Security misconceptions: Mobile security

In this first instalment in our series on "Security Misconceptions about the Internet" we handle the topic "Internet Security". There are dozens of misunderstandings that are repeated over and over, becoming accepted as the truth far too quickly with no actual evidence to prove them. The BSI has identified some common misconceptions and here we show you how to minimise the risks that can arise from misunderstanding IT security.

Misconception 1: 'The data I store in the cloud is securely protected against unauthorised access by third parties.'

Data stored using cloud services is not always adequately protected.
Storing user data in cloud-based memories or activating automatic synchronisation between the cloud and your mobile device is not enough to keep your data secure. When you use these kinds of services, remember that your data is not encrypted and that providers may use it for their own purposes. While reputable cloud providers do ensure the 'security' of the data in the cloud, there are dangers when you access the data. Criminals can use malware on your smartphone, tablet or PC to obtain your access data or even your data in the cloud. And in the event of theft, your cloud data is only as secure as your mobile device:

For example, if criminals need only crack the four-digit PIN or the basic locking pattern and are successful, they can easily access the cloud using the device's stored access information to steal, modify or delete data. When you access the cloud via public WLANs, personal information can also be intercepted by third parties during transmission.
Before you decide on a cloud service, check who the provider is, where they are located and where their data centres are. Here, we have put together a list of cloud computing risks and security tips for you to use.

Misconception 2: 'Surfing on public WLAN saves money and is secure.'

Unfortunately this is only partly true.
The free public WLANs available in places such as train stations, cafés and hotels are a tempting offer, as they allow you to browse the Internet on the go without eating into your monthly data allowance. Public WLAN connections are typically not secure because the data transfer between mobile devices and the router creating the Internet connection is usually not encrypted.

Unfortunately, this leaves the door open to the collection of unprotected data or the insertion of malware onto a user's device. For this reasons, you should never use public WLAN connections to send confidential data unless they are first encrypted locally on the device or are sent via a virtual private network (VPN). This is usually the case if you want to access your home or company network. In general, users of mobile devices should only switch on the WLAN function when they need to use it, as this will minimise the risk of unauthorised access. Some devices offer extended security settings for connecting to public WLANs.

When you disconnect, the hotspot should be deleted from your list of preferred hotspots to prevent your device from automatically reconnecting at a later stage without your knowledge.
Click here for our security tips for using public WLANs.

Misconception 3: 'When I purchase a new smartphone, my device is automatically secure.'

Unfortunately a new device is not automatically more secure.
When you buy a new smartphone, the operating system installed on it may not be the latest version. Before you start using the device, you should always check whether the firmware is up to date and, if necessary, immediately update the device with all of the relevant updates. However, even for known vulnerabilities, smartphone manufacturers do not always provide updates for every type of device, meaning these vulnerabilities may be present on new devices for many months and may never be resolved. Another thing to remember is that the security settings are often deactivated when you purchase a device. Users should check the relevant settings and configure them as appropriate.

This also includes PINs, codes or patterns to secure the SIM card and the device itself. Before disposing of your old device, all of the data on it should be deleted; your old SIM card should be removed and destroyed if you do not intend to use it in your new device. If the device has an encryption function, activate it. Click here for further information on protecting your smartphone and other devices.

Misconception 4: 'Of course I have activated automatic updates and updates to my operating system and apps! I've no need to worry about vulnerabilities.'

Automatic updates are useful, but an update to a resolve a known vulnerability may not be immediately available.
Of course, operating system manufacturers and app developers usually make efforts to provide updated versions of their software when weaknesses and vulnerabilities are identified. However, as there are so many different models and software and operating system versions on the market, it can sometimes take a little while to provide security updates, or it might not be possible to provide an update for a specific problem.

Depending on the vulnerability, it might be a good idea to deactivate or refrain from using certain functions while you await an update. Even when automatic updates are set as the default, users should always check whether the programs are actually fully up to date. Some app developers do not provide updates for all operating system versions. Sign up to our newsletter for regular updates on the latest vulnerabilities and security risks.

to the top