Your Phone’s Been Pwned: Ten Ways You Could’ve Avoided It

Which of the following best describes you?

1. High flying international mogul, brokering a huge deal in a totalitarian nation with a highly effective intelligence service.
2. Totally deft sports star with bazillions of followers, all awaiting your next tweet.
3. A married playah balancing playmates and prescriptions.
4. Office accountant by day — siphoning, check-kiting, Ponzi-scheming gambler by night.
5. Completely unremarkable in every way — balancing a mortgage, spouse, 2 and half kids, and pet(s).

Eh, guess what, it doesn’t matter.

It’s what these people have in common that’s more important than how they’re different. More and more we are relying on smartphones to help manage our personal and professional lives. Smart devices aren’t just a toy to play Candy Crush, Farmville, and Mobile Strike — they’re now some of the most powerful computing devices available, sporting all manner of interfaces, network connections, sensors, and massive amounts of data. And we have come not just to rely on them as a convenience, but as a necessity.

With our ever-increasing reliance on these devices, we all have a lot to lose if we lose control of the information we trust to stay secure, and in our possession alone. But there are those whose purpose is to take that information from you for their own use.

Pwning, in the context of our discussion on smartphones (pronounced ‘owning’ or ‘p0wning’ or ‘pawning’ depending on your personal preference or whether the person you’re talking to laughs at how you say it — we know, technology is hard) is slang for someone compromising or taking control of your phone by gaining unauthorized access. What they do with that access can range from embarrassing to devastating— to you, your family, your employer, or worse.

The government’s top intelligence official, the Director of National Intelligence, James Clapper, told Congress that cyberthreats are now the highest risk to U.S. national security — more than terrorism. The threat is no less real to us as individuals. It’s a lucrative market for criminal enterprise in identity theft, blackmail, holding data for ransom, industrial espionage, and other nefarious uses.

The wrong time to protect yourself from being pwned is having gotten on the internet afterwards and found this article. We hope you’re here before that happens.

So how can you stay safe? Here are ten of our top tips:

1. Lock it

Use your finger, your face, a PIN, or whatever security access features are provided by your device, and have it kick in immediately. Without locking your phone from immediate, you’re giving a free pass to anyone who just happens to pick up your phone. Not only does it protect you from the guy stealing bank info, but we find it also helps out with that obnoxious friend who likes to surf your pictures without permission. If we want you to see it, we’ll post it on Instagram.

2. Protect it

More and more, developers are beginning to make security applications available for mobile platforms like smartphones. Some regularly spit out annoying and confusing alerts, proclaiming gloom and doom from evil apps like Pandora and Waze, but sometimes the warnings are legitimate and they certainly are beneficial to keep us paying attention. While we can’t officially tell you to ignore such messages, go ahead and put it on the back burner after installing virus protection. You’ve just made your phone a little bit harder of a target than your neighbor’s. Sometimes that’s all that matters when any victim will do.

3. Secure it

Possession is nine-tenths of the law, or so the saying goes. In our case, we’re emphasizing that keeping physical control of the device is extremely important. Getting a physical copy of memory is a piece of cake for even the most junior of forensic professionals, regardless of their motivation. Keep it with you at all times. Leaving your smartphone lying around while you’re three sheets to the wind in a Pattaya go-go bar … well, we can’t help you there.

4. Encrypt it

A lot has been in the news recently regarding encryption, which is simply the process of protecting the data by making it unreadable, even when it has been accessed. It’s another layer of protection for when physical or virtual access security fails. See if your phone supports this feature. If it does, enable it. If it doesn’t, consider getting a device that does. Let the device manufacturers and the government hash it out about whatever they need to, but take advantage of whatever protection you can. It’s that important.

5. Manage it

Having a bunch of apps may seem like fun and allows you to explore new ways of doing things, but they can cause complications down the road (memory usage, data usage, third-party data sharing, and bugs, to name a few). When choosing apps, consider reputable developers and companies whenever possible, and obtain the apps through distribution channels that you have reason to trust. It’s tempting to download free apps “in the wild” (or for some to install cracked versions of paid apps to save a few dollars), but the consequences of doing so can be severe. Especially watch kids on this issue. Once your tried an app and determine it isn’t something you’re likely to use, it’s a good idea to remove them from your phone rather than keep them. Those apps, even when not being used, can still provide pathways into your phone.

6. Update it

This seems like a no-brainer, but rather than go through all the reasons why, let’s just get down to brass tacks: software — all software — is inherently buggy and potentially insecure. Developers are issuing patches regularly for the operating systems and applications for a reason. There’s stuff to fix, and you really should get those fixes. We say the best advice is to always download and install automatically, even if you’re not connected to a Wi-Fi network. The investment in your security is worth the time and relatively low cost of addressing vulnerabilities immediately.

7. Control it

Bluetooth, 3G, 4G, LTE, Wi-Fi, NFC — these are only some of the gateways into your phone. Depending on your usage of the smart device, these network services may be essential and necessary for the functionality you need, and we’re not saying they’re bad. What we say here is that if you’re not using them, you increase your security significantly by turning them off. This is simply about reducing your “radar signature” as you walk around. Most phones have an easily accessible ‘airplane mode.’ Pro Tip: You don’t even need to be on an airplane to use it.

8. Find it

Mistakes happen, such as unintentionally leaving your phone in that aforementioned Pattaya go-go bar. These places aren’t always filled with criminals just waiting to compromise you — sometimes they’re just regular bartenders and customers, trying to get by like the rest of us, with dignity and compassion for others, and who take pleasure in helping others. Then again, sometimes not. Either way, you’re going to want to recover your device, and for that you need to know where to go. Enable device tracking when available and contact authorities when advisable. Also, a finders fee or reward is sometimes a good incentive to ensure safe return of your device. However, if your phone points to this house in Atlanta, realize you just entered the GPS twilight world and that the people living there did not steal your phone.

9. Remember passwords

We’re not just talking about complex passwords here (we all know by now that using “password” or “1234” is just a recipe for disaster). What we’re talking about is actually securing your passwords. In the same way folks have been told not to write their passwords on sticky notes plastered on their desktop monitors, keeping your passwords confidential in mobile devices is just as important. Consider using a third-party app for this, but shy away from allowing your built-in browsers to remember them for you. While autofill may be convenient for you, your browser isn’t picky about whether you’re you, or someone else is tapping around on your bank account bookmark.

10. Wipe it

When all else fails and you cannot find your smartphone, or when it’s time for the next, best, killer device: wipe it. By this we mean completely: virtually and physically. This includes main memory, extended memory, fingerprints, bodily fluids … you get the picture. If it’s lost, you can wipe the memory remotely, if enabled. Need something more powerful than the default wipe app? Check out these.

Did we miss any key pieces of advice you’d care to share? If so, please enlighten us.