- Millennials Prefer Plastic to Cash for Small Purchases
- Many Believe That Carrying a Balance Will Improve Their Credit Score
- The Top-Rated Credit Cards in the US
- 17 Remarkably Easy Ways to Raise Holiday Shopping Cash
- Take 5: A Roundup of Reads From Around the Web
- Want to Improve Your Health? Contribute to a 401(k)
- JPMorgan Chase, Other Big Banks Fall Prey to Hackers
- New California Law Mandates Smartphone Kill Switch
Money Talks News has given you 7 Ways to Prevent Identity Theft, 3 Tips to Prevent Identity Theft on Social Networks, and even advice on how to protect yourself from old-fashioned ID theft from your mailbox. Now comes the newest threat, and it’s right in your pocket.
We’re talking about your smartphone, and it has nothing to do with British reporters hacking into them, although we’ve explained how they did that, too.
PCWorld recently reported that a new study from security firm viaForensics found that popular apps – including those from Amazon to Facebook – might be allowing hackers to easily pluck your personal information.
ViaForensics tested 100 popular apps on both iPhone and Android systems and graded them in one of three ways: pass, warn, or fail – and only 17 percent of the apps passed while 39 percent failed. Here’s a basic breakdown of what the categories mean…
- Pass: Your password and username are encrypted, or written in code, making it harder for hackers to copy and paste.
- Warn: Either your password or your username isn’t encrypted, but stored as plain text, giving hackers the opportunity they’ve been waiting for.
- Fail: All of the private information is in plain text – and in plain sight for the bad guys.
Who failed – and why
The 39 percent of apps that failed have a lot in common – most of them are social networking apps like Twitter and Facebook. Of all social networking apps tested, 74 percent of them failed, 26 percent got a “warn” rating, and none passed.
Why would an app choose to not protect its users? Chris Palmer, a digital rights advocate, told The New York Times that many sites prioritize speed over security…
“The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense.”
If you don’t think that’s a big deal because it hasn’t affected you yet, you might be wrong. According to USA Today, many hackers simply place monitoring software on your phone and watch what you do and when you do it. The problems could come later, when you least expect it.
It seems that banks are the most willing to foot the bill of security. Financial apps (like mobile banking) got much higher scores. Only 25 percent (8 apps out of 32 tested) failed. In fact, the study claimed that financial apps were indeed the safest.
What you need to know – and do
So how do you protect yourself? Two ways.
First, check out viaForensics’ list of tested apps. If the one you want to download is on it, consult the app’s score. You can click on the score for an in-depth look at what it means.
Second, know your apps’ weak points and be prepared. ViaForensics says people tend to use the same password on multiple devices. I know I do. According to Consumer Affairs, many people use obvious passwords, like ABC123 – the most common one. And even worse, they tend to use the same password on multiple apps and websites. If a thief hacks into one vulnerable app, he can gain access to everything in your phone that’s not encrypted. And that can include your password from other apps. In other words, once a hacker gets into your phone through one insecure app, all of your information may be at his disposal.
Even if your password is encrypted in sensitive apps, an experienced hacker might still figure it out — especially if it’s an obvious password.
Make a hacker’s life harder and better your odds by following these steps…F+Wsdfadoe&h
According to a technology consultant at Sophos Security Software, a password like that works. How did the expert come up with it? He created a phrase: “Fred and Wilma sat down for a dinner of eggs and ham.” Easy enough to remember, right? Now, keep only the initials of all of the words: F + W s d f a d o e & h.
If that’s too much trouble, PCWorld suggests various tactics to come up with strong passwords…
- Use a different password for each different account
- Avoid using proper names, pets’ names, dictionary words, or names of sports teams
- Use a mix of uppercase and lowercase letters
- Use a mix of symbols, like &, %, $, #, @, etc.
Second, if you’re going to input passwords or account numbers, stay away from Wi-Fi hotspots, as they tend to be more dangerous and susceptible to hackers. Best to stay at home when dealing with sensitive data on your smartphone.
Also check out Smartphone Addiction: How to Save Yourself – and Your Wallet