Now that the holidays have come and gone, it’s time to settle in to our normal work routines for the long haul to spring.  Most of us have had ample time to tinker around with the new gadgets and gizmo’s we got for Christmas and have likely become at least comfortable navigating our way through the menus and settings on our shiny new Smartphones.  Now is probably the right time to start thinking about securing those devices.

As SMobile has shown in the various whitepapers and research projects published at our Global Threat Center, different Smartphone platforms offer different levels and types of possibilities for securing access to the systems and the data they hold.  For instance, Android, BlackBerry, iPhone, Windows Mobile and Symbian all offer the ability to set a passcode on the handset to gain access to the device.  Some platforms offer stronger protections than others, but they all attempt to limit prying eyes from gaining easy access to your device.  It is also extremely effective in preventing an attacker from installing software that we affectionately refer to as “Spyware”.  Nearly every variant of spyware that we have analyzed here at SMobile requires that the attacker physically install and perform at least some very basic initial configurations in order for the software to function properly.  The bottom line is that configuring your device to require a passcode be entered for access to be granted may be the single most effective way of keeping your information secure.

I was at my favorite watering hole this past weekend when a few friends were playing an acoustic set of cover songs.  We were all having a great time and I wanted to get some pictures of the evening.  Since I’m not normally much of a picture taker, it didn’t occur to me that my Android device does not have a flash for the camera, so the pictures weren’t coming out well.  I had another friend snap some pics for me on her phone and instead of having her MMS the pictures over to me; I chose to just transfer them to my device with Bluetooth.  One of the first things I noticed was that her Bluetooth was turned on when I went to setup the two devices for the transfer.  I immediately gave her a dirty look and pulled her aside, telling her she needed to turn her Bluetooth off when she wasn’t explicitly using it. She told me that she had no idea it was already enabled.

What I also found interesting is that when I was trying to discover her device, I also found 7 other Bluetooth enabled devices within range.  That means that at least 7 other people in the room had Bluetooth enabled on their devices, and I’d bet that not a single one of them knew that was the case.  Bluetooth is a very handy way to transfer files between mobile devices.  It’s super quick and trivial to setup and configure.  This is also true for attackers who want to send malware over to your device without you knowing.  Not to mention, it will likely help to extend your device’s battery life throughout the day. Often, Bluetooth is enabled by default and requires user intervention to turn it off.  Please, do this now.

Another handy service that is pretty standard in Smartphones these days is Wi-Fi.  On my Android device I can set it up to notify me when an open wireless network comes into range.  I can even tell my device to auto-magically connect to pre-configured wireless networks when they come into range, like the network at home or at work.  Let’s go ahead and turn Wi-Fi off unless we’re explicitly using it too.  For our iPhone users who may have jailbroken their device, you might remember the month of November where 3 separate worms were released that leveraged the default root password for OpenSSH that was installed and accessed over Wi-Fi.  Not to mention, it will also help to extend your device’s battery life.

I think we’ll stop there for today.  These are three basic settings that will go a long way toward securing your Smartphone and its data.  We’ll pick up again next time with a more in depth look at some advanced security settings that are often over looked.  For now, turn these basic services off and configure a passcode for your handset.