dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6
share rss forum feed


HA Nut
Premium
join:2004-05-13
USA
reply to Steve

Re: Security risks of security hyper-awareness

I am far, far from being any kind of expert but I have setup numerous iPhones and Androids for friends. A couple of random thoughts (not necessarily aimed at you Steve)...

There are location privilege level adjustments by app in the Settings section on the iPhone (something that doesn't appear natively in Android from what I've seen.) This should give some granularity in location sharing control.

As already pointed out, Find My iPhone does not require another i-device (or a 3rd party app.) Just set it up on the phone (under Settings) and if the phone needs locating, log into the iCloud webpage. A user must create an Apple ID but if the user doesn't trust Apple to be able to do that, then one shouldn't buy an iPhone (I feel the same about Android and Google, but I know many out there don't share my opinion!) After all, Apple makes the phone and the OS!! (BTW, it's easy to setup an Apple ID without a credit card. Just download a free app (which can be deleted later if desired) on the phone. Before you download the app, you are directed to create an Apple ID and while doing so, skip the bank card step. This same ID will then be good for the iCloud account.) (FWIW, Android does require 3rd party apps for lost/stolen location. There are many available with varying options.)

IMO, if a cell phone (smart or even less than smart) allows remote location/wiping, it should be on and available. Even if a phone owner has taken great pains to minimize the amount of personal/private info on a phone, it still contains phone numbers and other info that's likely best kept private.


BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

A while back a journalist got hacked, and what did they do? They remote wiped all his idevices...



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

said by BlitzenZeus:

A while back a journalist got hacked, and what did they do? They remote wiped all his idevices...

Hence backing up your devices.

For me it turns out this is unusually easy: I listen to audiocourses all the time, so I connect my iPhone to my PC a coupla times a week to update my content, so I usually run a backup at the same time. When I got my new iPhone, I was restored to within the last 2 or 3 days: I'm lucky that my personal habits aligned with best practices.

But they don't always.

For exercise, I take power walks in the hills near my house, some of them quite strenuous, and I have a killer exercise app that runs on my phone. Tracks my progress with GPS, alerts, etc. Love it.

But the auto-lock was making me crazy when I was out on a walk: I'd look down to see how I was doing and would have to unlock it, all while huffing and puffing. So I turned off the PIN code and the auto-lock. This is a terrible idea, of course, but since I really don't have anything really sensitive on the device (on purpose), and since I never let it out of my sight, I figured it wouldn't be so bad. Oops.

It turns out I had just discovered a feature of my walking app that disables the auto-lock while there was route in progress, which does *exactly* what I want, but I had not re-enabled all that stuff yet.

On the new phone, I now have all the security features enabled: auto-lock, a PIN code, and find-my-phone. Since I now know that backing up is something I actually do, I enabled the wipe-on-10-wrong-PINs feature.

Live and learn.

Steve
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

I did something similar with my phone, except rather than disabling lock (it's easy to unlock, just slide the display up) I disabled password protection on it. Even with the keyboard, it got annoying to keep entering the password. (And it's connected to my company email. Go me.)

Luckily I had it with me the day someone broke into my house and swiped my personal laptop, which, being my personal laptop and not containing any truly sensitive info, was not encrypted. It was protected only by a Windows (XP) password and a power-on password. It was also in sleep mode when it was taken. Much like your phone, I didn't even have anything running on it that I could use to locate it remotely.
--
Think Outside the Fox.