By Kevin Haley
A house has always been a great analogy for explaining computer security. If you don’t lock your doors and windows it’s easy for an intruder to get into your house. If you don’t use security software and patch vulnerabilities it’s easy to get into your computer. As we moved to multiple advanced technologies in client security the analogy of having multiple locks on your door really worked. And as far as what could be stolen by an attacker who broke into your computer – it’s pretty darn close to what they could steal if they broke into your house.
But when it comes to smartphones, the house analogy just doesn’t do the device justice. The right analogy is not a house. Having someone break into your smartphone is like having someone break into your brain.
Like a computer, an attacker on your smartphone could steal your identity information. They could steal financial information. They could steal from your bank account. They could use your computer or phone to run a criminal enterprise. We’ve seen home computers and smartphones be used to run spam bots and Denial of Service attacks.
But the smartphone goes way beyond all that. A compromised smartphone could tell an attacker where you are, what you are saying, and even what you are thinking.
Carried with us everywhere, the smartphone can report our location. The camera and the microphone can show what we are seeing and saying. Our mail account and our bank account are there.
I’m not as fully invested in my smartphone as younger generations are, but here are some of the things someone could find out about me if they had full access to my phone: what I had for lunch, the list of foods I intend to buy for dinner, the things I always set reminders for so I don’t forget, how much I walked, jogged and ran the last week, where I did it and what it did to my heart rate, when I will get my next free coffee, what I last listened to, searched for and browsed.
But for people much more engaged with their smartphone than I am, there is even more someone could find. A person’s politics, religion and the secrets they shared on SnapChat, their dating and travel plans, what they told their parents versus what they told their friends about the party last night. A and the way we share with others in text messages, emojis, gifs, photos and status updates via social media it’s possible to know what people are thinking and feeling.
Balance that with the thought that most people don’t even put a PIN on their smartphones. Or feel like they have anything to hide, so who cares if someone had access to this information?
Me, I don’t want someone sitting in my house watching what I do. And I certainly don’t want them in my head. So I care a lot about keeping my devices secure. You can’t have privacy without security.
About Kevin Haley
Kevin Haley is Director of Product Management for Symantec Security Technology And Response where he is responsible for ensuring the security content gathered from Symantec’s Global Intelligence Network is actionable for its customers.