Stop your phone from be­ing hacked

A few tips that could have helped Jeff Be­zos.

USA TODAY US Edition - - MONEY - Jef­fer­son Graham

LOS AN­GE­LES – If Saudi Ara­bia or some other for­eign gov­ern­ment wants to get into your phone, it’s go­ing to hap­pen. Your only op­tion: Turn off the in­ter­net and just use the phone to make calls.

“They will get you,” says David O’Brien, a se­nior re­searcher with the Berk­man Cen­ter for In­ter­net & So­ci­ety at Har­vard Univer­sity. “Of course, it depends on how high a value of a tar­get you are.”

Ama­zon CEO Jeff Be­zos, whose phone should be un­hack­able and as se­cure as Fort Knox, was com­pro­mised by Saudi Ara­bia, ac­cord­ing to his se­cu­rity pro Gavin De Becker.

“Our in­ves­ti­ga­tors and sev­eral ex­perts con­cluded with high con­fi­dence that the Saudis had ac­cess to Be­zos’ phone and gained pri­vate in­for­ma­tion,” wrote De Becker in the Daily Beast.

Click­ing one bad link on a web page or vis­it­ing a web­site that had the mal­ware in­stalled by the Saudis could have done it, says O’Brien. He adds that sim­ply down­load­ing an app from the Ap­ple or Google app store that wasn’t se­cure also could have pro­vided a path­way for the Saudis to en­ter.

Cooper Quintin, a se­nior staff tech­nol­o­gist for the Elec­tronic Fron­tier Foun­da­tion, says any­one can be hacked, even Jeff Be­zos.

“I wouldn’t as­sume that anybody is too smart to click a bad link on a smartphone,” he says. “If he got a mes­sage that said, ‘Read this ar­ti­cle,’ or `Look at what they pub­lished about you,’ even if he had the most se­cure, up-to-date phone, there is noth­ing you and I or Jeff Be­zos could do about it. Anybody can be hacked.”

Still, O’Brien and Quintin have five tips to se­cure your phone. It won’t keep a for­eign coun­try de­ter­mined to strike away, but it will strengthen your se­cu­rity.

In­stall up­dates

As soon as you get the no­tice, take the time and get it done, says O’Brien. “The up­dates are usu­ally se­cu­rity patches. As soon as the patch is iden­ti­fied, there’s a chance the vul­ner­a­bil­ity could be dis­cov­ered by hack­ers. So that’s a flaw that needs to be patched as soon as pos­si­ble.”

Up­date pass­words

Have dif­fer­ent pass­words for ev­ery web­site you go to. It’s a lot of work, but O’Brien says that if one pass­word is hacked, the hacker then as­sumes you’ve used the same one else­where, and the pain fol­lows you all over your dig­i­tal life. He likes pass­word man­agers such as LastPass to keep track of the var­i­ous pass­words and to gen­er­ate hard-to­hack, com­pli­cated com­bi­na­tions of let­ters, num­bers and sym­bols. LastPass starts at $3 monthly. Adding two-fac­tor au­then­ti­ca­tion is an­other safety pre­cau­tion. In­stead of log­ging in with just your screen name and pass­word, you have to add in a unique code, which makes it harder for hack­ers to break into.

Never tell any­one the pass­code

“Don’t leave the phone in any­one else’s pos­ses­sion,” says Quintin. That in­cludes let­ting your sig­nif­i­cant other, as­sis­tant or co-work­ers know how to open your phone.

Don’t open ran­dom links

This is Tech 101, but if you get an email or text mes­sage with noth­ing but a link in it, it’s prob­a­bly mal­ware. This is the type of hack that the Rus­sians used to tap into Hil­lary Clin­ton’s e-mail. Cam­paign chair­man John Podesta re­ceived an au­then­tic-look­ing but phony Google se­cu­rity up­date. One click of the link, and the Clin­ton cam­paign e-mails were stolen.

O’Brien rec­om­mends in­spect­ing links closely to make sure it’s a rep­utable name and trust­wor­thy. Bad links are pretty easy to spot.

If you’ve never heard of the com­pany, that’s a pretty good sign it might be prob­lem­atic.

“If you don’t rec­og­nize it, Google around it to see if any­one else re­ported prob­lems,” says O’Brien. Quintin also sug­gests con­tact­ing the friend that sent the e-mail or text with the link and ask­ing if it was for real.

Run an­tivirus apps on the phone

Sev­eral apps prom­ise pro­tec­tion for your phone, in­clud­ing Avast Se­cu­rity, Look­out and Mo­bile Se­cu­rity Pro­tec­tion. Avast, for in­stance, prom­ises no­ti­fi­ca­tions if any of your pass­words are found leaked on­line (pass­word man­ager Dash­lane of­fers the same ser­vice) and of­fers se­cure brows­ing with a pri­vate vir­tual pri­vate net­work. The cost is $20 yearly with VPN ser­vice.

Quintin says up-to-date iPhones and Android phones are re­ally se­cure and a chal­lenge for hack­ers. It can cost as much as $1 mil­lion to hack into an up-to­date phone, he adds.

“It costs so much be­cause it takes a lot of work and time,” he says. “That type of money is re­served for high-pro­file tar­gets, like a top CEO or pres­i­dent of a coun­try.”

We reached out to both Ama­zon and De Becker for com­ment but didn’t get a re­ply as of pub­li­ca­tion time.




The front page of the Jan. 28, 2019, edi­tion of the Na­tional En­quirer fea­tur­ing a story about Ama­zon founder and CEO Jeff Be­zos’ di­vorce.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.