Secure Communications

Ten dangerous claims about smart phone security

posted by Kevin D. Murray, CPP at Kevin’s Security Scrapbook

Many common assumptions about the security and privacy of smart phones or other handheld converged devices are off-base or just flat-out wrong.

For any high-value target — whether that’s a political candidate or an organization with valuable financial or personal data — a little more thought ought to go into the process of selecting and deploying any device handling important data.

It makes sense, then, to challenge the more widespread assumptions, and consider how to handle oft-ignored risks. (highly summarized, more here)

1. It’s just a phone with cool features, right?
No, it’s not.
2. It’s stable, just like any other purpose-built appliance.
No, it’s not.
3. Communications are encrypted from end to end.
No, not entirely.
4. The connection’s secure unless I use Wi-Fi in a café.
Guess, again.
5. E-mails and messages are secure from prying eyes.
Not if you’re interesting.
6. Using a mobile phone constitutes out-of-band communication.
Who are you? No one knows for certain.
7. I trust the integrity of data and applications on a smart phone.
Not 100%, we hope.
8. Information deleted from a smart phone is gone, right?
No, just marked for overwrite.
9. Spying on my smart phone is hard.
I’ve got a bridge in Brooklyn to sell you.
10. Abuse is minimal because the network and phones are constrained. :]



April 5, 2007 - Posted by | English, privacy, security

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: