{"id":1235,"date":"2014-10-15T06:57:23","date_gmt":"2014-10-15T06:57:23","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=1235"},"modified":"2016-08-25T20:32:32","modified_gmt":"2016-08-25T20:32:32","slug":"after-all-these-hacks-tech-firms-could-do-more-but-better-security-starts-with-you","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/after-all-these-hacks-tech-firms-could-do-more-but-better-security-starts-with-you\/","title":{"rendered":"After all these hacks, tech firms could do more \u2013 but better security starts with you"},"content":{"rendered":"

By Barry Avery<\/a>, Kingston University<\/em><\/p>\n

After various celebrities’ accounts on Apple\u2019s iCloud servers were hacked<\/a>, the company has made a point of addressing these issues. It has made new claims for the security of iOS 8<\/a>, the firm\u2019s latest phone operating system, and for its cloud services. Similarly, Google announced the next version of its Android phone operating system will encrypt all data by default<\/a>. But what sort of security do these measures provide?<\/p>\n

Security in the hand<\/h2>\n

All phones and tablets provide a device lock that requires a passcode or swipe gesture to unlock. But many owners \u2013 up to 50% \u2013 either don\u2019t use the feature, or use a trivial passcode such as 1234<\/a>. Fingerprint readers, as introduced in the iPhone 5<\/a>, are perhaps the way forward and through ease of use are likely to increase the number of users locking their phones.<\/p>\n

While a device lock provides some protection, it\u2019s still possible that a hacker, or the authorities, could extract data given physical access to the device. Encryption, as offered by both Apple\u2019s iOS and Google\u2019s Android platforms, would defeat this (or make it extremely difficult) by requiring a passcode to decrypt the contents and make them readable.<\/p>\n

Android has offered this since 2011, while for Apple it was introduced with iOS 7 in September 2013 for mail and data in third-party apps. With iOS 8, this is extended to the phone\u2019s messages, mail, calendar, contacts and photos. Additionally Apple claims that it no longer stores a copy of the encryption key used, making it unable to respond to a warrant demanding access to the data, whether backed up in the cloud or on the device.<\/p>\n

In the UK, police will seize mobile phones after a car crash<\/a> in order to see if drivers were texting and driving. This follows a pilot scheme in which police stations equipped with specialist readers are able to swiftly extract the entire contents of a phone<\/a>. Whether this will be defeated by the encryption introduced by iOS and Android remains to be seen. Certainly the UK Regulation of Investigatory Powers Act 2000 (RIPA) empowers the authorities to compel a user to supply decryption keys<\/a> or passcodes.<\/p>\n

Apple\u2019s new payment system<\/a> built around its near field communication (NFC) chip and protocol does not store or transmit credit card details. This makes it fairly secure, and should massively reduce the number of skimming techniques that are possible with other card payments, as neither the card number nor the pin code will be accessible during the payment process, stored as they are in a secure hardware chip in the phone.<\/p>\n

Security in the cloud<\/h2>\n

Most smartphones now back-up data to the cloud and it was through this that hackers gained access to the images that were then leaked. There\u2019s no evidence that Apple\u2019s servers were hacked and compromised \u2013 unfortunately this privacy breach was made possible by poorly chosen passwords and a weak security questions system<\/a> that allowed repeat guesses without raising the alarm.<\/p>\n

There are files containing millions of popular passwords available on the internet and it\u2019s likely hackers simply ran programs that tried various combinations until they succeeded \u2013 a \u201cbrute force\u201d attack \u2013 together with answers to security questions guessed based on publicly known information. Apple has now firmed up its security procedure by introducing a maximum number of incorrect answers to security questions and notifying users when their online accounts are accessed.<\/p>\n

Security starts with you<\/h2>\n

So make sure the weak link in the security isn\u2019t you. Choose a strong password<\/a> \u2013 it isn\u2019t hard. Don\u2019t use an obvious passcode, and use a fingerprint scanner if fitted. Use Apple Find My Phone<\/a> or Android\u2019s Device Manager<\/a> so a lost or stolen phone can be locked, traced or even remotely wiped.<\/p>\n

\"\"<\/a><\/figure>\n

xkcd<\/span>, CC BY-NC-ND<\/a><\/span><\/p>\n

For iPhones, upgrade to iOS 8 or at the very least upgrade to iOS 5 or higher. For Android, look into encrypting the device\u2019s contents and when installing a new app be aware of what it is asking access to \u2013 don\u2019t blindly click on messages that say \u201cLet this app have access to\u2026\u201d as malicious apps could wrestle data from your phone and send it out over the internet. Some companies have a terrible reputation when it comes to privacy (for example Facebook), so be cautious of default settings.<\/p>\n

Use the best tools available<\/h2>\n

Currently the best way to secure online accounts is (together with a strong password) to turn on two-factor authentication<\/a> \u2013 as offered by Apple<\/a>, Google<\/a>, Facebook<\/a> and Twitter<\/a>.<\/p>\n

You register a phone number, which the service will call or text with a pin number. This will be required in addition to your password to gain access. This is set up per device, for example once for your phone and once for your laptop. Trusted devices will work as they did, but someone else (or you) attempting to access your account from another device will need not only your password, but access to your phone to get the pin number the service sends.<\/p>\n

Google goes further, allowing you to generate new, random passwords for each of its online services you use or each device, so that if someone compromises one password it won\u2019t open any others.<\/p>\n

While it\u2019s a bit more of a hassle, try to have different passwords for different accounts as re-using passwords is as bad as having weak passwords<\/a>. Use the tools available \u2013 web browers save passwords and there are software tools such as password managers that can simplify the task \u2013 but make sure you know how they work.<\/p>\n

And even at the end of their lives, computers, phones and other devices need to be securely wiped<\/a> to remove all traces of personal data<\/a> (including the passwords and financial details we\u2019ve been so keen to protect) before being given away or sold. Not doing so is little different than handing your keys to a burglar.<\/p>\n

Blaming the companies for security failures is too easy \u2013 consumers have to get wiser about locking their data away.<\/p>\n

\"The<\/p>\n

Barry Avery does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.<\/em><\/p>\n

This article was originally published on The Conversation<\/a>.
\nRead the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Barry Avery, Kingston University After various celebrities’ accounts on Apple\u2019s iCloud servers were hacked, the company has made a point of addressing these issues. It has made new claims for the security of iOS 8, the firm\u2019s latest phone operating system, and for its cloud services. Similarly, Google announced the next version of its […]<\/p>\n","protected":false},"author":39,"featured_media":7305,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[28],"tags":[],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/1235"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=1235"}],"version-history":[{"count":2,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/1235\/revisions"}],"predecessor-version":[{"id":7306,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/1235\/revisions\/7306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/7305"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=1235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=1235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=1235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}