One Step Ahead
November 8, 2011,
Volume 58, No. 11
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Vulnerabilities of Smart Phones
Today’s smart phones (such as the iPhone, Android, Blackberry, etc.) include a variety of features that have made them indispensable to their owners. The ability to list nearby restaurants, instantly read reviews of the store you are standing in, or simply map your current location and quickly get directions, are just a few. All three of these examples rely on Global Positioning System (GPS) capabilities that are built in to many phones which allow it to be tracked to within a few dozen feet of its actual location. Additional GPS-related services include:
• personal security, such as improving 911 response, or voluntarily monitoring and tracking;
• device security, including tracking the location of a lost or stolen device;
• interactive tourism and gaming;
• opt-in targeted discounts and coupons.
Unfortunately, the benefits of GPS introduce new vulnerabilities as well. Vulnerabilities that may be exploited by malicious hackers, jilted lovers or greedy corporations for the purpose of spying on you and documenting your activities, or invading your privacy for the purpose of targeting you for a product or some other marketing material.
To help preserve your privacy and personal security, we suggest the following:
• Protect your device with a passcode that only you know.
• Only install mobile applications from trusted sources.
• Be judicious about enabling location-based services on your phone and carefully consider the implications to your personal privacy. Turn these services off when not in use.
• Avoid clicking on unsolicited attachments or links delivered to your phone via email or SMS (text messages).
• Keep your mobile device software up- to-date and monitor what applications are installed. Check your bill monthly.
If you have concerns about GPS and your smart phone talk to your cellular provider. For additional suggestions on how to improve your privacy, contact your Local Support Provider or firstname.lastname@example.org
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/