When I was growing up, my father used to have a saying: "Beauty is only skin deep, but dumb goes clear to the bone." Feel free to draw your own conclusions.
As we collectively wander America with our ubiquitous smartphones glued to our lives, most of us don't realize how fragile the relationship really is with this device. Think about it -- you have your diary, wallet, phone, social support system, and best friend all wrapped up in one piece of hardware. One slip, and it's all toast.
Your diary is hidden under the mattress; your wallet is securely tucked in your jeans; and your best friend knows your girlfriend is way off limits. Yet your smartphone gets left on the counter at Starbucks and you continue to download apps written in a cyber crime-lab in the Ukraine. "Bone-deep dumb" is well within the reach of us all.
Smartphone security disasters come in many forms. Given my security background and, honestly, my circle of friends and relatives, I think I may have seen every smartphone judgment mistake known to mankind. For your entertainment, education, and help in avoiding a big ‘Hack me, please' sign on your back, I've listed my top five smartphone mistakes below:1. Download apps from unverified sources. Whether you know it or not, every app on your smartphone is a potential security risk. A well-meaning app treats you fair, while a malicious app might be recording your keystrokes, accessing your contact list, and signing you up for expensive services you never wanted. Every app is a potential risk, but the ones you download from unauthorized sources are far riskier. Either play within the lines (authorized Apple, Google, and Microsoft app stores) or risk an unexpected friend sharing your smartphone with you. Yeah, I know, that new version of Happy Bugs that just went viral is so tempting, and your best friend did recommend it -- but stay away. 2. Jailbreak your smartphone. There seems to be some appeal to be the guy at lunch who holds up his smartphone and proudly says it's been jailbroken (modified to bypass the original security features). At the risk of offending my tech fiends, I always think of this as the geek version of, "Hey, y'all, watch this!" There's a reason they don't let lawn tractors into hotel lobbies, just as there's a reason to trust Apple, Google, and Microsoft to have built smartphone operating systems that protect us from security risks. Everyone who thinks they're smarter than the guys at Google, mount your lawn tractors for the 3:00 A.M. race. 3. Going smartphone commando -- no passcode. Think about the embarrassment of having a bunch of high school students sitting around the lunch table wandering through your smartphone! This would be so easy to arrange; just drop your smartphone by accident at the mall without a passcode set. Emails and photos would be hit first (are any of us safe?), then social apps, and finally any app that could be used for fun and profit. The guitar you just unexpectedly bought for a deserving, yet unknown 16-year-old through your eBay account might be the least of your problems. Explaining your new Facebook status (your upcoming marriage to the Russian cross-dresser) to Grandma might be a bit more of a problem. You will misplace your smartphone sometime in the future, so why make it easy for a teen to use it?
Fun fact: 62% of smartphone users do not use password protection on their smartphones (Javelin Strategy & Research)4. Pride goes before a fall or its smartphone equivalent. So, you're thinking you're one of the smart ones -- you've added a passcode and you never, ever download an app that doesn't have a pedigree. Given this feeling of safety, you're storing all kinds of private, secret, and embarrassing things on your smartphone. The good news is that the average bear will be thoroughly thwarted by a passcode-protected smartphone. The bad news is that the pasty-looking kid living in his mom's basement could break your code in about 30 minutes. Maybe keeping those pictures from Las Vegas are not the best idea.
Repeat after me: There are no secrets; there are no 100% secure smartphones.5. Smartphone OS updates are never optional. We're not building rockets here, but when your crazy boyfriend moves out, it's time to change the locks. It's inexpensive, and your flat-panel TV will be there when you get home from work.
It's a cyber war out there; hackers figure out new ways to compromise smartphones, and then new OS versions are released to neutralize the vulnerabilities. When Apple, Google, or Microsoft send out a new OS update, it almost always means they have discovered and fixed a security problem. The more updates you skip, the more likely you are to get hacked during normal smartphone operations. Think of the hackers as your crazy ex and Apple (or Google or Microsoft) as handling the new locks. The bill you get for the fake calls to Bolivia (remember that seedy web site you visited?) will cost you more than a new TV.
A final tip from my dad: Never pay for a subway token with a $50 bill.
Alan Wlasuk is a managing partner of 403 Web Security, which is a full service, secure web application development company.