Sunday, May 13, 2012

Cell phone Hacked ? (Panic .......)

6 year ago accessing the voice mail of some once else cell phone was fun for me. Now 6 year down the line being in security profession I consider it as crime. But recently I come across a case where the data from smart phone was compromised.

What data?

Yes data which include your emails, sms, calendars, events, logs , notes and more over if you are accessing your bank account some of the vital information about that too. Ya don’t you think that if these information goes in the wrong hands can cost you a lot of pain, money, and heartache. Again, hopefully you phone is never hacked, but you should be aware that it is possible.

How does it sound to you?

Scary, Yes I am having same feeling and scared now. Since my cell phone is my universe around me. That’s a human nature some of the events bound us to think about the objects or subjects which is very obvious for us and we never thought about it.

Since then I started thinking about

What needs to be done if I am thinking my cell phone is hacked?

What should I avoid if I am not interested to allow anyone to hack my personal data?

Research gave me fair idea but; again memory full so it’s better to share before it’s dropped from my memory. Might be 6 year down the line someone will give me my tips back to me with addition of his findings.

First what facilitate hacking of your cell phone by others?

1. Open source freely distributable cell phone tracking software. (Used for tracking the lost/stolen cell). These apps are having ability to read the most sensitive information and pass a feed to server. Wow I never thought that how come this feature can be exploited to gain the information from others. Are you?

2. Integrating your personal device with for official work aha (BYOD). Gotcha one pit fall of BYOD. (Can’t you think that if organization is taking a declaration that they are authorised to wipe a data on your device if they feel that organisation data is compromised). If I have access of such server which is pushing these policies I would definitely love to see some of the communications of selective people.

3. Downloading the trial version of applications for your device. (could be malicious too)

How I will get to know that my cell phone is hacked?

Ticking Noises – If someone is tapping into your conversations, you could hear some ticking noises in the background as the device works. These are typically the devices that have to be implanted into the phone or near it. Technology is moving quickly beyond this requirement, but it is possible.

Disrupting Sounds – This can be difficult to decipher because many cell phone providers are so crappy these days. You can’t really tell if that is your provider’s network messing up, but you should be aware of these sorts of sounds. They could be someone listening into your conversation.

Abrupt Disconnections - If your phone typically doesn’t drop calls, but all of a sudden you are experiencing it more than normal, then you may be hacked. Again, depending on your wireless provider, this could be common, but hopefully you have a network worth staying with. If not, then switch.

Accounts Tampered With – If your accounts have been tampered with, then you know something is wrong. This could be your bank account, facebook account, or anything else. Inconsistencies mean someone is in your phone, computer, or has direct access to your information. It is time to change passwords and make sure you cut off the source.

What should I do if my cell phone is Hacked?
1. First of all need to change all the passwords and everything to them, not using your phone. Go into the institutions and get this done in person. You cannot allow this situation to spill over into your money. (Bank account, email, Facebook, LinkedIn etc. etc.)
2. Disconnect all the data connection and if possible change the sim to decade old cell phones.
3. Next you need to take your phone into your provider and have them run a diagnostic test on the phone. Your provider should be able to spot any sort of hacking program on the phone and make sure it is eliminated/not eliminated if you are interested to sue the person or organization who is responsible for this.
4. If you are interested to file a law suit take cell phone as is for forensics and get the evidences of hacking. (In lot of countries these evidences are considered as secondary evidence and can be produced alone in court of law)
5. Format and reload the cell phone OS (Again not from same PC where you regularly connect this cell phone.)
6. Delete all the backup data of cell phone from your PC or laptop.
7. Install only most required and useful apps only.
8. Regularly monitor usage of installed app on your cell phone.
9. Avoid rooting or jailbreaking.

How to prevent my cell phone to be Hacked?
Let’s start from very basics
1. Use complex passwords.
2. Don't share your phone passwords with anyone at work or in social contexts. Shield input of passwords when in public.
3. Disable Voice Mail (Why you need a voice mail on Cellphones?). It’s always with you and if you are not available you are genuinely not available.
4. Don’t use the same password for all your phone accounts.
5. Update your phone password as often as possible.
6. Disable Bluetooth and if it’s required avoid discoverable mode.
7. Install reputable security software on the phone
8. Do not integrate your very personal devices with your organization systems.
9. Keep your cellphone always with you.
10. Disable cookies, flash, javascript, and other extension within the mobile browser.
11. Do not remember the password on browser and applications.
12. Avoid unsigned applications downloading.
13. Monitor the applications usage installed on your cell regularly. (If you feel that any of the apps not used by you and it’s showing in recently used list investigate it.)
14. Very important segregate the personal and official cellphones.

Be secure be happy :)

Tuesday, May 01, 2012

Good SVP National Police Academy Refer My Blogs !!!!!!

Getting a good feeling that in National Police Academy of India my bogs are getting referred. Hope in next 5 years good number of IPS would know me by name.

Also feeling good that some of my write-ups and article is useful for such a prestigious organization in India.

I got to know about it today when I was trying to analyse the audience of my blog and their interest.

But yes it's happened when I left India after getting a huge pain and trauma from Police Department and Regional Passport Office of Hyderabad.

Keeping it for my memories.



Which DLP Solution is Better for VDI

That's a Nice Topic, isn’t ?
I am getting lots of mail on advising them which solution is better for VDI.
Network Based DLP or End Point Agent Based?
What's your thought about it?
Will wait for comments on this and then going to publish my opinion.