Smartphones have changed the landscape of technology since the iPhone’s initial release years ago. Communication is easier than ever, but that also makes it easier for hackers to access personal information.
Students gain many misconceptions surrounding computer hacking — especially when dealing with smartphones — through the media, according to BYU information technology professor Dale Rowe.
“TV always makes it a lot simpler than it really is,” Rowe said. “You watch TV and it’s a 2-minute or 20-second path where someone jumps across three firewalls and there’s all this techno-babble that doesn’t mean anything.”
He said there’s a false belief that smartphones can’t be hacked. Software hackers have been trying to hack – or “jailbreak” – iPhones since they hit the market, primarily through finding flaws in Apple’s coding. Rowe also said Android devices tend to have more vulnerabilities than iPhones.
“Saying smartphones aren’t hackable or can’t be compromised isn’t true. They definitely can be, but it might be very difficult” Rowe said. “For a phone, they’ll often need physical access, or the user will need to do something like install software that’s not from the App Store.”
Rowe said he believes it’s unlikely for someone to hack and control a smartphone’s camera or microphone, but it isn’t impossible if users download software from untrustworthy websites. He said he encourages people to only download applications from known sources like Apple’s App Store and Google Play but said users should still be cautious.
“(The app stores) are pretty good about policing things you can download, but there are things that slip by,” Rowe said. “Always check out the reviews and what kind of permissions the application has.”
Many applications are at risk of exposing a user’s private data, according to NowSecure, a company that focuses on mobile app security. According to a report NowSecure published in 2016, 24.7 percent of apps contain at least one security flaw. The organization’s report noted that business-related and gaming apps are more likely to include vulnerabilities than others.
Paying attention to the permissions apps request can combat leaked data, according to Rowe. For example, a gaming app like Angry Birds shouldn’t normally ask for access to a user’s photos or camera, unlike Snapchat.
Cloud services are another large threat, especially since they’re heavily linked to mobile devices. Rowe said he believes students should take more precautions when using storage services like iCloud, Google Drive and Dropbox.
“Every few months we see a big celebrity hack where someone’s photos are stolen and posted online,” Rowe said. “That kind of stuff is a very real risk. Pick one cloud service. Don’t put your photos everywhere because that’s more places you have to police.”
Junior information technology student Cara Cornel studies cyber security and even participates in BYU’s collegiate cyber defense team, which Rowe has coached since 2012. She agreed sharing personal data with too many services makes a person more vulnerable.
“Nowadays people are asking for our information more often,” Cornel said. “There’s more information about ourselves being put out there. We just need to be more conscious about what we share.”
Both Cornel and Rowe said they believe simple precautions can go a long way toward protecting personal data. One of the simplest things students overlook is using passcodes and passwords, according to Cornel.
“If you have any private information on your phone, you need to have a password,” Cornel said.
She also said students should change their passwords regularly, especially after a service they’ve used has been breached. Rowe agreed that students should be cautious when dealing with passwords. He suggests students create strong passwords and use two-factor authentication when logging into services.
Installing system updates is also important because they often fix newly found security flaws. Such was the case last year with a malicious software dubbed “Trident” that compromised texts, emails and other data on iPhones, according to cyber security blog Lookout. Apple released iOS 9.3.5 in response to the discovery. Similar software also compromises Android devices.
NowSecure noted the difficulty of distributing security updates in its report. The report found 43.8 percent of Android phones had Android Lollipop installed, while the others were still using older versions of the operating system. Android Marshmallow, Lollipop’s successor, had already been released at the time of the report’s publication. IPhones tended to be updated faster, with 82.8 percent of users using the latest iOS version.
“If you’re doing basic things like keeping your phone up to date, not typing your password into untrusted sites and not using the same password for everything, you’re going to be a harder target than someone who’s not doing those things,” Rowe said.
Rowe said students should back up their data, encrypt their phones and run a factory reset if they believe their smartphones have been compromised. He said being sensible can help students avoid going through that process.
“Realize that you can be a victim,” Rowe said. “For the bad guys, this is a business. It’s usually not personal; they’re just trying to get information. They’ll spend a little bit of time trying to go after someone. If you can avoid being the low-hanging fruit on the tree, they’ll move on and focus on someone else.”