestow upon them – our virtual lives, and quite often the keys to our physical lives. With great power comes great responsibility! And this makes securing our mobile devices more important than ever. What are the best steps to take?
Keep software up-to-date
Literally the number one most important, and the easiest, and free! step to take is to keep all the software up-to-date. If you are running software on your mobile device with a known security vulnerability, you are cruising around the Internet with a target on your back. Seriously. This applies not only to the operating system, but also all the apps on your device. I personally check the App Store every morning and apply all updates that are available.
Conduct routine audits of your apps
Speaking of keeping apps up-to-date, how many of you have apps on your phone that you haven’t used in months? Years even? This is a problem. Why? Well, let’s say someone builds an app and puts it in the App Store. A few weeks/months later, some security researcher finds a serious vulnerability and notifies the developer. He’s already on another project by now and doesn’t care about fixing that old app, hardly anyone has downloaded it recently anyway, so he just pulls it from the App Store. Now everyone who installed that app on their phone is cruising the Internet with a known vulnerability just waiting to be exploited.
How do you avoid this problem? Conduct routine audits of the apps on your mobile devices. If you find one you haven’t used in ages, ask yourself whether you really need to keep it? If not, delete it. If you do use it occasionally, go to the App Store and make sure you are running the latest version. If it’s not in the App Store anymore, there’s probably a good reason, and you should find a replacement app that is being currently maintained by the developer.
More app safety tips
I recently read this article: Dangerous Android App Pretends to Be a System Update to Steal Your Data (which is what got me started on this topic today). Here is a key point:
Thankfully, this hellish booby trap has never been offered on Google Play store, though it is available via a third-party store
(1) Never download apps from unauthorized sources. Although sometimes actual bad apps do make it into the official app stores, it’s not a common occurrence. It is, however, quite common for third-party apps to include malicious content.
(2) Check out the developers. Avoid downloading apps from unknown or unfamiliar developers. Check out the reviews. How many apps do they have in the store? How long have they been around?
(3) Limit permissions granted to apps. When you install a new app, it usually asks you for permissions on your device – access to camera, microphone, location services, contacts, etc. Don’t just say “yes” to everything – THINK! If this app really doesn’t need this permission, just say no. If a new app demands permissions and won’t install without them, you should evaluate whether you really want or need this app on your device. At a minimum, the developer isn’t very security-minded, which isn’t a good thing, and at the worst, it’s actually a malicious app like the ”hellish booby trap” we read about above.
(4) Don’t “jailbreak” your phone If you don’t know what this means, you are probably safe. Jailbreaking your phone is a way of removing the restrictions that keep you from installing unofficial apps. It’s popular in the younger crowd, but it’s dangerous. When you remove those restrictions, you are also removing the protections that the operating system provides.
(5) Think before you click. Yes, this applies to apps! Attackers have begun using collaboration apps like Discord and Slack to spread malware. Since these apps enable embedding links and attaching files, they are just as vulnerable as email. Remember, before you click on that link or open that attachment, hold up your finger and think, really think, for 2 seconds.
While this is not a comprehensive list of all the things you can do to secure your devices, it’s a good start. And not one of these suggestions costs money! Just mindfulness.
Talk to you again soon!
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺