Time to get moving!<\/p>\n
Today’s challenge – Smartphone Security I –\u00a0Direct Link to Guide Page<\/a><\/p>\n For once it’s really nice to see technology actually solving problems instead of creating them. When the original 30-Day Information Security Challenge was created way back in the mists of time (March 2016), most smartphones did not ship with encrypted storage. That meant that someone like me whose job it is to extract data from mobile phones had a pretty easy time of it, even if I didn’t know your PIN for the device. Since “The Fappening” (don’t Google it, NSFW), Apple started to take their users privacy seriously (to a degree that doesn’t impinge on their revenue). Samsung followed suite and Google eventually caught up (to a point). What this means is that the second half of today’s challenge is redundant for you, if you have a reasonably new Apple iPhone, specifically one running Apple iOS8.<\/p>\n For Android users, things are slightly more complex (isn’t it always). If your phone is on Android 6 (Marshmallow) or above, your internal storage is encrypted by default, but if you’ve inserted a memory card (microSD card) into the device, you’ll need to encrypt that one manually.<\/p>\n The first part of the Challenge is relevant for everyone: change your access PIN and make it longer. Who’d have thought that was coming. At least 6-digits in your PIN, but preferably a alphanumeric passcode instead of just a PIN. Also, make sure you have the phone set to automatically wipe if a certain number of false entries have been input. You’ll need to check the instructions for how to do this for your phone, given the variety of operating systems and versions out there.<\/p>\n If you want to be really secure, you should also turn off TouchID \/Fingerprint sensors. Whilst this is very inconvenient, you need to be aware that a usable fingerprint for TouchID to work is likely sitting just above the button on the screen. I haven’t done this myself, but I know of people who have successfully compromised a phone using a fingerprint lifted off the screen. Caveat emptor!<\/p>\n Geoffrey: I’ve only recently purchased a new phone running Android 7 (Nougat) so internal storage is encrypted out of the box. The microSD card was a different story so I had to manually encrypt that. I had to come up with a new alphanumeric passcode for the phone, and I’ve made the decision to keep the fingerprint access on, but making sure to clean my screen more frequently.<\/p>\n Juan & Priscilla: Both have 3-month-old company-issued Android devices with no expandable storage so again this was pretty straightforward. Juan had only set a four digit PIN so we strengthened that, Priscilla had an eight digital PIN so we changed that and all set to go. Remote wiping of the device is controlled by the company IT people in a situation where the phone is stolen or lost.<\/p>\n Diana: As part of her gear-up for this Challenge Diana got herself a new iPhone so again, not much to do here. What was interesting though was the look on her face when I told her that someone could break into her phone by taking a fingerprint off the screen. She really wrestled with whether to leave TouchID on, but the convenience won out (at least for the moment).<\/p>\n Previous Days Here: Time to get moving! Today’s challenge – Smartphone Security I –\u00a0Direct Link to Guide Page For once it’s really nice to see technology actually solving problems instead of creating them. When the original 30-Day Information Security Challenge was created way back in the mists of time (March 2016), most smartphones did not ship with encrypted […]<\/p>\n","protected":false},"author":1,"featured_media":267,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[],"_links":{"self":[{"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/posts\/311"}],"collection":[{"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=311"}],"version-history":[{"count":1,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/posts\/311\/revisions"}],"predecessor-version":[{"id":312,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/posts\/311\/revisions\/312"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=\/wp\/v2\/media\/267"}],"wp:attachment":[{"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.smevidence.com.au\/website\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nDay 0 – Introduction to the Team<\/a>
\nDay 1 –\u00a0Installing Operating System and Application Updates
\n<\/a>Day 2 –\u00a0Set Up A Standard User Account<\/a>
\nDay 3 \u2013 Review Privacy Settings<\/a>
\nDay 4 –\u00a0Setup Private & Secure Email
\n<\/a>Days 5&6 \u2013 Weekend Project #1<\/a>
\nDay 7 – Install a Password Manager<\/a>
\nDay 8 – Change Your Passwords
\n<\/a>Day 9 – Browser Security<\/a>
\nDay 10 – Firefox Security Add-ons<\/a>
\nDay 11 – NoScript Security Suite<\/a>
\nDays 12&13 – WiFi Security Checkup<\/a>
\nDay 14 – Virtual Private Network<\/a>
\nDay 15 – Two Factor Authentication<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"