Choosing a Right Secure Mobile for Yourself

March 6, 2011, by | Start Discussion


Mobile phones have now become capable of performing much beyond than simply managing calls and messages. From just mobile phones initially they have evolved into smart-phones. From serving as a dedicated Camera, to solving almost all the purposes of a mini computer, mobile phones are everywhere. Powered with 3G services, super-mobiles will replace computers and laptops very soon.

This advancement in the mobile technology comes at a cost of a very important thing- Security. Mobile devices and the data stored on them are of critical nature for the owner, and if the device is lost then confidentiality of the user data can be at stake, if proper security mechanisms are not implemented. The purpose of this article is to create awareness about the security features, which a buyer/user should keep in mind before purchasing a mobile phone. I have tabulated these features below. Let's look at them one by one.

Phone Lock and SIM Lock

Any device (a low-end or high-end) comes preloaded with some of the basic security features. Capability of locking a phone and/or SIM card is definitely one of them. The phone should be capable of getting locked all by itself, if it is kept idle for some time. Also, mechanisms should be in place to set/reset the pass code whenever user wants to do so. In case of a phone restart, the phone should prompt for the pass code and SIM code. The phone should get bricked after a definite number of unsuccessful attempts.

Application Lock

The phone should provide basic mechanisms to restrict access to sensitive applications like Camera, Contacts, Messaging, Internet, Phone Settings etc. The phone should prompt for a pass code, every time someone wants to access those applications, even if the phone is in unlocked state.

Mobile Tracker

The phone should come preloaded (or at least support) with a mobile tracking application. When turned on, the mobile tracker sends messages to designated numbers, whenever the SIM card is changed. So, in case of a theft, the mobile tracker can be used to locate the mobile phone.

Encryption 

The data stored in the mobile phone can be compromised if it is not encrypted. Proper encryption mechanisms should be put in place to make sure that the data residing in device memory and on memory card is encrypted. The access to memory card should be password protected. If taken out, the memory card should corrupt itself.

Protection against Malware

With the increase in the usage of internet, threats from Malwares and Trojans have increased. A good built-in/downloadable anti-virus should be available for the device which you are going to buy. Also, the Anti-virus should be configured properly to make sure hourly/daily scans and updates.

Bluejacking

Bluetooth is another entry point for the malwares. Malwares can be delivered by using the connectivity services supported by a device left in discoverable mode. The mobile should be configured to turn off Bluetooth, if it is left unused for a definite amount of time.

Remote-Wipe

In case of a theft, the data residing on the mobile is in risk of being compromised. To circumvent this problem, provisions should be made to ensure a remote-lock and/or remote-wipe of the data present on the device.

Certificate Check

In the present world of mobile apps, it is possible to download/install a Malware along with an app. To ensure safety against them, proper mechanisms should be put in place to check for the certificates/signed-unsigned status of the app which is currently being installed on the device. The phone setup should accommodate features to turn the certificate check ON. Also, any application which is doing unauthorized things like establishing an internet connection without user's permission should be removed from the mobile phone, even if it is signed.

Safety for Online accounts 

Smart phones are a good tool to remain connected to the world not only by means of the basic telephony services but also by using the internet connectivity which they readily provide. The phone should at least provide basic encryption mechanisms for such connections. The password, for ex, should never be sent in the clear text. Data like cookies and session variables should be stored in a location which is inaccessible to the user.

Although, the list provided above is not an exhaustive one, in this article I have tried to cover all the main security mechanisms which must be present in a smart phone in order to make it do smart things in a safer way. In order to get any clarifications, you can reach me at [email protected].

Happy Smart-Phoning !!


Shivendra Saxena is currently working with Infosys Technologies ltd as a Security Consultant. He has a hands-on experience on secure code analysis tools like Codesecure and AppScan. He latest area of research is Mobile security. He is a part of Infosys Mobile security solutions team.

Leave a Reply