Thursday, May 14, 2009

Protecting Your Cell Phone

Secure your mobile devices using the following steps.

Phone/SIM Locks
Most modern cell phones offer multiple levels of code locks simi­lar to the password in PCs. While it may be inconvenient, you should seriously consider code-locking your phone, especially if you are on the move for an extended period of time.

The first, of course, is the SIM card PIN Code. You will normal­ly be given a PIN code when you purchase your SIM card. Actually you will be given four sets of codes when you purchase the phone: PIN1, PIN2, PUK1, and PUK2.

❍ PIN1 activates your phone when you first switch it on.
❍ PIN2 is used when you need to access some advanced func­tions.
❍ PUK1 is used if you forget or enter the wrong PIN1 code. If you enter the wrong PIN1 code three times, the SIM card locks and you will need to enter the PUK1 code to unlock it and reset your PIN1 code. If you lose your PUK number, there is no other recourse than to get a new SIM card from your cell phone serv­ice provider.
❍ PUK2 is similar to PUK1, and is used for PIN2.

Along with the above, you should also consider locking your phone with a phone-specific security code. This will effectively stop anyone from accessing the phone if they do not know the code. Even if they switch off the phone, remove the SIM and replace it with another, they will still be unable to access the phone without the security code.

One other measure is to use a keyguard code for locking your phone. Most cell phones support automatic locking of the keypad after a period of inactivity. This prevents dialling if the keys get inadvertently depressed when in your pocket. You will have to press a combination of keys (Nokia: Menu *) to unlock the phone or to manually lock it. You can set your phone to require a code when you unlock your keypad. Also make it a habit to manually lock your phone immediately after a call. Sometimes, the keyguard will fail to kick in as some key has already been accidentally depressed before the keyguard acti­ vation time-out.

In a scenario where a thief steals your phone and tries to make a call, the keyguard code will block access on an already-powered on phone. On restarting, the PIN request for the SIM will thwart him. If the SIM is changed, the phone's security code will also block access. The phone will become practically useless to the thief. You can rest assured that all your personal data will be protected, even though you may not be to recover it! Also, the thief could attempt to reset the security code by calling the cell phone vendor's customer service and pretending to be the owner. To prevent that, inform them of the theft as well as your mobile phone's IMEI number.IMEI is short for International Mobile Equipment Identity. Every mobile device in the world has a unique number. The IMEI number will be usually found under the battery slab, Many phones will also display the IMEI number if you key in *#06#. Of course, you will need to take this precaution beforehand and store the IMEI number in a safe place—not on your cell phone, and not in your wallet!

If you have a Nokia phone, forgotten your security code, and have the IMEI number, you can go to http://nfader. z-host.ru/ and generate a master security code using your phone IMEI number. You can use the master security code to override your personal security code and gain access to your mobile. You can then reset the security code as required

Bluetooth Hacking
Bluetooth is great. You can snap pictures, take video clips with your camera phone, transfer it to your laptop, or beam it across to a friend's mobile. However, if you do not secure Bluetooth access on your phone, it is easily "discoverable" by other Bluetooth devices in the immediate vicinity. A person with a Bluetooth­enabled device can send you unsolicited messages, transfer virus­es and worms to your phone, or even gain access and steal your personal data and / or corrupt it. An experienced Bluetooth hacker can gain access to your mobile phone commands, using it to make phone calls, send expensive international SMS messages, write entries into your phonebook, eavesdrop on your conversa­tions, and even gain access to the Internet.
Bluetooth criminals are known to roam neighbourhoods with powerful Bluetooth detectors that search for Bluetooth enabled cell phones, PDAs, and laptops. They are known to fit laptops with powerful antennas that can pick up Bluetooth devices from with­in a range of 800 metres! The latest tactic is to force Bluetooth devices in hidden mode to pair with the attacker's device. This, however, is very labour-intensive, and is most often used against known targets who have large bank accounts or expensive secrets.

How it works
Almost all cases of Bluetooth attacks are a result of improper setup of the Bluetooth device. In most cases, Bluetooth devices are con­figured at security level 1, where there is no encryption or authen­ tication. This enables the attacker to request information from the device that will be helpful in stealing it.Once stolen, not only is the data on the device compromised, it will also compromise the data on all devices trusted by it.

This can then be used to eavesdrop on conversations between other devices.Additionally, Bluetooth uses the Service Discovery Protocol (SDP) to determine what services are offered by what devices in range. Attackers can use this information to launch service-specif­ ic attacks on any of the devices.If the attacker is able to obtain the link keys and the address­ ing of two communicating devices, he can launch a man-in-the­middle type of attack where all information is routed through the attacker's device.Attackers can also eavesdrop on devices that are pairing up for the first time. This will give the attacker sufficient information to use an algorithm to guess the security key and pretend to be the other device.

Avoiding It
Securing your Bluetooth phone is easy. Take these few simple steps to ensure that your device is protected from Bluetooth attacks.

❍ Switch off Bluetooth when you are not using it. This will pre­ vent unauthorised access for the most part. Only enable Bluetooth when you are actively transferring data from or to another device.
❍ Use a strong PIN code, one that is at least six to eight digits or longer.
❍ Many devices offer tons of features to maximise the usability of your Bluetooth connections. Review the documentation and dis­able all that are a security risk, and pay special attention to the security settings. Use encryption by default and only disable it if the device you are communicating with doesn't support it.
❍ Ensure that Bluetooth is running in hidden mode. When you are pairing it with another device, like a headset, you will need to run it in discoverable mode. Do this in a secure location like inside your office or home. Once the link has been established, go back to hidden mode. If for some reason the pairing breaks when in a public place, wait till you are in a secure location before re-pairing the two devices.

Be aware of where you are. If you are in an open, public place, it is best to disable Bluetooth. Public wireless hotspots are a favourite hangout of "Bluejackers"

For more information
http://www.bluetooth./
http://www.microsoft./
security/cell_ phone_virus_ threats_why_ they_shouldnt_ be_dismissed. mspx News Article on Securing Data on Mobile Devices (registration required)
http://www.washingtonpost./
http://www.fcc.gov/
http://www.wiredsafety./
http://news./
http://www.pcmag.com/
http://www.privacyrights./
www.privacyrights. org/fs/fs2- wire.htm http://idtheft. about.com/ od/preventingide ntitytheft/ a/Cell_Phone. htm

Note : All collections are published here were collected through email and Internet. I bear no responsibility for these contents.

1 comment:

  1. This information is useful for my mobile which was unlocked by mobile-code. I am in favor to buy the blue tooth for my mobile.

    ReplyDelete