In the second part of our series "Security Errors on the Internet" we deal with the topic "Mobile Security". There are dozens of misunderstandings that are constantly being repeated and all too quickly accepted as truth, without them being verifiable. We have identified a number of common misconceptions and points out how to minimize the risks that result from a misunderstanding of IT security.
Myth # 1: "My data is securely protected from unauthorized access in the cloud."
Data in cloud services is not always sufficiently protected.
The storage of user data in cloud storage or the automatic synchronization between mobile device and cloud storage is not sufficient backup of the data. Users have to expect in such services that this data is available unencrypted and the provider may use this data for their own purposes, although reputable cloud providers ensure the "security" of data in the cloud, dangers lurk in their access.
For one thing, criminals may have malicious programs that affect themselves on the smartphone, tablet or PC, can access the data even in the cloud. On the other hand, in the case of theft, the cloud data are only as secure as the protection of the mobile device: If, for example, thieves only have to crack the four-digit PIN or the simple blocking pattern and they succeed, they can effortlessly use the app for stored access data Steal, modify or delete cloud data. When accessing the cloud via public WLANs, personal information can also be intercepted by unauthorized persons when transmitting data.
Before deciding on a cloud service is to check in advance, who the provider is, where is the location and especially where the data centres are.
Myth # 2: "Surfing in public Wi-Fi not only saves money, it's also safe."
Unfortunately, that is only partially true.
The offer of free, public WLANs, for example, in train stations, cafes or hotels is tempting to save the monthly data volume and still use the Internet while traveling. However, public WLAN is often not secure because the data transfer between the mobile device and the router, which establishes the Internet connection, mostly unencrypted. In this case, unprotected data can be tapped or malicious software can be introduced into the user's device.
For this reason, never use confidential wireless LAN data over public WLANs unless they are previously encrypted locally on their own device or transmitted over a virtual private network (VPN). This is especially true if the home or company network is to be accessed. In general, mobile device users should only turn on the WLAN feature during use to minimize the risk of unauthorized access. Some devices provide advanced security settings for dialling into public WLANs.
After completing the connection, the hotspot should be deleted from the list of preferred WLANs to prevent an unwanted connection at a different time.
Myth # 3: "When I buy a latest smartphone, I automatically have a secure device."
Unfortunately, a new device is not automatically safer.
When you buy a new smartphone is not always the current version of the respective operating system installed. Before putting the device into operation, always check whether the firmware is up-to-date and, if necessary, update it directly until all updates have been recorded. However, even with known security vulnerabilities, smartphone manufacturers do not always update all device types available, so that these gaps exist even with latest models. On the other hand, the security settings are often not activated when buying.
Users should review these settings and set up accordingly. This also includes PINs, codes or patterns for securing the SIM card and the device itself. If an encryption of the device is offered, this should be activated. Before disposing of old phone, data should be deleted and the old SIM card removed and destroyed if not used in the new device.
Myth # 4: "Of course, I've enabled automatic updates and updates to the operating system and apps, so I do not have to worry about vulnerabilities."
Automatic updates are useful, but not every detected vulnerability is immediately an update ready.
Although the manufacturers of operating systems and apps are mostly trying to provide updated versions of software after the disclosure of vulnerabilities. But because of the variety of device types and versions of software on the market and operating systems, it may take longer to deploy security updates, or none will be available for specific issues. Depending on the vulnerability, it may be recommended during this period not to use or disable certain features. Even with a preset automatic update, users should always be sure that the programs are up-to-date. Some app manufacturers do not provide updates for all operating system versions.