Online security graphic
Graphic: Arindam Mukherjee | ThePrint
Text Size:

New Delhi: There’s good news and bad news for Indians worried their phones will be hacked and spied upon, as happened with around 1,400 WhatsApp users earlier this year.

The bad news first: There is no 100 per cent foolproof method to ensure your data and devices are safe from hacks and unauthorised access 100 per cent of the time.

“The only way to make sure your phone is not hacked is to take a hammer and break it to pieces,” said cybersecurity analyst Jiten Jain, CEO of Indian Infosec Consortium, a non-profit engaged in the sphere of online security.

Satyajit Sinha, a cybersecurity analyst working with the firm Counterpoint Research, urged constant vigilance. 

In a real-world scenario, constant vigilance may not be possible — you could end up logging into an unsafe public WiFi network to send an urgent message, or leave your password scrawled on a paper somewhere. 

Unfortunate events like these increase our vulnerability to ill-intentioned individuals, but here’s the good news — there are a few things you can do to boost your defences.

For one, according to IT expert Khemchand Sharma, one ought to use discretion while downloading apps. “Only download apps you need, that you understand the purpose of, and that are verified by the online store you download it from,” added Sharma, who is also a member of the BJP national IT and social media campaign committee.

Additionally, he said, a user should monitor the data use of apps. “If data usage is too high, then you should be alert, it may be some malware,” he added. He also suggested deleting sensitive information from devices as soon as possible.

Victims of the WhatsApp hack found their devices compromised to spyware via calls made through the app. Perhaps the most worrying aspect was that it didn’t matter if they answered the malicious call — the damage was done anyway.

Sharma acknowledged that the WhatsApp hack had cast a shadow on its reputation for safety and security, but said you can continue using the chat platform since the company is “taking safety measures and not all users are vulnerable to hacks”. 


Also Read: WhatsApp surveillance: Are Supreme Court guidelines on tapping outdated & need strengthening?


More layers of security

Jain suggested using two-factor authentication for your devices, which means a second step of verification in addition to a password. 

“Have your personal devices like phones and laptops audited by cybersecurity professionals every six months,” he added. This should throw up any malware and vulnerabilities present.

“Never click on untrusted links or download any attachments sent by unknown people and never conduct sensitive transactions like banking on public WiFi like at airports, cafés and shops,” he said.

According to him, the security afforded by email providers like Google’s Gmail, Microsoft’s Hotmail, and Yahoo is good enough for the general user. But users should definitely use a two-factor authentication to secure access to the email account, he said.

Several journalists and activists have started using an end-to-end encrypted email service called ProtonMail, based in Switzerland, and an encrypted web browser called Tor to prevent surveillance, but Jain claimed that it was important to first understand what entities have created and are managing such services before using them.

“And if you are going to use VPN [virtual private network] to use the internet without being monitored, make sure it is not from a malicious provider but a reliable provider,” Jain said.

Then there is the advice we often ignore when signing up with different web-based services — make sure your passwords are hard to guess, and typically a combination of letters, numbers, and special characters (@#$% etc). In addition, said Sinha and Jain both, passwords should be changed frequently, every three months or so.

“1234 is not a password, it is easy to guess,” added Sinha. 

“Don’t use the same password on multiple devices and online accounts — it makes it easier to hack you,” he said.

He also suggested regularly updating software to patch vulnerabilities, and buying mobile security software from firms like Norton, Avast, or McAfee instead of settling for free versions 

It is important to recognise that cyber-crime is a business, not just a technological issue or a ‘system glitch’,” Sinha added. “The defences, therefore, have to be constantly reviewed and updated…”

Samsung users can store sensitive data on the “Knox” platform, a software that allows the user to isolate sensitive data with an additional layer of security.

Security features enabled by hardware 

If all this isn’t up your street, try using a feature phone aka dumb phone, which allows internet access but doesn’t have many of the advanced offerings of their ‘smart’ counterparts.

Hackers typically don’t target these phones since they don’t support or store enough data to be worth hacking.

If you have the money, investing in a premium smartphone with greater security — enabled by hardware — is a good idea too. Sinha said iPhone 5s onwards, Apple started embedding phones with a ‘Secure Enclave’, a hardware component enabling memory encryption to keep your data secure.

Another big tech player, Samsung, implements the ‘Physical Unclonable Function (PUF)’ in Galaxy S10, S9 and Note 9 and 10. 

PUF is a physical entity embedded within the SoC (system on a chip, the brain of a smartphone). It gives the device a unique identity that can’t be cloned, hence making it harder to tamper with your phone.


Also Read: WhatsApp hack lasted 2 weeks, but Israeli spyware used on Indians since 2017


 

ThePrint is now on Telegram. For the best reports & opinion on politics, governance and more, subscribe to ThePrint on Telegram.

Subscribe to our YouTube channel.

2 Comments Share Your Views

2 COMMENTS

  1. Mostly useless suggestions.

    1. Most hackers do not care for the device passwords; they get access as the root.

    2. Same applies for the “other” so called “secure” services. Bank passwords, for example, are stolen from the bank servers.

    3. Hardware security is only slightly better; but the system used by the Israeli spyware is very sophist acted and your password or device security will not matter.

    4. Last month I too got missed calls from abroad but I cannot figure out what they are.

    5. The sophistication of the Israeli spyware can be seen from the cost of the software; and it can be purchased only with tax payers money.

    6. It is impossible to have a modern software without ANY weak spot or vulnerability.

LEAVE A REPLY

Please enter your comment!
Please enter your name here