This is a guest post by Alyse.
If it's connected to the Internet, it can be hacked. For years, this was mainly a concern to PC users and IT guys, but anything that achieves mainstream usage and market share will eventually attract black hat types. From greedy cyber-criminals to malicious joy riders, the latest lure is the Internet-connected device in everyone's pocket.
Unfortunately, the very things that make our Smartphone’s and tablets so appealing to us -- mobility, ease of use, always-on communications -- render mobile devices even more exposed to the hijinks of hackers. Plus, let's face it -- most of the people walking around with tablets and Smartphone’s aren't going to take the same basic security precautions that have become second-nature to "serious" PC and IT folks.
With that in mind, let's run down a checklist of what you can and should be doing to make your constant mobile companion as safe as possible.
They're Just Little Computers
Although hackers need a different set of tools to gain access of a mobile device, many of the vulnerabilities are very similar to well-known PC security risks. Browser exploits, email phishing, password cracking -- all of the classic holes can be found on mobile devices.
How to protect yourself: Simple common security precautions: use strong passwords, don't open unknown attachments or click on unknown links, use HTTPS whenever you can while browsing, pay even closer attention to security certificate warnings, and avoid transmitting personal and financial data as much as possible (and never unencrypted!).
There's an App for That
iOS users don't yet need too much app help for security and antivirus tasks, but the Google or Amazon app markets should be your first stop for mobile security and antivirus solutions.
How to protect yourself: Use one of the big security names like avast!, Norton, and Kapersky, or a proven mobile-specific security developer such as Lookout or Antivirus Free by Creative Apps.
Cool the Hotspot
Many mobile devices, especially tablets, regularly connect to the Internet via Wi-Fi. This means that they share all of the risks of any wireless network, which can be infiltrated by any self-respecting hacker with a sniffer, or simply riding on the same public hotspot.
How to protect yourself: Practice basic router sense by changing the default login and SSID using strong passwords, enabling WEP / WPA encryption, restricting allowed devices (MAC filtering), and making sure the firewall is active. On the device side, turn off any "auto-connect to Wi-Fi networks" settings, and disable Wi-Fi completely when it's not needed. In addition to being more secure, this will noticeably increase your battery life.
Stop Malicious Apps Before They Start
This tends to be a bigger problem with Android, because Apple has historically been very restrictive when reviewing app submissions. Still, some things get by the review process on any mobile OS, so you should be very careful when downloading and installing, especially if you are "side loading" (i.e., installing an APK from a non-market source).
How to protect yourself: Don't leave everything up to the antivirus software. Do your research before adding apps. Check for plenty of reviews (number of downloads means nothing). Note how long the app has been available, and investigate developer websites (and any other apps they may have). Think carefully about the requested permissions -- a flashlight app does not need to know your location or connect to the Internet.
Location, Location, Location
Location tracking is a common worry for most Smartphone users, all the more so since Apple and Google were questioned by the federal government for keeping detailed logs of user coordinates. The good news is that GPS data is securely transmitted, but the bad news is that many phones use a technology called "Assisted GPS" which makes an insecure connection to cell towers. Because it's a low-level process, hackers could get access to the processor itself, enabling remote takeover.
How to protect yourself: Find the "Assisted GPS" setting on your phone, and make sure that it's turned off. This will make it a little harder for you to get your exact location, but it will close a major hole in your mobile security.
When Texts Attack
Simple SMS / MMS text messages can be used by hackers, for DoS attacks or in many of the same ways that email is vulnerable. But there's no "spam filter" for texts, and SMS is "always on" by default, so there may be no way of avoiding opening potentially malware-bearing messages with links or embedded multimedia attachments (pictures, graphics, and sounds). Luckily, SMS exploits are relatively rare, but the sheer vulnerability of them is appealing to hackers.
How to protect yourself: You'll be safest if you can turn off the automatic multimedia display so that you need to click on any attachment first, but not all devices have this function. If you get a text from an unknown number, it may be safest to delete it ASAP before reading it.
Armed with these tips, you should be as safe as possible from the black hat hackers out there. As we've seen, there's nothing that can't be hacked, but if you make it difficult enough, they'll go find something easier to mess with. Oh, and one final tip: the most time-honored way to gain access to a device is to simply pick it up and walk away. It's not very high-tech, but keeping an eye on your Smartphone and tablet at all times may be the best advice of all.