FCC Unveils Smartphone Security Checklist
For those who have smartphones but lack the technical knowhow to keep them as secure as possible, the FCC has created a website to guide them through a security check. "For people who have awareness but not expertise, this guide should provide a good starting point and some comfort in knowing it was constructed by experts," said Chet Wisniewski, senior security researcher at Sophos.
12/20/12 3:10 PM PT
The page lists various mobile operating systems and also points to a general checklist of actions users can take to secure their smartphones.
"You have to have some kind of tips for people to follow," FCC spokesperson Justin Cole told TechNewsWorld.
"We recognize everyone's time-constrained, and wanted them to be able to access the list and take simple and effective actions," Cole continued. "That's why we capped the list at 10 items and tried to make them as simple and effective as possible."
More than 120 million Americans now own smartphones, and security threats to smartphones increased by 367 percent in 2011, the FCC stated.
"There has been a rash of very public incidents of individuals' cell phones being hacked or stolen, and information hijacked, in 2012," remarked Chet Wisniewski, Senior Security Advisor at Sophos. "This, combined with most Americans now owning smartphones with much more personal information available on them, made it seem time to try and provide guidance on their safe usage."
More on the FCC's Solution
The general checklist contains tips that are easy to act upon. Among other things, they suggest smartphone users set PINs and passwords, back-up and secure data, install apps only from trusted sources, understand app permissions before accepting them, and accept updates and patches to their smartphone's software.
The list also has a link to the "Stop. Think. Connect" program run by the U.S. Department of Homeland Security and to the FCC's home page.
Users who click on the OS that runs on their smartphone are taken to the website of a vendor offering devices using that OS, Coles said. "When you get to that stage, it's more like hitting buttons or touching the screen than following a list of instructions."
Will the List Work?
"There are large numbers of people, especially children and the elderly, who are concerned about the security of their devices but don't know how to go about securing them," Wisniewski told TechNewsWorld. "For people who have awareness but not expertise, this guide should provide a good starting point and some comfort in knowing it was constructed by experts."
The checklist is useful to the degree these recommended actions are taken correctly," Ryan Sherstobitoff, a threat researcher at McAfee Labs, commented.
"I think with the increase in awareness surrounding mobile security and recent attacks on the financial sector that used a mobile threat, users may be more likely to pay attention to the tips," Sherstobitoff told TechNewsWorld. Those attacks included Eurograbber and Operation High Roller.
"Even if you don't follow all the measures, something is better than nothing," Cole said. "It literally just takes seconds to set up a PIN and password."
Pros and Cons
One of the biggest drawbacks of the FCC's tool is that people do not often follow instructions.
"We hope the press coverage will allow those citizens concerned with their phone security to take advantage of our efforts," Wisniewski said.
Sophos, RIM, McAfee, the National Cyber Security Alliance, and Symantec are among the private-sector companies that worked with the FCC to create the checklist.
In the future, users might find it easier to implement smartphone security. "Mobile applications are beginning to emerge that attempt to address some or all of the recommendations for the user," Sherstobitoff said.
For example, an app might check whether the device complies with settings that implement security recommendations and notify the user when the device is out of compliance, Sherstobitoff suggested.