Privacy is the ultimate luxury, but hackers are tapping into our phones and tablets. How can we protect ourselves? John Arlidge finds some surprising answers
What’s the most valuable thing we own? Tim Cook, Apple’s boss, is in no doubt; it’s our smartphone(s). It’s not the hardware or the software that make them worth so much. It’s the digital footprint we create as we send emails and text messages, update our status and add contact files, documents, photographs and videos that then surge around the world from website to website, app to app, and server to server. ‘There’s more information on your iPhone than a thief could steal by breaking into your house,’ Cook says.
That information is priceless to hackers. It gives them the chance to steal our identities and use our credit cards, divert funds, open bank accounts, order passports in our name — and that’s just the beginning. Identity theft and identity fraud are becoming all too common. We’ve all probably had an email warning us of a possible hack and advising us to change our passwords and look out for suspicious bank transactions. How can we protect ourselves?
Those of us with paranoid lizard brains can buy super-secure encrypted handsets from new firms, such as Sirin Labs. But these come with big drawbacks. Many apps that we love don’t work well on their platforms. Most of us want to carry on using our iPhones, iPads and MacBook laptops — or their Google-backed Android equivalents — because they offer the best service.
The good news is, we don’t have to give up our Apple a day to stay safe and enjoy peace of mind. All we have to do is follow a few simple steps. So says Paul Egan, and he should know. He’s chief technology officer at Founders Factory, a London-based tech incubator which finds and nurtures start-ups with a value of up to $1 billion.
Egan’s first lesson is about the pass codes or fingerprint codes that we use to sign into our mobile phones and tablets. It’s tempting to think they offer little protection for our personal data — it’s just a bunch of digits or squiggles, after all. But the good news is, they’re a robust first line of defence.
‘It is possible to discover a four- or six-digit pass code — provided you don’t use something obvious like 123456 or your date of birth,’ Egan says. ‘But it can take hackers a long time to crack the codes, because the more attempts they make, the longer the time gap there is before they can try again.’
What’s more, iPhone and iPad users can set the data stored on their handsets to auto-destruct if an incorrect pass code is entered more than ten times. This feature makes Apple devices safer than those that use Google’s Android operating system, which includes most of those made by Samsung, HTC, LG and Sony. They lack a data auto-destruct function.
Apple also automatically encrypts everything on all its iPhones and iPads and builds layer upon layer of additional protection on top, including giving each of its devices a unique digital ‘key’, which itself is encrypted. This makes it very hard for anyone to mount a ‘brute force attack’. That’s when a hacker physically connects a device to a more powerful computer and tries to copy the data from the device’s memory and decode it.
Google automatically encrypts its own-brand Nexus phones and tablets, and pushes encryption for all Android devices. Most new high-end Android products are scrambled. But, Egan explains, some handset makers that use Android have resisted encryption because it can slow down the phone’s performance. Apple products don’t suffer the same problems because, unlike Android, which is created by Google and licensed to third-party hardware makers, Apple has control of both its hardware and software. It designs its devices’ operating system to work seamlessly with its dedicated encryption processors.
The result is that while data stored on all iPhones and iPads is automatically encrypted, Egan estimates the figure for Android devices is less than 10 per cent. Google itself admits that only 4.6 per cent of users run Android 6 Marshmallow, its safest operating system. By comparison, Apple says 84 per cent of iOS users are running its most recent and safest software, iOS 9. What’s more, Android lacks the additional layers of security and secret master key that Apple adds.
What happens when data ‘leaves’ our mobile phone or tablet, for instance when we send an email or post an image on a social networking site? The big players — Apple, Google, Twitter and Facebook — encrypt data when it is ‘on the move’. Smaller companies that make apps do not — and it is almost impossible to tell which do and which don’t. The big boys also have robust encryption in their cloud-based’ backup systems, such as Google Drive and Apple’s iCloud.
What about laptops or desktops, for those who still use them? Do the usual pass codes we set up to get into our machines offer the same protection as the pass codes on our handheld devices? ‘No,’ says Egan. ‘They lack the security protocols you find on mobile devices, which means that it’s possible to change the settings on the machine to get around them.’
This makes encryption more important on your laptop than your phone or tablet. Windows 10 Professional has automatic encryption built in and automatically switched on, Egan shows me, with the help of the Dell laptop he is working on. Apple encourages users to switch on FileVault on their machines to encrypt all data on the hard drive, but does not do it automatically.
Finally, do we need to worry about private wi-fi networks, at home or at work? ‘No. Most are encrypted by default,’ Egan says. He advises avoiding all public wi-fi if possible. ‘If you have to use public wi-fi, don’t do anything important, such as banking,’ he cautions.
So, anyone who wants to protect their digital selves should choose Apple products, enable data auto-destruct if more than ten incorrect pass codes are entered, turn on FileVault on their laptop or desktop and feel smug and secure?
‘Yes. But Apple is not perfect,’ Egan warns. ‘While its devices may be secure, other parts of the Apple eco-system — for instance iTunes — may be vulnerable to attack. If someone gets into one of your accounts that way, they might be able to access all your data.’ Indeed, there were reports in April that hackers had used Apple’s digital assistant Siri to use email accounts listed on Twitter to access contacts held on Apple devices.
Also, Egan reminds me, the biggest weakness in the entire system — no matter what type of phone, tablet, computer or encryption system we use — is you and me: ‘All the encryption in the world won’t protect you if you use a password that hackers can easily figure out.’ That’s how sensitive pictures of Hollywood actors, including Jennifer Lawrence, were stolen and published online last year. ‘Hackers will walk in through the front door if you leave it ajar,’ says Egan. ‘Too many of us do.’