How to protect your mobile phone from cyber threats?

[Hacker]

This article was written for educational purposes only. We do not call anyone to anything, only for information purposes! The author is not responsible for your actions

Phone scams, hacker attacks, malicious code and other threats in the digital world pose a great danger to your mobile devices. How to protect yourself? Judging by the forums and online reviews, as well as official sources, the number of incidents and fraudulent schemes is growing noticeably every day. I myself regularly face this, and therefore I wanted to tell others how it is possible and necessary to deal with it. Let's say you bought a smartphone and you have a new SIM. Where to begin? I represent a small checklist for mobile phone based on Android security.

Registering a SIM card in the name and surname
First of all, after you have a new SIM-card for cellular communication, you must necessarily take and register it with the operator in your name and surname. This can be done in your personal online account or customer service center. If the SIM card is not registered, the fraudster will be able to reissue it by substituting his data, calling the last 10 calls to your number. And he will call you in advance from different phones. And its main task is for you to pick up the phone, then the call will be registered in the mobile network and get into the "printout".

Having obtained your SIM card, an attacker opens access to:

1. your online banking;
2. e-mail;
3. social networks;
4. personal accounts in online services.

Disabling hidden call forwarding
The second step is to check and disable all hidden call forwarding on your phone. They can be set by the operator itself by default, but there are times when the phone is jailbroken and the readdressing is set to "wiretapping", or the withdrawal of the money balance from your SIM card. Once, I had such a call forwarding and I was constantly wondering where the money was "going". I looked at the logs, and there daily calls were redirected 2-3 times a day to an incomprehensible number, which "ate" my account.

To disable any forwarding manipulation, there are commands (special MMI codes):

• # # 002 # - disables any call forwarding. Thus, only you will accept them;
• * # 21 # - allows you to get information about enabled call forwarding - calls, messages and other data.

Enabling data encryption on your smartphone
The third step is to enable data ENCRYPTION on your mobile device. This must be done immediately after purchasing the phone. What will encryption give? When intercepting or synchronizing confidential data, the attacker will receive it in an encrypted (incomprehensible) form. It will be very difficult, if impossible, to decipher them.

Enabling encryption on Android is as follows: you need to go to Settings -> Security -> "Encryption" and enable "Encrypt data". Then follow the instructions. Some mobile phones may need to be rooted first to access these settings.

Other useful Android security settings
They can be found under Settings -> Security:

• Disable "Show password" - when entering or typing passwords on a mobile device, they will be hidden;
• Disable "Unknown sources" - do not allow the installation of applications from unknown sources;
• Change the "Owner Information" - if there is your full name, then change it to something random, because this is the identifier of your mobile device, it is saved in log files, then it is synchronized with all services on the Internet and you can be identified.

Disable Google services for user tracking
The firmware of a mobile phone on Android, by default, is "stuffed" with unnecessary software and hidden Google services (gaapps), which collect, process and synchronize information from your mobile device with your Internet accounts 24/7. All this data then goes to Google's servers, and if a leak occurs, it will become publicly available. Therefore, it is better not to provide Google with such an opportunity (especially since you have the right to do so). To do this, even when creating a new Google Account on your mobile phone, do not agree to the following Terms:

[gallery columns = "2" size = "large" ids = "3106,3107"]

Next, you need to disable access to the history of using the smartphone, for this go to Settings -> Security -> "Access to history of use" and move all Google applications (as well as others, if you do not trust them) to the disabled position:

Next, you need to go to Settings -> Security -> Device Administrators and disable the "Find device" option - this is the Google phone search service. It allows Google Play services to remotely control your mobile device:

Disable access to Geolocation. To do this, go to Settings -> Geolocation and turn off all Google services on the "My Location" tab:

• Geolocation in emergency situations;
• Location history;
• Geodata transfer.

Well, the most important thing - go to Settings -> Google and disable everything that should not be of interest to Google on your mobile device:

Installing an antivirus
High-quality and reliable anti-virus software will be able to comprehensively protect your smartphone. This includes regularly the file system for spyware and malicious code, and ensuring access scanning control. For example, you can easily check which applications have access to the microphone, camera, GPS, phone book, etc. All these functions and many others are available in ESET NOD Mobile Security antivirus for mobile devices:

[appbox googleplay com.eset.ems2.gp]

Installing applications to determine the phone number (Call ID)
This is the next mandatory step on the road to mobile device security. Today, the most convenient, useful, practical and functional are 3 phone number identifiers:

GetContact
One of the most popular applications for identifying incoming calls and blocking telephone flooding. The application is already used by over 120 million worldwide. Getcontact identifies the caller's number from the entries in the phone books of other users' mobile devices. Therefore, if your book contains confidential numbers, it is better to delete them, or create a separate profile with an empty phone book to install GetContact. A feature of the application is a powerful spam filter based on tags from users around the world and messages about unwanted calls. Thus, the database of spammers and fraudsters is updated in real time and if the caller is marked by someone as "SPAM", then GetContact will block him. But users can also remove / hide erroneous or confidential tags. There is Premium access for this.

[appbox googleplay app.source.getcontact]

[gallery size = "large" ids = "3094,3095,3096"]

TrueCaller
Multifunctional phone call manager. Contains many useful options not available in GetKontakte. Has its own database of telephone scams, bots, spammers, which is constantly synchronized. Supports various blocking of phone numbers: by templates (country or operator code), blocking hidden, foreign numbers, blocking strangers, etc. The application has a small social network for communication and even business functions, such as creating a social card for your company, as well as special options - the purpose and intent of the call, audio recording of conversations, and much more. TrueCaller is good to use as your primary call and SMS management app.

[appbox googleplay com.truecaller]

[gallery columns = "2" size = "large" ids = "3100,3099,3098,3097"]

NumBuster​

[appbox googleplay com.numbuster.android]

Another useful application for identifying and blocking subscribers is NumBuster. It is a multifunctional call and SMS manager. It will also allow you to find out details about the owner of the phone number who called you, add information about spammers, and form blacklists. The application resembles a social network - you can create your profile, set an avatar and background image, add notes and leave comments in the cards of other users. There is even a "Neuroanalysis from Photography" (NeuroSova). In general, NumBuster contains many useful functions similar to TrueCaller.

[gallery columns = "2" size = "large" ids = "3101,3102"]

These three apps will keep you and your phone safe from unwanted calls and contacts.

Use a VPN to surf the internet
Do you often use the Internet? Then remember that all your traffic is open - for the provider, and therefore for the hacker too. To avoid this, it is recommended to use a VPN service (Virtual Private Network) - then all your traffic will pass through an encrypted connection (VPN tunnel). Among the high-quality popular VPN services, ProtonVPN and Windscribe VPN are in the lead.

[appbox googleplay com.windscribe.vpn]
[appbox googleplay ch.protonvpn.android]

You can also use the mobile TOR browser:
[appbox googleplay org.torproject.torbrowser]

Use virtual numbers to register online
Do not use your main mobile number to register in various social networks and ad services, as well as other public platforms. Knowing your number, an attacker will start punching it through various bases. I'm already silent about the fact that he can buy a base from mobile operators (and they often trade in your data). Therefore, it will not be difficult for fraudsters to identify a person by their phone number and start "bombing". Therefore, use virtual numbers - you can buy them in Skype, BIP, Viber and various other IP telephony services. Likewise, use virtual bank cards to pay for services on the Internet. The more often you show your numbers, the more spammers will bother you later.

Don't connect to unknown Wi-Fi networks
One of the most common mobile phone hacker attacks is the so-called Wi-Fi honeypot. It looks like this: you are sitting somewhere in the airport or in a cafe, your smartphone detects a free public access point "Free Wi-Fi" and it automatically connects. A form opens via the HTTP protocol, which you need to fill out. You enter your username and password and get a "free" Internet, not suspecting that by doing so you have just passed your password to hackers and provided network access to your phone. Next comes the interception and transmission of data - hackers see which sites you visit, what data you enter, etc. While you are still within reach, malicious spyware will quickly be installed to act as "parental control".

Carry out regular phone maintenance and stay tuned
And in conclusion - carry out regular maintenance / administration of your mobile phone, clean the history of calls and SMS messages, delete unnecessary files and applications, update the operating system. Be aware of everything that happens. Learn about new trends, vulnerabilities, cyber attacks. Stay in the right information field, protect yourself, your colleagues and loved ones. After all, scammers do not stand still, they are constantly evolving. New device models come out, and with them new types of attacks, risks and threats appear. The functions and conditions of mobile operators are also constantly changing. Something fresher or more complex appears. Without experience and accumulated knowledge base in today's world, it is very easy to make mistakes.

List of Internet resources on the security of mobile devices:

• Telephonnyidovidnyk - online telephone directory of telephone numbers;
• TelGuarder - spammers database;
• SyncME - check phone numbers against the SyncME application database;
• MySMSBox - search for a phone number in the Mysmsbox database;
• Reverse Phone Lookup - database of foreign numbers codes;
• ESET Club - a database of useful analytical materials from the ESET Antivirus Information Club;
• GSMARENA - foreign information portal;
• AdaptiveMobileSecurity - overseas mobile security blog;
• 3D News is a popular news portal about digital devices and web technologies;
• W3bsit3-dns.com - the largest tech forum;
• TEXMO - all the most interesting about gadgets, mobile devices, technologies;
• DroidCrunch - reviews, novelties, life hacks in the world of smartphones;
• OWASP Mobile TOP10 is a collection of risks and cyber threats for mobile devices.