- keep photos or files you don't want other people to see
- connect to wifi networks that aren't your own
- have an airtime contract / substantial PAYG balance
If so you're potentially at risk from having phone out of security support. It's up to you to make a judgement as to the risks of data being stolen. But it's simplistic to just say 'I don't use my phone for banking so I'm OK'.
Not really. Yes there are passwords but I can change them in less than
30 seconds
yes, but then they are all being spammed already
No
No
Sure, but I don't do anything serious over tyhem
No.
Well I do understand internet risk.
All that is really at risk is my email passwords, which wouldn't take long to change as they are controlled exclusively by me, and email and whatsapp and skype contacts.
But they are a lot less at risk than contacts of people with windows on their PCS ad outlook style mail
I dont regard my phone as in anyway my main way to do *anything* except satnav.
I regard it as a cheap nasty utterly insecure piece of far east crap that is just about usable if I cant get to a proper computer.
It's a handy camera, and video camera, a pretty good satnav, useful for scanning wifi networks and has a good guitar tuner app. I can at a pinch read ebooks on it. It is usable as an emergency email client if I have not got my laptop.
And it receives text messages from the NHS and my bank and from people shipping me stuff.
Making sure it DOESN'T get nicked is easier and cheaper than spending a fortune on it.
The Natural Philosopher snipped-for-privacy@invalid.invalid wrote: [snip]
What E-Mail passwords? :-)
I run an SMTP server on my home desktop machine, mail gets delivered direct to that machine, no mailboxes with passwords along the way.
However I do wonder about people thinking their E-Mail can be secure in any real sort of way. I was always told to treat an E-Mail like a postcard, *anyone* can read it as it passes through. Dropping it into a locked letter box at the end of the journey is rather shutting the stable door after the horse has bolted.
Encrypted E-Mail is better, but only a bit, if someone has a copy then they have as much time as they like to decrypt it, much easier than brute forcing a login password where any half decent system stops you after a few attempts.
The problem with email security these days is not people intercepting it in transit, it's people gaining control of your account. Then they either impersonate you (depends how gullible your contacts are at clicking on bad links or responding to fraudsters - not something you can control), but more of a threat is using your email to gain control of your other accounts.
How many services are you signed up to that have a 'forgot password' option where they send you an email with some reset information? How many of those try and do 2-factor authentication by SMS? (your phone has been compromised, don't forget).
Think about how many accounts control of your email and SMS give you. It's probably a large number. Then think about what malicious things you could do with control of those accounts. That's the problem to be concerned about.
Yes, I always wonder at these given the lack of security of E-Mail. As I originally said E-Mail really, really isn't secure. If someone guesses your mail password and has access to your E-Mail it makes things easier but it's simply *so* easy to fake an E-Mail that anything that uses this to do something that really needs to be secure is not very clever.
But what does "control of your email" mean? Any fool can send an E-Mail that, unless analysed in considerable depth by someone with a lot of network/mail expertise, will look as if it comes from 'you'.
SMS is probably slightly better (but maybe that's because I know less about how it works).
Somebody finds out your email password or other login credentials, perhaps by phishing or hacking an app on your phone. They use this to login to Gmail / Outlook / whatever mailbox as you (even the webmail on your own server). Then they go to your online shopping/etc accounts and go 'I forgot my password' and the password reset message gets sent to the mailbox they now control. Now they can reset the password to something they chose, and have a login on your account. For bonus effect, you now can't login to the account with the old password. As a second defence, they now change the email address on the account to one they control.
Just think about the number of places you've used your email address for some shop or service, and that should indicate the scale of the problem.
If your phone is compromised, they can intercept your SMS too. Actually, it doesn't even need to be compromised - on Android there's a permission that says 'apps can read my SMS'. In previous times at install time Android would give you a long list of permissions an app was requesting and you could take it or leave it. If you agreed to install the app it got all the permissions, and of course app developers asked for all the permissions they could, all the better to datamine you. These days Android will ask about 'dangerous' permissions and you can deny it - but then all they need to do is come up with a plausible reason the app might want to use SMS (eg many apps text you a code as part of a signup process and would ask to read the SMS)
iOS just bans apps access to SMS, end of problem.
(unless your phone is hacked, for which the exploits are very valuable and much less of a concern unless you're a high value target)
But what do they do once they have access to a shopping account? I
*never* save credit card details there so they won't be able to buy anything without paying for it themselves. They could see what I've bought in the past, how exciting!
If they change the email address on the account then it's no longer my account at all and I care even less what they do with it! :-)
Very true. It never ceases to surprise me just how many calls from a mobile have terrible audio quality. Even in London where you'd expect the coverage to be OK.
I chuckle every time I hear the BBC interviewer on the news, confronted by an unintelligible interviewee on the other end of a poor mobile phone connection saying "we seem to be having problems with your line".
In message <FlYbH.114085$ snipped-for-privacy@fx31.am, at 09:48:36 on Sun, 27 Sep
2020, Jim GM4 DHJ ... snipped-for-privacy@ntlworld.com remarked:
£129 from Amazon, although I gave up on Galaxy phones because of the non-standard Android and associated bloatware.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.