Protecting the Super Computer in Your Pocket
We all have mobile phones, just about everybody today has got a smartphone. And what we forget is, these are incredibly powerful computers. Some of you may remember Apollo 11, some of you may not. But it turns out when we placed the man on the moon for the very first time, all of the computing power that was available to NASA was stored in a multi-story building, so it was just full of computers. And if you added up all of that computing power that made it possible to land a man on the moon, it is infinitesimally smaller than the computing power you have on your mobile phone today. That is the power of Moore's Law, and that is the power of the device that you have in your pocket, so don't just think of your phone as a phone, it is literally a supercomputer by historic standards. And we use if for everything, right. Think of all the different ways you use your mobile phone, you use it to pay for things, you use it as your bank, it is your maps, you use it as a camera, both for still pho...
tos and you of course can use it for videos. So many of us jam to our tunes, listen to music on our mobile phones. We use it of course for email and for social networking. Many of us have used dating apps, not me of course, but other people I meet have used dating apps. And so your mobile phone is a central part of your love life, and oh by the way, your mobile phone can also make phone calls. For millennials, a phone call is when hit dial and talk, voice wise with another person as opposed to just texting. Just a little public safety announcement there. But the point of it is, is that you need to consider all the implications of the device and what it can do. And unfortunately, even though mobile phones are great for all of those different tools, they're entirely hackable. Like all other computers, it's hackable. And so we need to think about how we can protect that. There is specialized malware, specialized viruses, that will go out there and infect your phone. And it can turn your own phone against you. It can take over your microphone, your GPS, and even your battery, for some of those crypto currency generating malware tools that are out there. And, finding these tools is really really easy. There's a tool out there that you can see called MobileSpy. And MobileSpy is a company that will allow somebody to send you either a text message or a social media link or an email, and just by you clicking on that infected link, it will allow a third party to entirely take over your phone. It will allow them to read your text messages, your WhatsApp messages, get your real time GPS location, monitor your Facebook, like you can buy this online now today for 25 bucks. The company that sells it claims, well it's so you can monitor your employees or your children, right. To me, this looks a lot like hacking a phone. And, you know, we have federal laws against breaking in to information systems, including it. But super easy to get and that's how vulnerable your phone is. And I want you to think about all the trust that you have placed in the various screens in your life, including your mobile phone. How many of you have ever dialed an 800 number from your phone? How many of you have ever dialed your bank from your phone, right? We've all done it, we've dialed our bank from our phone. But I've got a question for you, when you type in one 800 my bank and hit dial, how do you know you're actually being connected to your bank? You don't, right. You think you may be talking to Citi Bank or Bank of America, and instead your call could be rerouted via malware so that you're connected you know, to Peggy over there in Ukraine so that you can talk to her. You know, lots of people at these call centers have different accents, and you would just never know. And it turns out that there's very specific malware that knows the 800 numbers of all the different large financial institutions, and so when you punch in that number, your call can be routed to one of those places. Particularly in Android sphere, there's a lot of malware of that type. And they'll talk to you and they'll say, oh hello good sir or madame, what's your account number, what's your password, what's your mother's maiden name, I just need to verify it. And then after 50 questions, they're going to say, oh I'm sorry our computers have just gone down, can you call back? And in the meantime, they're going to take all your data and clean you out. So it's very important to lock down your phone. In general, I'm going to give my opinion here, in general I personally believe that iPhones and iOS devices are safer, okay, as a broad rule of thumb. I think the safety and security on them is much more locked down. I don't think Android is a bad device, I don't think Google has created a bad product, but there are some systemic issues at play when you're working in the Android world, and I'll explain them. When it comes to Android, Google's created a great product. But, the big difference between the iPhone and Google is that the iPhone is a closed environment that Apple owns. All of the software is locked down, theoretically, and encrypted, or at least it's supposed to be. In the Android world and the Google model, they believe in open source, which means that anybody can get the code, which gives hackers lots of opportunities to go ahead and try to modify it and figure out how to break into it. This happened just a couple of years ago. There was a hack out there that allowed somebody just by sending a text message to a billion phones to take them over. Think about the insanity of that, somebody sitting in their house hacking away. And some 16 or 30 year old could just go ahead send a global text message and infect a billion phones, right, so the threat scales and it's scaling internationally. So, this is a target against Android, and that attack really concerned me. There's an other statistic you should use and be aware of, or you should be aware of, is that 97% of malware targets Android devices. All right? Go to the iPhone, reduce your risk by 97%, right. Small steps can make a big difference. And again, the reason why they do it is because it's an open source system and it's easier to get access to the underlying code. There's a few other reasons to understand that make Android systemically less secure, and it has to do with the ecosystem itself. The iPhone ecosystem is closed, it's much more policed, the approval processes to get things the stores, the official app stores, is much more difficult, versus in the Android world. In iPhone world the iPhone and Apple is controlled by Apple. They own the device, they own the operating system, they own many of the apps and it's locked down. When you're on an Android device, your operating system is by Android. Your mobile phone could be from Samsung, and the particular version of your mobile phone has been further modified by T-Mobile or Verizon or Voda Phone or one, Telefónica whatever it may be. So you have three different chefs in the kitchen, all making their own modifications and changes to the software. Which causes conflicts, which causes bugs, which causes opportunities for bad guys to break in. And updates are not nearly as frequent in the Android world. The latest version of Android is Oreo, okay. That came out in August of 2017. As of 2018, .7% of users are using Oreo. That means 99% of people are not on the latest version of the software. You'll remember from our updates section how critical it is to update your software to fix bugs. If 99% of the people are using an older version of the software, they're at risk. In fact, today, 2018, 75% of Android users are using a version of the software that comes from 2015 and before. And there have been thousands upon thousands of known vulnerabilities. So having it updated is really important. Compare that to the iPhone. According to research, the iPhone adoption rate for iOS 11, which is the latest version that came out, has already reached 65%. So .7% of Android users are on the latest version of Android and 65% of iPhone users are on the latest version. So knowing that I told you earlier updating your software is the most critical thing that you can do, this tells you a really important story about safety and security. And again, in the iPhone world, it's not, in the iPhone world, because Apple controls the whole ecosystem, they can push out these updates to people. In the Android world, you have three different players. You've got the mobile phone network company, you've got the Android software company, and you've got the handset company, and they each have different goals, right. The handset manufacturers don't want to constantly update the software, because if they can give you the latest, greatest software there's no reason for you to go ahead and buy a new phone. So there are structural disincentives in the Android world that also means that there are fewer and fewer updates. For those reasons, I personally find that iPhone is a better security choice for most people. One of the things you may be thinking about besides security is also your privacy. And, one of the things that these phones are really good at is monitoring your location in real time. And this happens both on the iPhone world and in the Android world. The good news is, you can turn it off. It was just announced that your iPhone is tracking wherever you go. And they previously had a feature called frequent locations, and now it's called significant locations, so they changed the name of it. But what this does is measure where you go in real time and keeps that data, right, so they can track you. So they know all the bars you go to, they know what your gym is, they know where you work, et cetera. And you can plot it out on a map like this. So if you have the significant locations feature turned on your phone, then Apple is able to see this about your life. And this is what's called a pattern of life. The police use it to find you, spies use it to find you, and advertisers use it to track you in real time. They want to know what you're doing. Now you make think, again, I've got nothing to hide, why would I care. Well we all go places that we may not want to share with the rest of the world. For example, if you happen to be cheating on your spouse. If six nights during the week, your iPhone is on the nightstand next to her iPhone, and one night a week your iPhone is on the nightstand next to somebody else, that information is knowable, and guess what, we're starting to see that data subpoenaed in court records during divorce proceedings, okay. If you happen to be going to a women's reproductive health clinic, right, for personal health reasons, you might not want everybody to know the fact that you were there. If you spend, you know, 16 hours a day at a bar, that information is knowable, and there's no restrictions on what people that track you can do with this data. So know, for example, if we know you're at the bar for 16 hours and you go to apply for health insurance, in this age of big data, I'm going to say well, this guy is a heavy, heavy drinker. I'm not going to give him an insurance policy. If you visited an HIV clinic, if you participated in a street protest, if you ever went to a gay bar, not that there's anything wrong with any of these things, but some people may wish to keep that information private. So location is a really key factor on privacy in your own life. The good news is, as I said, you can turn it off. On the iPhone you go into settings, you go into privacy and location services, and there all the way at the bottom, you'll see something called significant locations. You can turn that off. Now, if you think the situation is bad with iPhones, in Google world it's even crazier. This story just came out last week, and what was amazing is a researcher at Fox News actually did a technical study of the Android phone. How many of you ever put your phone in airplane mode, right? So you think, okay, I'm not connected to the internet, there's nothing going on. They were able to walk around the city, I believe it was New York or Chicago, and for a few hours, they went to the zoo, they went here, they went there, and one of the things that they happened to do, is put their phone in airplane mode, presuming that no data on their location would be gathered. Three hours later, they turned on the phone, and it turns out even in airplane mode, the Android phones were tracking everybody's actual location. And the minute you turn your phone back on, all of that data was uploaded to Google servers. All right? So again, some really interesting privacy considerations of all of this. Now, why would you turn on location services? Well obviously, if you want to use a map, for your GPS so you can drive some places, you need it. But there's an other really good reason to turn this on. According to the L.A. Times, there are five million lost or stolen mobile phones every year. If you want to get your phone back and you've got location features turned on, you can use the feature both in Android and iOS, that will allow you to track your iPhone. And I think with five million people losing their iPhones and iPads alike, this is a good feature to have. Samsung has one as well. Now, for those of you who go ahead and sign up and buy the class, all of this information on how to protect your smartphone and all the other sections that we talked about are going to be covered in the resource guide and we also have some really cool infographics that are filled with some of these statistics as well as the steps you need to do to protect yourself. And of course, when you purchase the class you get the complete personalized action plan for your own cyber security.