Protect your smartphone from ID thieves
Your favorite apps might be your worst enemy -- allowing thieves access to your personal information.
This post comes from Gideon Grudo at partner site Money Talks News.
Money Talks News has given you seven ways to prevent identity theft, three tips to prevent ID theft on social networks, and even advice on how to protect yourself from old-fashioned ID theft from your mailbox. Now comes the newest threat, and it's right in your pocket.
We're talking about your smartphone, and it has nothing to do with British reporters hacking into them, although we've explained how they did that, too.
PCWorld reported that a new study from security firm viaForensics found that popular apps might be allowing hackers to easily pluck your personal information.
ViaForensics tested 100 popular apps on both iPhone and Android systems and graded them in one of three ways -- pass, warn, or fail -- and only 17% passed while 39% failed.
Here's a basic breakdown of what the categories mean:
- Pass. Your password and user name are encrypted, or written in code, making it harder for hackers to copy and paste.
- Warn. Either your password or your user name isn't encrypted, but stored as plain text, giving hackers the opportunity they've been waiting for.
- Fail. All of the private information is in plain text -- and in plain sight for the bad guys.
The 39% of apps that failed have a lot in common: Most of them are social networking apps. Of all social networking apps tested, 74% failed, 26% got a warn rating, and none passed.
Why would an app choose to not protect its users? Chris Palmer, a digital rights advocate, told The New York Times that many sites prioritize speed over security: "The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense."
If you don't think that's a big deal because it hasn't affected you yet, you might be wrong. According to USA Today, many hackers simply place monitoring software on your phone and watch what you do and when you do it. The problems could come later, when you least expect it. Post continues after video.
It seems that banks are the most willing to foot the bill for security. Financial apps (like mobile banking) got much higher scores. Only 25% (eight apps out of 32 tested) failed. In fact, the study claimed that financial apps were indeed the safest.
How do you protect yourself? Two ways.
First, check out viaForensics' list of tested apps. If the one you want to download is on it, consult the app's score. You can click on the score for an in-depth look at what it means.
Second, know your apps' weak points and be prepared. ViaForensics says people tend to use the same password on multiple devices. I know I do. According to Consumer Affairs, many people use obvious passwords, like ABC123, the most common one. And even worse, they tend to use the same password on multiple apps and websites.
If a thief hacks into one vulnerable app, he can gain access to everything in your phone that's not encrypted. And that can include your password from other apps. In other words, once a hacker gets into your phone through one insecure app, all of your information may be at his disposal.
Even if your password is encrypted in sensitive apps, an experienced hacker might still figure it out -- especially if it's an obvious password.
A better password
According to a technology consultant at Sophos Security Software, a password like "F+Wsdfadoe&h" works. How did the expert come up with it? He created a phrase: "Fred and Wilma sat down for a dinner of eggs and ham." Easy enough to remember, right?
PCWorld also suggests various tactics to come up with strong passwords:
- Use a different password for each account.
- Avoid using proper names, pets' names, dictionary words, or names of sports teams.
- Use a mix of uppercase and lowercase letters.
- Use a mix of symbols, like &, %, $, #, and @.
If you're going to input passwords or account numbers, stay away from Wi-Fi hotspots, as they tend to be more dangerous and susceptible to hackers. Best to stay at home when dealing with sensitive data on your smartphone.
More on Money Talks News and MSN Money:
MORE ON MSN MONEY
VIDEO ON MSN MONEY
Point is - You can't let this stuff stop mankind from progress based on fear. Learn the risk, and invest time to learn how to protect yourself.
Copyright © 2013 Microsoft. All rights reserved.
Quotes are real-time for NASDAQ, NYSE and AMEX. See delay times for other exchanges.
Fundamental company data and historical chart data provided by Thomson Reuters (click for restrictions). Real-time quotes provided by BATS Exchange. Real-time index quotes and delayed quotes supplied by Interactive Data Real-Time Services. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by SIX Financial Information.