When some top Hollywood actresses had their private, uh, details splashed all over the Web earlier this year, it sparked debate about just how secure pictures and other data we save on our mobile phones really are. That brings up three points: pictures and data on our phones may also be stored in the cloud; material we delete from our phones may still exist on remote computer servers; and we’re often the weakest link in the security of our own phones.
As to that final point, Apple said the celebrities were victims of targeted attacks on user names, passwords and security questions. For celebrities, avid fans may know the answers to typical security questions, and that information may be available for ordinary people, given a little digging. It’s not just photos. With the rise in mobile banking, our phones are also pipelines into our financial accounts, so the damage from a lost, stolen or hacked phone can be costly.
Some simple steps can help:
- Don’t save anything on your phone that you’d rather not have the world see.
- Protect your phone with a password or biometric sign-in.
- Use a strong password, and don’t use the same one for different accounts.
- If you don’t want photos stored in the cloud, turn off the automatic backup. And if you want to delete photos or data, delete them from the cloud as well as the phone.
- Make sure you have the ability to wipe your phone remotely. Apple, Android and Microsoft all offer this capability. Starting next year, new phones will come with a “kill” switch to do this.
- Consider two-step verification for cloud accounts. Under these systems, when you sign in from a different device, an authentication code is sent to your mobile phone. To gain access, you have to enter the code. You’ll need to have your phone in hand, of course. As an extra, Apple and Google are both moving to encrypting data by default, with Apple saying that only users, and not the company, will be able to access the encrypted data on their phones.
This Message Will Self-Destruct
The old saying is: Just because you’re paranoid doesn’t mean they’re not out to get you. It seems everyone today is concerned about the privacy of texts and texted photos. Apps that seek to provide a little more security range from “ephemeral” messages that disappear after they’re read to more robust offerings. Some apps also seek to prevent recipients from saving copies by taking screenshots.
Cyber Dust, launched by billionaire Mark Cuban, lets you send encrypted texts and photos that erase themselves 30 seconds to a minute after they’ve been read.
Confide messages self-destruct after they’ve been read, and the messages are obscured until the recipient swipes over them.
Similar apps include Wickr and Frankly. TextSecure provides an encrypted messaging service for Android, and you can encrypt calls through the RedPhone app.
SnapChat lets you send texts, photos and videos that disappear after they’re opened. Motivated recipients may still be able to save photos.
TigerText is making a push in the health enterprise space as a secure messaging app for healthcare professionals to avoid HIPAA complications.