As spyware attacks continue, America’s Cyber Defense Agency has urged iPhone and Android users to secure their smartphones now. Here’s how, step-by-step.
Updated November 28 with CISA recommendations regarding the use of VPNs on smartphones, additional security agency advice from the U.K. National Cyber Security Centre for iPhone and Android users, as well as the already published public service advisory from the U.
S. Cybersecurity and Infrastructure Security Agency.that “multiple cyber threat actors” are “actively leveraging commercial spyware to target users of mobile messaging applications.” Now CISA has released further urgent guidance that it says individuals at risk of being targeted should “immediately review and apply.” Here’s the step-by-step instructions to secure your smartphone, with guides for both iPhone and Android, fromfacing smartphone users. It is the latter that is of concern to CISA, and should be to you as well, especially if you fall into the high-risk category of individual. That is, dear reader, a broad remit: journalists, political activists, government employees, the military, and, well, the list goes on. Better to assume you could be a target, even if only in terms of collateral damage to get to a bigger fish, and secure your smartphones as best you can.document, classified as traffic light protocol clear, meaning I am able to share the information contained within, has just been updated and, as well as including recommendations for securing end-to-end encrypted communications, has step-by-step guides to enhance the security and privacy of both iPhone and Android smartphones.Enable Lockdown Mode to limit apps, websites and features to effectively reduce the attack surface. Disable the send as text message option that would otherwise allow SMS use if end-to-end encrypted iMessage were not available. Use Apple iCloud Private Relay for enhanced security and privacy by protecting Domain Name System queries. Review and restrict app permissions, revoking those that are not essential, especially when it comes to location, camera and microphone.Use smartphone devices from those manufacturers with a commitment to long-term security updates and that support hardware-level security features.Configure the Android Private DNS option to use a high-privacy resolver such as Cloudflare’s 1.1.1.1, Google’s 8.8.8.8 Resolver, and Quad9’s 9.9.9.9.Ensure ‘enhanced protection for safe browsing’ is enabled in the Android Chrome browser.The National Cyber Security Centre, part of the U.K. Government Communications Headquarters, better known as GCHQ, has a mission-based strategy to “make the UK the safest place to live and work online.” So, it is hardly surprising to learn that it has also publishedNumber one, the NCSC advisory stated, is to ensure that you are using a secure lock screen password or PIN, not “a simple one that can be easily guessed or gleaned from your social media profiles.” That is very solid advice, and you can read more about lock screen PINs to avoid Next, we have enabling the built-in find me or tracking function, a feature of your smartphone, so that lost or stolen devices can be tracked and, most importantly, locked and data deleted if necessary. Keep your smartphone updated with the latest security patches, it’s free, mostly automated, and can save you from being vulnerable to hack attacks.Finally, and most controversially in my never humble opinion, is the “don't connect to unknown Wi-Fi hotspots” advice. While it is true that someone could have setup a malicious hotspot in a coffee shop or at the airport, the reality is that this is extremely unlikely and, given the near-ubiquity of HTTPS encryption during communications, the risk is massively reduced when it comes to the majority of snoopers. Yes, if you are a high-value individual, then you could be targeted, but someone just sweeping an entire coffee shop on the off chance of finding a profitable enough mark is slim. Indeed, most cybersecurity professionals of my acquaintance will happily tell you they connect to such networks without fear. If you are concerned, using your mobile 4G or 5G network is recommended if available, like you’d be using a free hotspot if it weren’t.CISA’s newly updated Mobile Communications Best Practice Guidance went further than just the aforementioned guidance for iPhone and Android users to tighten up their security strategy when it comes to the settings of their smartphones; it also included a strict do-not-use policy, and one that might surprise many readers..” Yes, you read that right. America’s Cyber Defense Agency, an independent operational component agency within the U.S. Department of Homeland Security, is telling smartphone users they should not use a VPN. The reason is both simple and compelling, from the perspective of such a security agency tasked with protecting a nation-state’s critical infrastructure from cyber attacks: “Personal VPNs simply shift residual risks from the internet service provider to the VPN provider, often increasing the attack surface.” Obviously, for enterprises and other organizations, there is a caveat: using a corporate VPN client to access data is an acceptable use case. There is something within this advice that applies to consumers, though, and it’s a warning that may sound familiar to some of my readers. “Many free and commercial VPN providers have questionable security and privacy policies,” CISA said.from Google, in the wake of the Online Safety Act in the U.K., and state-based legislation in the U.S., that effectively make accessing online pornography much harder. Rather than focus on the questionable policy angle as CISA has done, Google’s vice president of trust and safety, Laurie Richardson, took aim fair and square at the “malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy.”The threat actors behind such apps, Richardson continued, not only impersonate trusted consumer VPN brands, but also use social engineering, phishing, in other words, to target vulnerable users looking for information on geopolitical events or by exploiting sexually suggestive content as bait. “These applications serve as a vehicle to deliver dangerous malware payloads including info-stealers, remote access trojans and banking trojans,” Richardson said, “that exfiltrate sensitive data such as browsing history, private messages, financial credentials and cryptocurrency wallet information.” The mitigation advice, other than don’t use a VPN, is to only download your apps from legitimate, verified, official sources. Google said that you should check for apps displaying the VPN badge in Google Play, for example. Certainly do not sideload VPN apps, or be tempted to just hit accept when that ‘free’ VPN app asks for a host of permissions to access everything from your camera and microphone to your contacts and private messages. iPhone and Android users certainly nee, at least, to be alert to the risk.
Iphone Security Setup Android Security Setup Iphone Privacy Android Privacy Spyware Smartphone Security Tips How To Secure Your Iphone How To Secure Your Android Smartphone CISA Smartphone Attack Warning
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
CISA Warns iPhone And Android Users — Secure Your Smartphone NowAs spyware attacks continue, America’s Cyber Defense Agency has urged iPhone and Android users to secure their smartphones now. Here’s how, step-by-step.
Read more »
CISA Warns iPhone And Android Users — Secure Your Smartphone NowAs spyware attacks continue, America’s Cyber Defense Agency has urged iPhone and Android users to secure their smartphones now. Here’s how, step-by-step.
Read more »
CISA Warns iPhone And Android Users — Secure Your Smartphone NowAs spyware attacks continue, America’s Cyber Defense Agency has urged iPhone and Android users to secure their smartphones now. Here’s how, step-by-step.
Read more »
Stop Using Your VPN—Feds Warn iPhone And Android UsersVPN warnings are suddenly here — bans come next.
Read more »
Polish minister warns of ongoing 'cyberwar' with RussiaDigital affairs minister warns Russian operatives may attempt to breach Polish networks.
Read more »
CISA Warns iPhone And Android Users — Secure Your Smartphone NowAs spyware attacks continue, America’s Cyber Defense Agency has urged iPhone and Android users to secure their smartphones now. Here’s how, step-by-step.
Read more »