Posts

Apple vs FBI: Why the iPhone Backdoor is a Necessary Fight

Apple vs FBI: Building a backdoor into the iPhone is like burning the haystack… 

I’ve been asked almost 100 times since Apple rejected the FBI’s request to break into the iPhone of the San Bernadino killers which side I support. I am a firm believer that the most complex problems (this is one of them) deserve the simplest explanations. Here is the simplest way that I can walk you through the argument:

  • If your immediate response, like many, is to side with Apple – “Don’t hack into your own operating system, it set’s a bad precedent” – then you have a good strong natural reflex when it comes to privacy. But don’t stop your thinking after your first reaction or thought, as it might be incomplete, because…
  • This is an intricate and nuanced balance between 1) personal privacy (don’t allow Apple or the FBI access into this particular phone), 2) public privacy (once Apple makes an exception for this case, the FBI (or Apple) could potentially open the iPhone in all cases), 3) security (by building in a backdoor for legitimate purposes, you will be opening it for hackers as well) and 4) national security (without access to this info, other terrorists might go undetected).
  • If it were your family member that had been murdered, you would probably agree that law enforcement should have every tool at their disposal to track down the murderers or criminals, and privacy be damned. You would also note that…
  • There are thousands of precedents for the FBI to obtain search warrants into suspects homes, emails, phone calls and the like. Ask yourself why this request is any different.
  • It’s a slippery slope. First the iPhone, then your encrypted password protection software, private Facebook history – you name it. The FBI’s solution is roughly the equivalent of giving the government a key to every home in America and letting them decide when to use it. By applying a broad brush stroke (build a backdoor into the security of every iPhone) when a fine-tipped pencil would be more than adequate (learning more about a single case – the San Bernardino killers and their connections), you forever  lose control of the master key. As was put so eloquently in an article by Wired (I cite this particular article because I agree with it), “Apple is not being asked to unlock an iPhone; it’s being asked to create software that would help the FBI unlock it.” To me, those are two completely different requests.
  • A backdoor would give law enforcement an additional tool to solve tens or hundreds of crimes, but in the meantime endangering the data of nearly a billion users. If Apple complies, what happens when China asks Apple to unlock a phone based on the earlier precedent – does Apple hand over information that could lead to political persecution? In other words…

Building a backdoor into the iPhone is the equivalent of burning the haystack to find a needle. You simply have to ask yourself honestly if the needle is worth the ashes. 

5 Possible Solutions in the Apple vs. FBI iPhone Backdoor Case

  1. Let it go. Sometimes you don’t have all of the evidence in a criminal case. Whether the murder weapon cannot be found or the iPhone data cannot be obtained, the case is resolved in other ways. The NSA (as exposed by Edward Snowden) has done nothing to engender our trust in government organizations collecting and using data on American citizens. They abused their powers of data collection in that case, so we all wonder why it would be any different in this case.
  2. Stop pretending that Apple can build a one-time backdoor. Encryption doesn’t work that way. Security doesn’t work that way. The minute you tinker, the entire house of cards falls and exposure becomes the rule, not the exception. If the information on the phone is important enough, at least admit you are willing to put the data of a billion people at risk.
  3. Upgrade your hackers at the FBI. I’ve had several white-hats hackers suggest that the iPhone can be cracked. Hackers are sometimes a cocky bunch (that’s what makes them good, by the way), but I’ve seen them hack almost every device possible with a creativity that would make Picasso proud, so I wouldn’t put it past them.
  4. Take this conversation off line. Ultimately, I think this question will be decided in back rooms where the public doesn’t get to see the answer (we are, in fact, a representative democracy where much of what happens does so behind closed doors). And frankly, I think it should be. There is too little awareness of the complexities we are dealing with here, and the emotional responses that we all have are only getting in the way.
  5. Do something, Congress! There are thousands of similar cases to be decided in the future and very little in the way of legislation to guide the way. Most of the laws being quoted in this case go back a half a century. Congress should catch up with technology and set some guidelines and oversight on the privacy vs. security question. We are a smart enough society to allow for gray areas in between a media that immortalizes black and white.

I believe that Apple is doing the right thing in standing their ground an not creating a system-wide backdoor into the iPhone. I also believe that the FBI is doing the right thing in trying to obtain every piece of information they can to resolve a past or future crime. This should not include a systemic hack of the iPhone or any computer system. The strength of our democracy is in the tension that exists between those two stances and the system of checks and balances that keep either position from being extreme.

I guarantee you that there is a way to set down the paint brush and pick up the pencil – to create a solution that impacts one phone, not millions – and that it is possible to balance public privacy with national security. It may not pertain to this particular case, but it will to all of those future cases waiting to happen. In the end, isn’t that what we all want? If you agree, write your Congressperson and ask them create laws that address the current privacy/security confusion.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Mobile Apps Turn Smartphone Into Weapon

, ,

You and I have come to think of our Smartphones as indispensable tools. Flaws recently discovered in mobile apps for Facebook, Linkedin and Dropbox could turn our tools into weapons by exposing us to data theft at many levels, including personal identity theft and corporate data loss.

Taking  extra precautions now will protect not only your Smartphone but other devices, too, as the flaw may well be present in other mobile applications including many iOS games.

Apparently, Facebook’s iOS and Android apps don’t encrypt their users’ login credentials. These flaws expose users to identity theft by saving user authentication keys (usernames and passwords) in easily accessible, plain text files. These unencrypted files may be stolen, transferred to another device in a matter of minutes, and used to access the victim’s accounts without ever having to enter any user login credentials.

Security researcher Gareth Wright reported discovering the flaw in the mobile Facebook application for iOS late last week. Wright sent his Facebook .plist to an associate — Scoopz blogger Neil Cooper — who copied the file onto his own device, opened up the Facebook app, and had immediate, full access to Wright’s Facebook account.”

Facebook is working on closing the gap in security according to Wright  but the app developers must start encrypting the 60-day access token that Facebook supplies. Otherwise, there’s a world of private information just waiting to be tapped. Think of the chaos in trying to recover from identity theft of that magnitude.

In the meantime, here are some actions you can take to protect yourself:

  1. Don’t plug your Smartphone into a shared PC, public dock or charging station.
  2. If you do use a PC for charging, lock your device for the charge, and don’t unlock it until you remove it from the PC.
  3. Use strong passwords including letters, numbers, symbols, upper and lower case. Don’t rely on a four-digit password.
  4. Turn on the ‘Find My iPhone’ function.

The potential for criminals to exploit this flaw is enormous. You’ll be well served to take every precaution before you feel the nauseating pit of your stomach once you’ve been hacked. Further Resources on Mobile App Hacking.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

4 Critical Steps to Mobile Security (iPhones, iPads, Laptops)

, ,

Is your favorite gadget burning your bottom line?

No, I’m not referring to the unproductive hours you spend on Angry Birds. I’m talking about mobile security.

Why is Mobile Security So Vital?

Think about the most indispensible gadget you use for work – the one without which you cannot survive. I’m taking a calculated guess here, but I bet your list doesn’t include a photocopier, fax or even a desktop computer. Business people have become highly dependent on digital devices that keep them connected, efficient, flexible and independent no matter where they are. In other words, we are addicted to our mobile gadgets: iPhones, Droids, BlackBerrys, iPads, tablets, laptops and the corresponding Wi-Fi connections that link us to the business world.

To stay nimble and ahead of the game, we must be able to respond to any request (a call, email, social media post, text message), research anything (a client’s background, solutions to a problem) and stay current on what’s happening in our field of influence (breaking news, tweets) even when we are out of the office.

But the same gadgets that give us a distinct competitive advantage, if left unprotected, can give data thieves and unethical competitors a huge and unfair criminal advantage. The net result of organizational data theft can be devastating to your job security, your bottom line, and your long-term reputation. The solution, of course, is to proactively protect your mobile office, whether it’s digital, physical or both. Mobile security is not optional.

Data Thieves Target Mobile Offices

What is a mobile office? If you own any of the gadgets listed above and use them even in minor ways for work (checking email, surfing, social media), you have a mobile office. Smartphones and tablets are more powerful than the desktops of just three years ago. Laptops are the bull’s eye for data thieves, though their attention is quickly moving to smaller, easier-to-steal gadgets. If you work out of your car, travel for your company or have a home office in addition to your regular workplace, you are a mobile worker.

Ignoring the call to protect these devices is no different than operating your office computer without virus protection, passwords, security patches or even the most basic physical protection.  If you do nothing about the risk, you will get stung, and in the process, may lose your job, your profits and potentially even your company. The threat isn’t idle – I lost my business because I refused to acknowledge the power of information and the importance of protecting it like gold.

To protect yourself and your company from becoming victims of mobile data theft, start with the 4 Critical Steps to Defend Your Mobile Gadgets:

  1. Make sure that employees aren’t installing data hijacking apps (like the Chess app that was pulled from the Android Marketplace because it was siphoning bank account logins off of users’ smartphones) on their smartphones and tablets thinking that they are harmless games.
  2. Implement basic mobile security on all mobile devices, including: secure passwords, remote tracking and wiping, auto-lock, auto-wipe and call-in account protection.
  3. Only utilize protected Wi-Fi connections to access the web. Free hotspots are constantly monitored by data sniffers looking to piggyback into your corporate website.
  4. Don’t ignore non-digital data theft risks like client files left in cars, hotel rooms and off-site offices. The tendency to over-focus on digital threats leaves your physical flank (documents, files, paper trash, etc.) exposed.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Mobile Security Webinar: Defending SmartPhones, iPads, Laptops Against Cyber Attacks

,

Cyber Attack Webinar - John Sileo

  • Are iPhones, Droids and BlackBerry mobile phones secure enough to be used for sensitive business?
  • What is App Hijacking and how do I keep it from stealing all of my GPS coordinates, contacts, logins and emails?
  • Given that laptops account for almost 50% of workplace data theft, how do I protect myself and my company?
  • Are Wi-Fi Hot Spots a recipie for data hijacking disaster and what is the alternative?
  • How do I protect my personal and professional files that live in the cloud (Gmail, DropBox)?

Free Webinar – Cyber Attack: Data Defense for Your Mobile Office

In the information economy, tools like the iPad, WiFi and smartphones have shifted the competitive landscape in favor of mobile-savvy businesses. But are you in control of your information, or are you being controlled? Learn how to be in control of your critical information while protecting your business’ mobile-digital assets.

This Webinar series, sponsored by Deluxe®, is a multi-part interactive Webinar series designed to address these topics and provide simple, actionable tools to protect and enhance the efficiency with which you run your business.

In this class, Cyber Attack: Data Defense for your Mobile Office, you will learn how to:

  • Protect smartphones and tablets from common attacks, including app hijacking, Wi-fi Sniffing, Link Jacking and other criminal tools.
  • Weigh the pros and cons of cloud-computing model (Gmail, SalesForce, online billing).
  • Lock down Wi-Fi data leakage in the office and on the road.
  • Protect your traveling office in hotel rooms, airports and off-site offices

Interactive Q & A to follow. All registrants will receive a FREE Whitepaper after the webinar.

Tuesday, January 31, 2:00 – 3:00 pm EST | 1:00 pm – 2:00 pm CST | 11:00 am – 12:00 pm PST

iPhone Location Tracking Leads to Privacy Lawsuit

Apple has been hit with a lawsuit in Florida alleging the company is violating iPhone user’s privacy and committing computer fraud. The case came in response to news that the iPhone maintains a time stamped location log, and that data is also stored on user’s computers.

The lawsuit was filed in Federal court in Tampa Florida on April 25 by two customers who claimed Apple was tracking iPhone owner’s movements without consent, according to Bloomberg.

The case was filed after word that the iPhone and iPad with 3G support maintains an unencrypted log file showing where users are based on cell tower triangulation. That file is transferred to user’s computers during the sync process with iTunes and is maintained as part of the device’s backup file collection.

Location logging has been active in the iPhone and 3G iPad since the release of iOS 4 last June, which means some users have nearly a year’s worth of data stored away. Apple is denying that they are actively tracking user locations.

Click Here to Read More…

Award-winning author and identity theft keynote speaker John Sileo trains executives and employees to respect and protect the data that makes their company profitable. His clients included the Department of Defense, Homeland Security, FDIC, Pfizer, Blue Cross and organizations of all sizes. Contact him directly on 800.258.8076 or watch him deliver an Identity Theft Speech.

iPhone and Droid Want to Be Your Big Brother

, ,

Remember the iconic 1984 Super Bowl ad with Apple shattering Big Brother? How times have changed! Now they are Big Brother.

According to recent Wall Street Journal findings, Apple Inc.’s iPhones and Google Inc.’s Android smartphones regularly transmit your locations back to Apple and Google, respectively. This new information only intensifies the privacy concerns that many people already have regarding smartphones. Essentially, they know where you are anytime your phone is on, and can sell that to advertisers in your area (or will be selling it soon enough).

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

You may ask, “don’t all cell phone carriers know where you are due to cell tower usage?” Yes, but Google and Apple are not cell phone carriers, they are software and hardware designers and should have no real reason (other than information control) to be tracking your every move without your knowledge. Google and Apple are not AT&T or Verizon, therefore they should not be recording, synching and transmitting your location like it appears they are.

Both companies are trying to build huge databases that allow them to pinpoint your exact location. So how are they doing it? By recording the cell phone towers and WiFi hotspots that you pass and that your phone utilizes. This data will ultimately be used to help them market location based services to their audience, which is a market that is expected to rise $6 billion in the next 3 years.

The Wall Street Journal found through research by security analyst Samy Kamkar, the HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It transmitted the name, location and signal strength of any nearby WiFi networks, as well as a unique phone identifier. This was not as personal of information like what the Street-View cars collected that Google had to shut down some time ago.

So what do we do now? According to the Wall Street Journal, neither Apple or Google commented when contacted about these findings, so it is hard to know the extent of how they are using the data collected. Right now, there really isn’t much you can do to stop GPS tracing of your location without your consent. Of course you could power down your phone, but we are all way too additcted to these handy little digital Swiss Army Knives to do that. You can turn of GPS services, but again, that makes it impossible to use maps and other location-based apps.

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

While this may be the future of privacy, it is better that we are aware of what may come rather than remain in the dark about the possibilities of technology.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.

Are You Begging to Get Fired?

, , , ,

We’ve all done it before – left the table to get a coffee refill or go to the bathroom and left our laptop, iPad, smartphone or purse sitting on the table. We justify it by telling ourselves that we are in a friendly place and will only be gone a second. Our tendency is to blame technology for information theft, but the heart of the problem is almost always a human error, like leaving our devices unattended. Realizing that carelessness is the source of most laptop theft makes it a fairly easy problem to solve.

My office is directly above a Starbucks, so I spend way too much time there. And EVERY time I’m there, I watch someone head off to the restroom (see video) or refill their coffee and leave their laptop, iPad, iPhone, briefcase, purse, client files and just about everything else lying around on their table like a self-service gadget buffet for criminals and opportunists alike.

I trust deeply in the honesty and integrity of the people I know well, but if you are trusting your Starbucks crowd with this amazingly valuable data, you are going to get a steaming hot lap full of trouble. Data thieves target places like this because it is an upscale, trusting clientele. Just ask Ben Bernake, Chairman of the Federal Reserve, whose wife got taken at a Starbucks.

Just about 50% of major corporate data breaches are caused by the theft of a laptop computer. They don’t want the computer, they want the data on it, and it can cost your business millions. The average breach recovery cost, according to the highly respected Ponemon Institute, is $6.75 million dollars.

It’s one thing if you leave a personal computer and it gets stolen – you aren’t harming anyone other than you and your family. But when it’s a company computer, or has work files on it, you are putting your employer at risk for lawsuits, government compliance fines, reputation damage and months of headaches.

The answer is simple: train your employees first on personal responsibility with their data-bearing gadgets. If they understand the selfish reasons not to abandon their laptop or iPad in a cafe (the data on it is worth a mint, they could lose their job, etc.), the chances of them applying what they have learned strengthens. Additional points of training can include:

  • Proper usage guidelines including what data can be loaded to the laptop and what cannot.
  • Good password habits and a strong login password that is shared with no one.
  • Proper use of WiFi (not the free hotspots at the cafe, airport or hotel)
  • Tethering, remote tracking and remote wiping techniques to minimize risk.
  • Encryption, especially simple PDF password encryption to email private files.
  • Proper physical security while traveling with the laptop.

If you are going to expose yourself and your company while getting another cup of coffee, you might as well apply for a job as a Barista while you are there. Don’t endanger the health of your company (or the safety of your own personal data) for the sake of convenience. Next time, you might be the one caught on video.

Award-winning author and identity theft keynote speaker John Sileo trains executives and employees to respect and protect the data that makes their company profitable. His clients included the Department of Defense, Homeland Security, FDIC, Pfizer, Blue Cross and organizations of all sizes. Contact him directly on 800.258.8076 or watch him deliver an Identity Theft Speech.

Smartphone Survival Guide Now Available For The Kindle!

Identity Theft Expert John Sileo has partnered with Amazon.com for a limited time to offer the Smartphone Survival Guide for Kindle at 1/4 of the retail price.

Click Here to Order Today!

The Smartphone Survival Guide: 10 Critical Tips in 10 Minutes

Smartphones are the next wave of data hijacking. Let this Survival Guide help you defend yourself before it’s too late.

Smartphones are quickly becoming the fashionable (and simplest) way for thieves to steal private data. Case in point: Google was recently forced to remove 21 popular Android apps from its official application website, Android Market, because the applications were built to look like useful software but acted like electronic wiretaps. At first glance, apps like Chess appear to be legitimate, but when installed, turn into a data-hijacking machine that siphons private information back to the developer.

The Smartphone Survival Guide gives you extensive background knowledge on many of the safety and privacy issues that plague Smartphones, including iPhone, BlackBerry, Android and Windows Phone. Mobile computing is an indispensable tool in the modern world of constant connectivity, but you must protect these powerful tools. Mobile access to the web is here to stay, but we must learn to harness and control it. So whether you are reading this to help protect your own personal Smartphone, or valuable corporate assets, the Smartphone Survival Guide will start you in the right direction.

John Sileo’s Smartphone Survival Guide was recently mentioned in the New York Times.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.


Stupid App Usage Makes Your Smartphone a Fraud Magnet

,

With the recent avalanche of digital convenience and mass centralization comes our next greatest privacy threat –  the stupid use of Mobile Apps. As a society, we depend on the latest technology and instant connectivity so desperately that we rarely take the time to vet the application software (Apps) we install on our mobile phones (and with the introduction of the Mac App store, on our Macs). But many of the Apps out there have not been time-tested like the software on our computers. As much as we love to bash Microsoft and Adobe, they do have a track record of patching security concerns.

The ability to have all of your information at your fingertips on one device is breathtakingly convenient. My iPhone, for example, is used daily as an email client, web browser, book, radio, iPod, compass, recording device, address book, word processor, blog editor, calculator, camera, high-definition video recorder, to-do list, GPS, map, remote control, contact manager, Facebook client, backup device, digital filing cabinet, travel agent, newsreader and phone… among others (which is why I minimize my stupidity by following the steps I set out in the Smart Phone Survival Guide).

Anytime that much information is stored in one place, it becomes a fraud magnet. Anytime that many individual software programs make it onto a single device (without proper due diligence, i.e., with stupidity), it becomes an easy target for identity thieves and interns from your competitor who happen to buy their coffee at the same Starbucks as you and get paid to nick your phone while you’re in line. And it’s not just criminals trying to take advantage of you. As we’ve learned by the amount of personal information that Apps like [intlink id=”3968″ type=”post”]Pandora[/intlink] drain from your mobile phone, advertisers are just as hungry for your bits and bytes.

In 2010, the number of individuals hacked through applications on their Smartphone rose drastically. Hacks aren’t just gaining access to usernames and passwords on individual applications, they are betting on the numbers and applying those same credentials to crack your bank accounts, investments and credit cards. Admit it, on how many websites do you use the same password? But the real damage comes when company privacy is compromised (customer data, confidential emails, contact lists, access into corporate systems, etc.). It’s so easy to download a new App without thinking about who created it and what terms you agreed to by downloading it (several months ago, two of the top downloaded game Apps were produced by the North Korean government and focused on collecting and transmitting your data back to Communist Central.

As if Stupid App Use by itself isn’t threatening enough,  It is rumored that the next generation of iPads, iPhones and iPod Touchs will have  Near-Field Communication capabilities. NFC is where the device can beam and receive credit card and payment information within 4 inches. It is very similar to how people can [intlink id=”3848″ type=”post”]electronically pickpocket[/intlink] your credit card information using RFID technology. You would be able to swipe your device – or in this case your Smartphone – and be able to withdraw money from your bank account to pay for purchases, or to transfer some of your wealth to dishonest posers.

So what’s the good news? Simple. If you are taking steps to protect your mobile phone, your Apps and yourself, your risk drops below the panic line. Be careful about what Apps you download onto your phone without knowing anything about them. Use discretion when loading data to your phone and ask yourself if you really need to carry that on your handset. Set up a time-out password, remote tracking and wiping capabilities and consider security software and encryption. These basic steps will convince a would be thief to move on to their next victim.

John Sileo is the award-winning author of the Smartphone Survival Guide: 10 Critical Security Tips in 10 Minutes and four other books. He speaks professionally on playing information offense to avoid identity theft, social media exposure, cyber fraud, data breach and reputation manipulation. Learn more at www.ThinkLikeASpy.com.

Identity Theft Expert Releases Smartphone Survival Guide

, ,

In response to the increasing data theft threat posed by Smartphones, identity theft expert John Sileo has released The Smartphone Survival Guide. Because of their mobility and computing power, smartphones are the next wave of data hijacking. iPhone, BlackBerry and Droid users carry so much sensitive data on their phones, and because they are so easily compromised, it’s disastrous when they fall into the wrong hands.

Denver, CO (PRWEB) March 7, 2011

Smartphone Survival Guide

Smartphones are quickly becoming the fashionable (and simplest) way for thieves to steal private data. Case in point: Google was recently forced to remove 21 popular Android apps from it’s official application website, Android Market, because the applications were built to look like useful software but acted like electronic wiretaps. At first glance, apps like Chess appear to be legitimate, but when installed, turn into a data-hijacking machine that siphons private information back to the developer.

In response to this new threat facing iPhone, BlackBerry, Droid and Windows Phone users, identity theft expert John Sileo has just released “The Smartphone Survival Guide: 10 Critical Security Tips in 10 Minutes.”

“Once you download a Trojan app” says Sileo, “the thief has more control over your phone than you do. Your privacy is an open book… your identity, contact list, files, emails, texts, passwords… all of it. This doesn’t just threaten the individual phone owner, it threatens the organizations they work in and the data they handle every day.”

At the heart of the problem is the breathtaking convenience and efficiency provided by mobile phones that have become “Smart” because they also function as computers, books, GPS devices, payment systems, web browsers, radios, iPods and so much more. Unfortunately, blinded by the thrill and functionality of the latest app, users rarely take the time to vet the software that can be installed in seconds, from anywhere.

“There are no significant barriers to entry, for either us OR the thieves,” says Sileo of the app-based model of acquiring new software. “You can read about an app on a web page, download it and be using it in under a minute. And you probably didn’t even have to pay for it… at least with cash.” You’re paying dearly, Sileo

maintains, by trading away private information, surfing habits, bank account numbers or company financials.

The Smartphone Survival Guide outlines the major threats posed by mobile phones with internet access and gives a range of solutions for drastically lowering risk. Sileo points out that most data stolen off of Smartphones isn’t just a technology problem:

“Despite the intoxicating power of technology, the underlying problem is always a human problem. Don’t waste energy trying to fix the gadget – that’s someone else’s responsibility. Focus on the behaviors that allow employees to maintain a healthy balance between productivity and security. Deliberate, focused training has the highest ROI, not obsessing over the latest data leakage.”

The Smartphone Survival Guide describes a range of solutions in a quick and accessible fashion, such as:

  • Turn on auto-lock password protection and corresponding encryption.
  • Enable remote tracking and remote wipe capabilities in case the phone is lost or stolen.
  • Minimize app spying with security software and smart habits.
  • Customize geo-location and application privacy permissions.
  • Be wary of free apps – users are almost always paying with private data.
  • Before downloading an app, ask a few questions: How long has the app been available – long enough for someone else to detect a problem? Is the publisher of the app reputable? Have they produced other successful smartphone applications, or is this their first? Has the app been reviewed by a reputable tech journal?

Smartphones and the data on them are obviously at risk, but it remains to be seen whether users will alter their behavior before it’s too late. If not, it will be but one more example of human choices leading to technological data hijacking.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.