4ws and 1h of Mobile Privacy

7/28/2019 4ws and 1h of Mobile Privacy

1/14

A DIGITAL LIFE E-GUIDE

The 4Ws and 1Ho Mobile Privacy


2/14


3/14

Youve been tinkering with your newgadget or a ew good days, sending email,downloading apps, browsing Facebook andwhatnot, when all o a sudden, one o thosepesky pop-ups indiscreetly hogs your screen.

Its another product page thats not in any

way related to what youre currently doingon your device. But you do rememberseeing that page be ore. Perhaps itsbecause you just searched or it earlier, yetwhy does it suddenly eel like its searchedor you instead?

Thats just one example o how your privacyis breached even while using mobile devices.What do you do to protect your privacy rommobile threats like this?


4/14

Who?You and your rightto mobile privacy


5/14

The United Nations recognizes everyones

inherent right to privacy. 1

This right is violated every time someone triesto access your personal in ormation, in anyorm or plat orm, without law ul reason or yourconsent. I a riend, or example, borrows yoursmartphone to spy on your Facebook account,he or she disregards your right to privacy.

Cybercriminals are notorious violators o mobileprivacy. They create malicious apps such asdata stealers, which target your personal andfnancial in ormation. Free, high-risk apps

also pose a number o privacy issues with theamount and type o in ormation they collect. Forinstance, some o Germanys top Android appscan possibly expose your location, equipmentidentity, and address book. 2

1 http://www.un.org/en/documents/udhr/index.shtml#a122 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-

know-what-data-your-mobile-app-discloses/


6/14

What?Key areas to look over

Your Devices Connectivity Features

Your devices connectivity eatures are viable waysor cybercriminals to get in ormation rom you.These eatures are seen as locked doors they haveto pick to get in. Such is the case o Bluetoothand wireless connections, both are intended tomake communication easier but they can also beused or malicious reasons. Cybercriminals have

accomplished this on Mac desktops using theINQTANA worm, which is able to send malicious flesto available Bluetooth devices that accept them. Theworm opens computers to urther malicious routines,like malware dropping and in ormation the t.

More manu acturers are incorporating near feldcommunication (NFC) standards on devices as well.This technology allows you to share content, makepayments, or per orm other external transactionswith a tap on a scanner. As convenient as it maysound, this can also be a point o entry or maliciousroutines. 3

3 http://blog.trendmicro.com/trendlabs-security-intelligence/good-n c-habits/
http://about-threats.trendmicro.com/us/archive/malware/osx_inqtana.ahttp://about-threats.trendmicro.com/us/archive/malware/osx_inqtana.a


7/14

Your Device Settings

De ault device settings can be seen as strongly-worded suggestions that you can urther optimizeor added protection. This means, you are allowedto change your mobile devices security settings

to make sure no one has easy access to it.

Your Mobile Behavior

Having mobile devices can make you sur onlinemore requently, but does it change your behaviorwhen it comes to security? Remember that youbecome more vulnerable to mobile threats as youimmerse yoursel in mobile activities like socialnetworking, shopping, and banking. Oversharing,not checking app permissions, and clicking onmalicious links are ways to invite cybercriminals.

When it comes to app usage, you have mobileadware to consider. Although most advertisingnetworks are per ectly legitimate, some areknown to collect personal in ormation and pushads as notifcations, o ten without user consent. 4

At least 7,000 ree apps using aggressiveadvertising modules were downloaded over amillion times as o October 2012.

4 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_mothly_mobile_review_201209_the_growing_problem_o _mobile_ad-ware.pd


8/14

How?Privacy in peril scenarios

Free Apps

Who doesnt love ree stu ? There are thousandso ree apps rom legitimate and third-party appproviders you can choose rom. But downloadingree apps o ten has a trade-o : ree service or yourpersonal in ormation. 5

Surprisingly, a majority o consumers (73%) are willing

to trade personal in ormation i they get something inreturn, like ree mobile service. Remember that eventhe smallest bit in ormation you give, like an addressor a birthday, is all that cybercriminals need to takeadvantage o you.

Device Loss or Theft

In a survey done in September 2012, nearly one inthree cellphone owners lost their device or had itstolen rom them. 6 Even i you try to guard your appsand device settings, when you lose your phone, thein ormation it has can still put you in a sticky situation.

This is more so because o an existing lucrative marketor stolen devices and the in ormation they contain. 7

5 http://www.pwc.com/sg/en/tice/assets/ticenews201208/consumerintelli-gence201208.pd

6 http://online.wsj.com/article/SB10001424052702303815404577334152199453024.html

7 http://online.wsj.com/article/SB10001424052702303815404577334152199453024.html


9/14

Ever-Changing End-User License Agreements(EULAs)

Youve seen it be ore, those online services asking you toagree that they can change their EULAs at any time, with orwithout notice. Home movie provider, Blockbuster.com, wasrejected in court or using the said line to their privacy policy. 8

However, this doesnt seem to stop popular services rom

applying caveats on EULAs that are detrimental to userprivacy. 9 By not reading EULAs, you may already be allowingdevelopers to sell your photos, track your web activities, orhand over personal in ormation to authorities.

Bring Your Own Device (BYOD)

Three in our companies allow employees to use theirpersonal devices such as laptops, netbooks, smartphones,and tablets or work-related activities. 10 As the BYOD trendcontinues, cybercriminals will use it as a motivation to getpast your de enses to access both your personal and workin ormation.

Its not just cybercriminals, though. Your companysIT department can use a set o protocols that do notdi erentiate personal rom work-related data, allowing themaccess to your in ormation.

Your device can also be used as evidence in court. You can beobliged to submit the device or review, with all in ormationintact, even i only work-related in ormation is pertinent tothe case. 11

8 http://www.jdsupra.com/post/documentViewer.aspx?fd=3897327d-161d-49d -b31c-0b448bb1898a

9 http://business.time.com/2012/08/28/7-surprising-things-lurking-in-online-terms-o -service-agreements/

10 http://www.trendmicro.com/cloud-content/us/pd s/business/white-papers/wp_decisive-analytics-consumerization-surveys.pd

11 http://consumerization.trendmicro.com/consumerization-byod-privacy-personal-data-loss-and-device-seizure/


10/14

Why?All about the money


11/14

Cybercrime is driven by one agenda: money. Yourmobile devices are simply a means to an end orcybercriminals. They gain by stealing the in ormationstored on your smartphones and tablets and thenfnding ways use them or proft.

And just like your data, your reputation is also at stakeevery time a cybercriminal gets hold o incriminatingin ormation against you or the organizations yourepresent. There are malware, like the SMS spy toolor Android, that steal private SMS messages and

uploads them to a remote server.What you stand to lose in the case o a mobile privacybreach really depends on how you use your device. 12

12 http://about-threats.trendmicro.com/RelatedThreats.aspx?language=de&name=PIXSTEAL+and+PASSTEAL+Sport+New+Ways+To+Steal+Data


12/14


13/14

Pay Attention to Apps

Remove apps not in use. Select which apps really need location or address book access. Use your mobile browsers or browser apps private browsing

settings, especially or sensitive banking transactions.

Prepare for Device Loss or Theft

Take note o your account credentials or use a convenientpassword manager in case you need to reset them because odevice loss or the t.

Backup fles in the cloud. Trend Micro Mobile Backup andRestore automatically stores the irreplaceable in ormationrom your device without wasting its battery li e.

Prepare to contact the authorities, your service provider, andany concerned organization to avoid the malicious use oyour identity and to block bill charges.

Enroll your devices to a remote service that allows you to fnd,lock, or wipe them. Trend Micro Mobile Security PersonalEdition does these and prevents uninstallation without yourpassword.

Ask these about BYOD Agreements

Are you required to produce personal devices or orensicanalysis?

Does this apply to devices shared with other amily members?

Who will get access to the personal in ormation stored in yourdevice? Can your company track your location? Under what

circumstances can this happen? Are you required to let them?Do they noti y you i they do this?

Are these systems active outside regular work hours? Are your personal online activity monitored and logged? Is this in ormation retained when you leave your

organization?


14/14

2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks o Trend Micro,Incorporated. All other product or company names may be trademarks or registered trademarks o their owners.

TRENDLABS SM

TrendLabs is a multinational research, development,and support center with an extensive regionalpresence committed to 24 x 7 threat surveillance,attack prevention, and timely and seamless solutionsdelivery. With more than 1,000 threat experts andsupport engineers deployed round-the-clock in labslocated around the globe, TrendLabs enables TrendMicro to continuously monitor the threat landscape

across the globe; deliver real-time data to detect, topreempt, and to eliminate threats; research on andanalyze technologies to combat new threats; respondin real time to targeted threats; and help customersworldwide minimize damage, reduce costs, and ensurebusiness continuity.

TREND MICRO

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a globalcloud security leader, creates a world sa e or exchangingdigital in ormation with its Internet content securityand threat management solutions or businesses andconsumers. A pioneer in server security with over20 years experience, we deliver top-ranked client, serverand cloud-based security that fts our customers andpartners needs, stops new threats aster, and protects data

in physical, virtualized and cloud environments. Poweredby the industry-leading Trend Micro Smart ProtectionNetwork cloud computing security in rastructure, ourproducts and services stop threats where they emergerom the Internet. They are supported by 1,000+ threatintelligence experts around the globe.

4ws and 1h of Mobile Privacy

Documents

Transcript of 4ws and 1h of Mobile Privacy