By Vivek Agrawal
BE SAFE THAN SORRY:
It’s impossible to be 100% secure online, but there are a few non-obvious tricks that one can use to be safer.
- Smartphones and Tablets are popular and highly powerful with functionality of a computers.
- It is important to protect your smartphone just like you protect your money.
- Mobile cybersecurity threats are growing.
- Mobile security tips can help you reduce the risk of exposure to mobile security threats.
- One major issue the Internet brings: a lack of privacy.
- Data Theft: Passwords, Photo, Video, Documents, Audio,
- Key logger: Data theft
- Sextortion: Big risk
- Viruses, Malware, Spyware:
- Impact on Health: Eyes, Brain, Body,
- Impact on Mental health: Porn, Addiction, Illusions,
- Impact on Work: Distraction, Disinterest in Work
This spyware gets control of any smartphone through just sending a link or with a miss-call to the targeted device.
Pegasus is capable of reading text messages, tracking calls, collecting passwords, mobile phone tracking, accessing the device’s microphone and camera as well gathering information from apps including iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype and many more.
Israeli cyber-arm firm ‘NSO Group’ made this spyware.
This can be installed on devices running some versions of iOS or Android smartphones.
It’s discovered in August 2016 after a failed attempt when someone try to install it on an iPhone of Arab human rights activist Ahmed Mansoor.
Scandal in India: Facebook initiated a suit against NSO in late 2019, claiming that WhatsApp was used to hack some activists, Journalists and bureaucrats in India. After this many opposition leaders, prominent journalists and activists made accusations that the Indian government was involved in the snoop using this software.
The worst was waiting in Mexico. This stealth class spyware was used by Mexican drug cartels. Pegasus was used by drug cartels and corrupt government actors to target and intimidate Mexican journalists.
Jamal Khashoggi Assassination: Pegasus sold on licensed by the Government of Israel to foreign governments and this helped Saudi Arabia to spy on Saudi journalist Jamal Khashoggi’s smartphone. They tracked his communication with and assassinated him in 2018.
SOLUTIONS > ONLINE > UTMOST PRIORITY
2 PHONE POLICY: One for job, one for personal use. Dibba or basic feature phone for job without camera, internet; smartphone for personal use with highest safety features. KAIS based basic phones are your best PAL. Its hacking proof. When on line of fire or on duty, switch off and keep in a safe place. KaiOS is a mobile operating system, based on Linux, for keypad feature phones, and to termed as safest today.
BROWSER TO HIDE IP ADDRESS: you must hide your IP Address. Tor browsers hide digital footprints on the internet. its allow to browse web and download files incognito. Use of Tor is easy. Simply download and install a Tor browser. Everything you do in the Tor browser is private and secure. Tor is available for Linux, Mac, Windows OS. Proxy servers are another way to mask IP address. They provide gateway to you to connect with anonymity. Take only a trustworthy proxy server.
CALLER PROTECTION APPS: Burner and Firewall Apps protect against hackers, harassing salespeople, unwanted callers. Burner helps you keep your private number private by generating new phone numbers that can be used as long as you like and then “burn or dispose’ it off.
DATA WIPE REMOTLY: When phone is stolen or frisked away deliberately, you can use ‘Remote Wipe Function’ and phone’s data will be deleted instantly. Many antivirus apps also offer this feature. Delete all data from phone before you donate, resell or recycle it. Smartphones contains personal data. To protect privacy, completely erase data off. Reset phone to factory settings. Better use a shredder app to clear the old data.
ENCRYPTION: This method of precaution is key to safety. Keep your data in an Encrypted folder or file with highest password power. A 128 or 256 inscription is good enough to keep your data safe. Use Encryption facility of your device.
FIREWALL: Install firewall to protect your network. firewall is electronic barrier which prevents unauthorized devices to get access to your system or smartphone. Now days most systems or smartphones come pre-loaded with a firewall. To ensure this, go to security section and check if you have one. If not, download firewall software from authorized sellers like Kaspersky, Norton, McAfee, Microsoft etc.
GEOTAG: Switch off all settings of geotagging in all your email, social media and other services accounts. Using map of google is also a huge risk. This not only keeps all the data for years but also high risk concern. Keep the setting on, which stops saving your locations. Turn off geo-tagging in photos & videos. Individuals can exploit your exact location based on the data assembled into photographs and videos. When you upload geotagged photo or video onto the internet, it is easy for an enemy to locate the place, where the image was taken. This is dangerous for deployed unit, it’s personals, family members. You must disable geotagging on all devices.
GOOGLE FOE OR FRIEND: Yes! Google is your enemy too. When you use any google service, it tracks you wherever you go. Your geo location is found, even if your battery is down. Based on your smartphone battery, you may be tracked and snooped, if your battery is drained or you switched it off. Kedarnath tragedy is key to understand the issue.
GPS TURN OFF: Google has habit of constantly asking smartphone users to turn on GPS for a many apps. It is NOT SAFE. Turn location features OFF, when it is not in use or not necessary.
GUEST MODE: this will give all parts of the phone without showing them your personal information. Is incredible system and you can use it for added safety.
KEEP AN EYE: You should keep an eye on things going on behind the scene. You are cautious, even if you refuse to install any apps or visit portals, still you can’t fully eliminate the danger of phone being hacked. Strengthen your device security with an online service. LogDog app monitors your identity on sites such as Gmail, Dropbox, Facebook. It alerts you about any suspicious activities. This will inform you about logins from unfamiliar locations. Now you can change the password immediately. LogDog also scan email and highlight messages containing sensitive data such as credit card details or passwords, which you can delete to ensure your safety.
SCREEN PINNING: Android’s another security options is Screen Pinning, which is most hidden feature. you can lock a single app or process after authenticating it with a password or fingerprint. When you pass your phone to anyone. Now be sure they don’t accidentally or deliberately get into something they shouldn’t. Activate it by opening Security section in the settings. Search for ‘Screen pinning.’ Turn this feature ON. Also make sure to on “Ask for unlock pattern before unpinning” is activated. After this, when you’re going to give your phone to someone, first open smartphone Overview interface an activate it.
VPN: Most popular solutions is to use a Virtual Private Network (VPN) for protection. VPN encrypts the data your device sends out or receives. It means no one is able to de-encrypt your data. VPN can also keep data encrypted, if you use public networks. VPN hide browsing behavior on public networks and protect your data from hackers.
WATCH WARNING: Do you need to get a warning when your phone is moving away from you? Here is the solution. To protect your smartphone, invest in a smartwatch. A little-known feature that could save you and your device being stolen or misplaced. Apple and Android watches can warn you instantly, if they lose Bluetooth contact with phone. Your watch start sending you ‘beeps’ in the public places, where someone picked your device and going off. Device normally lose BT connection after 50 metres and warning gives you a fair chance to catch the thief. If you fail to catch him, lock and / or erase your device remotely, before culprit trying to break in it and steal the data.
SOLUTIONS > ONLINE > GENERAL
AD Tracking: Opt out of Advertisement Tracking. It will make it harder for your apps to track personal data when you navigate email or social media platforms on phone’s browser or apps.
ALEXA OR SIRI: Don’t use these in your smartphone at all. Disable Siri or Alexa if you logged in. they just not listen you through your microphone but recording your voices of talks too. Hackers easily access them and take control over your microphone.
ANTIVIRUS EXTENSION FOR BROWSER: Use antivirus extension on browser. For extra safety, download antivirus extension to check security of a site or block pop-up ads with viruses or nasty content. Download it from authentic source, like Chrome web-store, to ensure that extension is safe.
ANTIVIRUS: Use a trusted Anti-Virus, Malware, Spyware programme/s to keep your phone and data safe. These apps enable remote location and wiping. It is an important security feature available for smartphones. It has ability to remotely locate and erase all data stored on phone, even if GPS is off. In case you misplace phone, few apps can activate a loud alarm, even if phone is in silent mode. These apps can help locate and recover phone when lost or stolen.
APP PERMISSIONS: Block all permissions of the apps, if not necessary. Be cautious about granting applications access to personal information on phone. Permit apps when using them.
APPS DOWNLOADS: Install only trusted apps. Before downloading an app, ensure the app is authentic. Check reviews, confirm the legitimacy of the app store, compare app sponsor’s official website to confirm consistency. Many untrusted apps contain malware which can steal information, install viruses, cause harm to contents. Use apps that warns, if security risks exist or entre in the phone.
ATTACHMENTS: MP4 Video, PDF, Word, TXT, JPEG or other Image files spreading virus. Don’t open any, if not sent by known person to you. Keep “auto download” settings shut in the devices.
BLUETOOTH: Although it is difficult to crack or hack the Bluetooth but hackers can still use it to access your phone remotely, if they’re in range. Set smartphone Bluetooth to “non-discoverable” all time. Unknown Bluetooth request to pair with your smartphone come on your way, immediately ignore or deny it. Be extra careful in crowded areas, ie; restaurants and public transportation, where hackers are active to get into the Bluetooth.
BROWSING HISTORY: Clear browsing history habitually to maintain privacy. Portals get access to cookies, text files that record your preferences and sites respond to them to show you more ads of content. Cookies are also used by hackers to get personal info. Clear cookies just after you used your system or use the setting to set the cookies deletion after your session. This will wipe out all personal information stored in cookies.
CAMERA: Your cameras are spying. Keep them closed or covered, when not using. Use a nontransparent tape.
CHARGING: Don’t charge your devices in public charging stations. Hackers installs Virus, Malware, Spyware etc. using charging points. This is called “Juice Jerking.” Use your own charger. Best practice is to use the Power Bank. Avoid using third-party battery apps, they might have infested with virus. Try to use a cable which is charging cable and not data cable. MicroUSB, USB-C, Lightning charging are not safe. Buy and use a Data Transfer Safety Valve called ‘SyncStop’ or ‘USB Killer’ between phone power jack and charging cable pin. This small device disallows data connection to be passed through the cables by blocking data pins.
DATA BACKUP: Backup all data stored on phone – such as contacts, documents, photos. These files can be stored on your computer/ on removal storage card/ in the cloud. This will allow you to restore it or protect.
DATA OFFLINE: Keep all your confidential data offline because hackers cannot access your info if it’s not found online. Storing important documents offline is the best way to protect them. When you share any sensitive data or file online, send it as an email attachment. Also, encrypt the file before sending.
DATA SAFETY: Your data is as precious, as your money. Keep it safe. Don’t write personal and sensitive data it in your smartphone or laptop.
DEVICES SAFETY: Keeping devices locked up in a safe place is best for the security. It’s no secret that Security Personals find themselves victims of “random” thefts.
EMAILS: Don’t open emails or files from unknown persons. Phishing scammers send you the fake emails or messages to make you share personal info. When you see an email from an unknown address or sender with a suspicious message, immediately hit the “Report & Spam” button. Sometime email is with links that might look legitimate. Never click on links until verify its authenticity. If you find the person, whose email is being used for Phishing, tell them about hacked account and report the phishing by filing a complaint with the Internet Fraud Complaint Center. Phishing scammers are mostly after bank account or your country identity card number (ie; Aadhar). Be extra careful, when you get email requesting money, login credentials or personal information. This may b a trap of terror group or enemy spy, who is trying to breech into your private space.
FAKE WEBSITES: Avoid fake or scammy websites. When you see bad grammar, popups, ‘click bait’ headlines or false-looking web address, avoid clicking. Never download anything from them. Spending time on such portals can be harmful for you. Don’t try to get cracks of any software from any portal. They are mostly fake or stealing your information.
KEYBOARD: Use the virtual keyboard of the portals, if any, to feed your personal data to prevent data theft by ‘key logger’.
LINKS: Be aware when clicking web links from unknown source/s. Be particularly cautious, link ask to enter account or log-in information. This may be a trap. Don’t open. Delete it instantly.
LOCKDOWN MODE: It’s a good added layer of protection. If you are using a phone with Android 9 or higher an option ‘lockdown mode’ is well worth. It gives you easy way to temporarily lock down phone from all biometric and Smart Lock security options. It means only pattern, PIN or password can open your device. If you were ever in a situation where you might be forced to unlock your phone with your fingerprint or face, phone cannot be accessed without your permission. Notifications won’t show up on your lock screen. To activate it, go to system settings, search for “lockdown.” Set the ‘Show lockdown option’ to ON position. When you enable it, you will see a command “Lockdown” or “Lockdown mode” when you press & hold phone’s power button.
MICROPHONE: If your laptop or smartphone is bugged or has a virus on it, that takes control of the system’s microphone, this could lead to life in danger.
PASSWORD MANAGER: Use password manager to keep passwords safe and organized. Password managers automatically generate and store strong, unique passwords for each account. Simply create one master password for the manager and it will keep all other safe. You can use some password managers for free, while more premium options are available for a fee.
PASSWORDS & PINs: To prevent unauthorized access to your phone, set strong password or Personal Identification Number (PIN) on phone’s home screen. This is a first line of defense. Use a different password for each of important log-ins (ie; email, banking, personal sites, etc.). Configure phone to automatically lock after 2 minutes or less when phone is idle. Use SIM password capability available on smartphones.
PUBLIC NETWORKS RISK: Public networks are easily accessible. This allows to work away from home, office, factory. The main weakness of the open networks is – security. Public or open networks are not secure at all.
REPORT THEFT: Report the stolen smartphone. All service providers are keeping the stolen phone database in coordination with the security agencies. Report the theft to local law enforcement authorities and register the stolen phone with service provider. Service providers can remotely “block” the phone so that it cannot be activated on any network.
SECURITY SETTINGS: Do not alter or modify your smartphone’s security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting phone undermines the built-in security features offered by smartphone company and service provider, while making it more vulnerable to an attack.
SMARTPHONE: Buy only trusted brands, which gives you guarantee for safety and security. A list of safest smartphone is given below.
TORRENT SITES: You must stay away from file sharing sites and torrent sites. These sites are sharing different files from other users that aren’t meant to be shared. Torrent sites are dangers with hackers looking to spread viruses. Once you download and run a file with viruses, the hacker can easily take over your computer or smartphone and use it for nasty purposes. Beware, free films and music are also uploaded to lure you.
UNSECURE COMMUNICATION RISKS: Always keep communication to a minimum, when talking or chatting to someone. If need to communicate or meet with unknown sources / persons, make sure they’re not spy or prostitutes.
UPDATES: Regular update the patches to systems or smartphone’s software is key to safety. Keep phone’s operating system software up-to-date by enabling automatic updates from service provider, operating system provider, device manufacturer, application provider. This reduces the risk of exposure to cyber threats.
VIDEO: MP4 files are also spreading virus. Don’t open any video, if not sent by known person to you. Keep “auto download” settings shut in all your devices.
Wi-Fi NETWORKS: don’t use open Wi-Fi networks. When you access open to the public Wi-Fi network, phone can be an easy target of hackers. Limit use of public hotspots. Use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce risk.
XXX PORTALS: Keep away from sex video, Photo or Text matter portals. They only push viruses in your systems. These viruses steel your info and send it to hackers / spies.
SOLUTIONS > SOCIAL MEDIA
- The social media is an amazing way to connect and reconnect with family, relatives, friends and colleagues. But this miracle of modern days comes with risks. This expose you to the underworld of the internet, if you have not taken the necessary steps to protect your priceless info.
- Social media accounts are a path for crooked or overseas actors to dig up all kinds of information that can be used to impersonate or snoop someone.
- This may be used to steal identities or break into online accounts, such as emails, social media accounts, banking or insurance accounts.
- Online digital footprint is dangerous for security personals.
- Enemy or hostile nation’s agents can peep into activities of individuals, or try to blackmail using the information, depending on the type of info you knowingly or unknowingly published on the internet.
- Hackers, predators and rouge nation’s actors trolls social media sites to find vulnerable targets to exploit and manipulate.
- Military personals or their family members in the Defence, should practice Operations Security (OPSEC).
- OPSEC is the protecting unclassified information of personal info including operational or work related info to ensure safety for officials, family members and all the columns and units of the Paltan.
Here are helpful Social Media & Internet Safety Tips to protect you, family and unit.
AUTHENTICATION: Enable two-factor authentication on all the platform that allows it for better protection.
DATA THEFT RISK: Security Personals spend days and years scouring for specific info or data. You spend huge amount of time and money on your sources, but once your data is stolen, this will lead to chaos. Losing data carries the risk of having loss of reputation, as well. It’s include the safety or Security Personals. Family members and sources too.
DATES & SCHEDULES: Do not publish dates, vacations and personal or work schedules online on any social media platform. If you are deployed service personal, you should protect this information from dangerous people, who may prey upon family members or target deployed units.
DATING SITES: Tinder and its clone brothers are not for you. Keep away from this anti-social platform. It has lots of unwarranted people with hidden agenda. You may fall into trap.
FIND YOURSELF & HIDE: Google your name and family members names to check how easily are you found in the search. What type of personal information is there about your location, finances, history and your loved ones. If this is easy to find, make sure you delete all the info. If not possible for you, take the help of any professional from the unit.
FOURAMS: Strictly use gender-neutral pseudonyms on forums. Private or invite-only forums may be dangerous than the traditional once. Take extra care to protect identity. Avoid posting pictures of yourself or linking to other social media.
FRIEND REQUESTS: Verify that you actually know the ‘friend’, who sent you a request or connect link, before accepting it. If you don’t know the person, just delete the request. If he / she making request again and again, report it. If someone sending you friend request and his / her profile is locked, it is dangers. Call the request sender to ensure his / her identity.
IDENTITY: Risk of Being Identified is a big threat. Security personals work day & night to never be identified. Being identified — especially when in an area unaccepting of security personals — could mean the end of a pogrom. Use the aliases as a tactic.
INFO OFF: Keep sensitive and work-related info OFF from your social media profile and activities.
OLD ACCOUNTS: Old or abandoned social media or email accounts are hazardous. They rat you out. Permanently close all your old and unused accounts with all data erase setting.
PASSWORDS CHANGE: Change your passwords regularly. It is best way to keep cyber criminals and spies at bay.
PASSWORDS: When you use same password for everything, it is easy for hackers to hack and take control of all your accounts. Ensure your passwords are different and hard to guess for each social site and email ID including financial accounts.
PERMISSIONS: Modify access permissions for your ‘friends’ only. Also how much info you want to share with your connections or co-workers to see of your personal life.
PERSONAL DATA: Protect the name and info of family members, relatives and friends. In addition to other information that can tell someone where you live or work, make sure not to share your favorite restaurant, park, any store, street, museum, library etc. This info can be used to get the idea of where you are located.
PHOTO & VIDEO: Never share any photo or video of your home, family members, relatives, friends and colleagues. This gives lots of information about you, your work and a whole set of info to snoop or encircle you.
POST NO VIOLENT WORDS – PHOTO – VIDEO: Remove or do not post anything that might bring attention from violent terror group members.
PRIVACY SETTINGS: Configure the strongest privacy settings for each social media and email account. Don’t trust privacy settings to make your account private. Go to settings and check the security or privacy menu to change privacy level.
PROFILE: Make your profiles private. Keeping social media profiles private can make it difficult for outsiders to contact you or steal your information. Choose options to avail profile visible to you or friends. If you choose to keep profile public, keep crucial information, like address, phone number, location hidden. Keep minimum details and info in your profile. Don’t use the clear, crisp and good photo. Whenever upload any photo, use a colour eyeglasses and a cap. Don’t upload photo in uniform. Hide yourself behind the smoke. You should not be easy to find within the social media interface. When you logged out your social media profiles, check how much information about you is publicly accessible. If you find anything wrong or unwarranted, down it promptly.
REVIEW OTHERS: you should review your family and friend’s profiles too to the macro level. Sometimes they post photos, videos or information about you, may be handy for the spies or agents of enemies. If you find anything unwarranted, please ask them to delete it immediately. Ask all your friends and family members to change their social media privacy setting to utmost level of concealment.
SECURITY & PRIVACY SETTINGS: Regularly check security and privacy settings on social media accounts, because the companies often change security settings without your knowledge.
SECURITY QUESTIONS: don’t use the right answers in the security questions. Use false answers to keep away online criminals, spies and extremists.
SURVEYS? NO: Be careful when completing any surveys, that ask for small piece of personal info, which may be used to provide clues to guess passwords of your online accounts, e.g. last 4 digits phone number, favorite color, birth month, family member name/s, birth dates, travel locations, address and so on. A simple safety norm – No to data share.
TAGS: If someone tagged you, review all the posts you’re tagged before approving them. You can prevent harmful or embarrassing matter to be linked to your account by ‘turning on tag review in privacy settings’. This is most important if friends’ accounts aren’t set to private and due to this his/her post or image they tag you in, could be seen by anyone. And by this way anyone can track you too. If you are concerned about a post or photo even after removing the tag, talk to the poster and ask him/her to delete it.
THIRD-PARTY APPLICATIONS: Limit the use of third-party applications on social media or email applications. must read the license agreement and understand exactly what they want to access. If they are greedy, kick them out. Same with apps that use your camera and take rights of your photos e.g. aging booths that scan your face.
SOLUTIONS > SECURE & HACKPROOF PHONES!
- Regular Android/iOS smartphone are not secure to use.
- OEM’s (Original Equipment Manufacturer) like Blackberry, Sirin Labs developed most secure smartphones.
- It’s feature Inventive secure space, Self-Destruct Feature, Always-on VPN and other features to keep hackers away.
- If you are looking for a safe and secure smartphone we are listing top 5 Most secure Phones.
BlackBerry DTEK50: It has features like periodic application tracking. This app automatically track and monitor the OS and applications of smartphone. This also alerts the user about privacy breach and suggest procedures to fix them. The Password keeper feature enables user to store all important passwords at one place with encrypted and protected by another password. Device comes with 5.2-inch FHD+, Qualcomm Snapdragon 617 processor. 13 MP autofocus camera. Price is $200-400 / INR 15,000 – 30,000 approx.
Blackphone 2: Silent Circle launched Blackphone 2, which has the Silent OS. This Device is based on Android but comes with enhanced security and privacy features. The OS creates multiple and separate virtual devices on one single device. Makers claims that device features fastest vulnerability management feature. This can help raise critical and dangerous vulnerabilities within 72 hours of detection or reporting the same. The updates and patches come from the company only and has total control over the software. Device comes with 5.5-inch FHD+ display, Gorilla Glass protection, Octa-core Qualcomm Snapdragon processor. 13 MP sensor from camera. Price is $800 / INR 59,000 approx.
Bittium Tough Mobile 2C: This device is rugged smartphone. It is tough outside and inside both. Device has two operating systems, with the 1st is hardened version of Android 9 and 2nd is the brand’s own Secure OS. You get free ‘Yubiko 5 NFC’ security key, which will add to the security part. Both Operating systems are separated with full data separation. Device has ‘always-on VPN’ and Bittium’s own smartphone management. It has IP67 rating and MIL-STD-810G, which means device is strong and won’t break easily. A hardware-privacy mode disables Bluetooth, camera and microphone including restricting and limiting functionalities of these features. Pricing is quite high – $ 18,000 / INR 1,30,00 approx.
K-iPhone: KryptAll Company take regular iPhone and make it to next level for safety and security. They change firmware and add its own VoIP applications to ensure all calls fully encrypted. Even KryptAll and agencies can’t decrypt your talks. This device is good but cost is too high – $4500 / INR 3,30,000 approx.
Solarin: This device is made by Israeli startup from Sirin Labs and most expensive in the world. Solarin offers the most advanced privacy technology. It has 256-bit AES (Advanced Encryption Standard) encryption, which is used by security & Defence forces to secure communications. Device can be activated via physical security switch placed on the back side. It has 5.5-inch IPS LCD panel with QHD+ resolution, with Snapdragon 810 chip, 23.8-megapixel rear sensor. Price is $1,30,500 / INR 9,90,000 approx.
A Security personal faces many risks while out in the field, but a risk follows them wherever they are, is cybersecurity.
Many of them today are taught about the importance of cybersecurity, but not all — and the problem is – AWARENESS.