TrendLabs Digital Life E-Guide: The 4Ws . - Trend Micro (UK)

ADIGITAL LIFE E-GUIDEThe 4Ws and 1Hof Mobile Privacy

You’ve been tinkering with your newgadget for a few good days, sending email,downloading apps, browsing Facebook andwhatnot, when all of a sudden, one of thosepesky pop-ups indiscreetly hogs your screen.It’s another product page that’s not in anyway related to what you’re currently doingon your device. But you do rememberseeing that page before. Perhaps it’sbecause you just searched for it earlier, yetwhy does it suddenly feel like it’s searchedfor you instead?That’s just one example of how your privacyis breached even while using mobile devices.What do you do to protect your privacy frommobile threats like this?

Who?You and your rightto mobile privacy

The United Nations recognizes everyone’sinherent right to privacy.1This right is violated every time someone triesto access your personal information, in anyform or platform, without lawful reason or yourconsent. If a friend, for example, borrows yoursmartphone to spy on your Facebook account,he or she disregards your right to privacy.Cybercriminals are notorious violators of mobileprivacy. They create malicious apps such asdata stealers, which target your personal andfinancial information. Free, high-risk appsalso pose a number of privacy issues with theamount and type of information they collect. Forinstance, some of Germany’s top Android appscan possibly expose your location, equipmentidentity, and address book.21 22 loses/

What?Key areas to look overYour Device’s Connectivity FeaturesYour device’s connectivity features are viable waysfor cybercriminals to get information from you.These features are seen as locked doors they haveto pick to get in. Such is the case of Bluetoothand wireless connections, both are intended tomake communication easier but they can also beused for malicious reasons. Cybercriminals haveaccomplished this on Mac desktops using theINQTANA worm, which is able to send malicious filesto available Bluetooth devices that accept them. Theworm opens computers to further malicious routines,like malware dropping and information theft.More manufacturers are incorporating near fieldcommunication (NFC) standards on devices as well.This technology allows you to share content, makepayments, or perform other external transactionswith a tap on a scanner. As convenient as it maysound, this can also be a point of entry for maliciousroutines.33 lligence/good-nfc-habits/

Your Device SettingsDefault device settings can be seen as stronglyworded suggestions that you can further optimizefor added protection. This means, you are allowedto change your mobile device’s security settingsto make sure no one has easy access to it.Your Mobile BehaviorHaving mobile devices can make you surf onlinemore frequently, but does it change your behaviorwhen it comes to security? Remember that youbecome more vulnerable to mobile threats as youimmerse yourself in mobile activities like socialnetworking, shopping, and banking. Oversharing,not checking app permissions, and clicking onmalicious links are ways to invite cybercriminals.When it comes to app usage, you have mobileadware to consider. Although most advertisingnetworks are perfectly legitimate, some areknown to collect personal information and pushads as notifications, often without user consent.4At least 7,000 free apps using aggressiveadvertising modules were downloaded over amillion times as of October 2012.4 obilereview/rptmothly mobile review 201209 the growing problem of mobile adware.pdf

How?“Privacy in peril” scenariosFree AppsWho doesn’t love free stuff? There are thousandsof free apps from legitimate and third-party appproviders you can choose from. But downloadingfree apps often has a trade-off: free service for yourpersonal information.5Surprisingly, a majority of consumers (73%) are willingto trade personal information if they get something inreturn, like free mobile service. Remember that eventhe smallest bit information you give, like an addressor a birthday, is all that cybercriminals need to takeadvantage of you.Device Loss or TheftIn a survey done in September 2012, nearly one inthree cellphone owners lost their device or had itstolen from them.6 Even if you try to guard your appsand device settings, when you lose your phone, theinformation it has can still put you in a sticky situation.This is more so because of an existing lucrative marketfor stolen devices and the information they contain.75 8/consumerintelligence201208.pdf6 15404577334152199453024.html7 15404577334152199453024.html

Ever-Changing End-User License Agreements(EULAs)You’ve seen it before, those online services asking you toagree that they can change their EULAs at any time, with orwithout notice. Home movie provider, Blockbuster.com, wasrejected in court for using the said line to their privacy policy.8However, this doesn’t seem to stop popular services fromapplying caveats on EULAs that are detrimental to userprivacy.9 By not reading EULAs, you may already be allowingdevelopers to sell your photos, track your web activities, orhand over personal information to authorities.Bring Your Own Device (BYOD)Three in four companies allow employees to use theirpersonal devices such as laptops, netbooks, smartphones,and tablets for work-related activities.10 As the BYOD trendcontinues, cybercriminals will use it as a motivation to getpast your defenses to access both your personal and workinformation.It’s not just cybercriminals, though. Your company’sIT department can use a set of protocols that do notdifferentiate personal from work-related data, allowing themaccess to your information.Your device can also be used as evidence in court. You can beobliged to submit the device for review, with all informationintact, even if only work-related information is pertinent tothe case.118 d 3897327d-161d-49df-b31c0b448bb1898a9 /10 siness/white-papers/wp decisiveanalytics-consumerization-surveys.pdf11 ure/

Why?All about the money

Cybercrime is driven by one agenda: money. Yourmobile devices are simply a means to an end forcybercriminals. They gain by stealing the informationstored on your smartphones and tablets and thenfinding ways use them for profit.And just like your data, your reputation is also at stakeevery time a cybercriminal gets hold of incriminatinginformation against you or the organizations yourepresent. There are malware, like the SMS spy toolfor Android, that steal private SMS messages anduploads them to a remote server.What you stand to lose in the case of a mobile privacybreach really depends on how you use your device.1212 .aspx?language de&name PIXSTEAL and PASSTEAL Sport New Ways To Steal Data

What now?Reinforce your privacyMobile privacy breaches may appear to be easyfor cybercriminals, considering the problem areasdiscussed. However, there are still stops you can pull toprevent being victim to such scenarios.Follow this General Checklist: Control how much information your device shares bychanging its privacy and browser settings. Here youcan tweak settings on location and network sharing.Activate screen locks, and change your passwordsevery three months to minimize chances of hacking.Remove compromising photos, videos, and files thatyou’re not comfortable with from your device.Regularly clear your mobile browser cache to escapedata leakage in case a malware tries to sniff yourdevice for information.Monitor your app and account settings, to make suresharing and connectivity are secure.Adjust your device’s data encryption and configureyour passwords.

Pay Attention to Apps Remove apps not in use. Select which apps really need location or address book access. Use your mobile browsers’ or browser apps’ private browsingsettings, especially for sensitive banking transactions.Prepare for Device Loss or Theft Take note of your account credentials or use a convenientpassword manager in case you need to reset them because ofdevice loss or theft. Backup files in the cloud. Trend Micro Mobile Backup andRestore automatically stores the irreplaceable informationfrom your device without wasting its battery life. Prepare to contact the authorities, your service provider, andany concerned organization to avoid the malicious use ofyour identity and to block bill charges. Enroll your devices to a remote service that allows you to find,lock, or wipe them. Trend Micro Mobile Security PersonalEdition does these and prevents uninstallation without yourpassword.Ask these about BYOD Agreements Are you required to produce personal devices for forensicanalysis? Does this apply to devices shared with other family members? Who will get access to the personal information stored in yourdevice? Can your company track your location? Under whatcircumstances can this happen? Are you required to let them?Do they notify you if they do this? Are these systems active outside regular work hours? Are your personal online activity monitored and logged? Is this information retained when you leave yourorganization?

TREND MICRO TRENDLABSSMTrend Micro Incorporated (TYO: 4704; TSE: 4704), a globalcloud security leader, creates a world safe for exchangingdigital information with its Internet content securityand threat management solutions for businesses andconsumers. A pioneer in server security with over20 years’ experience, we deliver top-ranked client, serverand cloud-based security that fits our customers’ andpartners’ needs, stops new threats faster, and protects datain physical, virtualized and cloud environments. Poweredby the industry-leading Trend Micro Smart ProtectionNetwork cloud computing security infrastructure, ourproducts and services stop threats where they emerge—from the Internet. They are supported by 1,000 threatintelligence experts around the globe.TrendLabs is a multinational research, development,and support center with an extensive regionalpresence committed to 24 x 7 threat surveillance,attack prevention, and timely and seamless solutionsdelivery. With more than 1,000 threat experts andsupport engineers deployed round-the-clock in labslocated around the globe, TrendLabs enables TrendMicro to continuously monitor the threat landscapeacross the globe; deliver real-time data to detect, topreempt, and to eliminate threats; research on andanalyze technologies to combat new threats; respondin real time to targeted threats; and help customersworldwide minimize damage, reduce costs, and ensurebusiness continuity. 2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro,Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

TREND MICRO Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver top-ranked client, server