IceDigger
[H]F Junkie
- Joined
- Feb 22, 2001
- Messages
- 12,089
What are your best practices for securing your phone?
Android, iOS, Winphone, BB?
Android, iOS, Winphone, BB?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How do you secure your phone?
- Thread starter IceDigger
- Start date
Bone_Enterprise
Enter in the Rear
- Joined
- Apr 21, 2006
- Messages
- 4,423
I don't leave my shit laying around?
Zepher
[H]ipster Replacement
- Joined
- Sep 29, 2001
- Messages
- 20,939
TouchID
Master_shake_
Fully [H]
- Joined
- Apr 9, 2012
- Messages
- 17,794
this.
AltTabbins
Fully [H]
- Joined
- Jul 29, 2005
- Messages
- 20,387
Touchid paired with a long password.
YeuEmMaiMai
Extremely [H]
- Joined
- Jun 11, 2004
- Messages
- 34,173
pin on phone and do not leave it laying around.
auntjemima
[H]ard DCOTM x2
- Joined
- Mar 1, 2014
- Messages
- 12,150
I don't.
longblock454
2[H]4U
- Joined
- Nov 28, 2004
- Messages
- 2,739
By not having one, tossed my cell phone in the trash a few years ago.
T4rd
Fully [H]
- Joined
- Apr 8, 2009
- Messages
- 20,112
Was waiting for this, lol. Why post?
Big gubment, and China tapping your land line and backing your PC up nightly anyways. Think you really have any privacy otherwise?
I use face/pattern unlock (weak, I know) and my phone never leaves my sight anyways. I also use Cerberus, which can do anything I want to the phone remotely should it ever get lost, including backing up and wiping the phone.
longblock454
2[H]4U
- Joined
- Nov 28, 2004
- Messages
- 2,739
I don't have a landline either..
T4rd
Fully [H]
- Joined
- Apr 8, 2009
- Messages
- 20,112
Lol, even better.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,417
PIN, encrypted device, and my phone is always on my person. I never leave it laying around. I even hate it when my wife uses it, but that's mainly because I see how she treats her phones and don't want to have to replace mine due to a cracked screen.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
No one who steals your phone cares about your data unless you are an AAA list celebrity. They only care about the hardware.
Physical access to hardware=root access to hardware.
Physical access to hardware=root access to hardware.
Ocellaris
Fully [H]
- Joined
- Jan 1, 2008
- Messages
- 19,077
TouchID
Ocellaris
Fully [H]
- Joined
- Jan 1, 2008
- Messages
- 19,077
Please show me how criminals can either unlock my phone or gain root access to my TouchID and Activation Lock protected iPhone. The phone is dead to them and only good for parts.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Does that fact matter?
It won't stop your phone from being stolen. It won't get your phone back either.
Ocellaris
Fully [H]
- Joined
- Jan 1, 2008
- Messages
- 19,077
Actually less phones are getting stolen, because the phones have little value once they are stolen...
http://techcrunch.com/2015/02/11/ap...s-to-big-drops-in-smartphone-theft-worldwide/
So yes, the fact the phone turns into a paperweight once stolen actually matters. But don't let the facts get in the way of your argument.
Last edited:
AltTabbins
Fully [H]
- Joined
- Jul 29, 2005
- Messages
- 20,387
Yeah because the people who obtained those leaks got them from the users' iPhones right? They were like "hey jay low, lemme borrow your phone for 10 minutes, I won't steal your noods lawls".
Funny in Android is that a large number of us could only get security holes patched up by rooting our phones and installing custom roms...
http://www.engadget.com/2015/07/27/android-stagefright-mms-video-exploit/
http://www.engadget.com/2015/07/27/android-stagefright-mms-video-exploit/
Last edited:
Gotta call this out. People frequently need sensitive data on their phones for work, and it's virtually impossible to completely avoid carrying valuable personal info if you like such radical concepts as "a contact list" and "email." It's better to do the best job you can securing that data than to pretend you're safe by using a basic phone and memorizing all your phone numbers.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,417
Yeah it is a nasty little exploit. I'm interested to see if they out the entire exploit or not next month. There's also no information about how it is triggered exactly. Do you have to open the MMS? Does it fire automatically in apps like Hangouts since they can pre-fetch (if enabled) the data? How hard is it to actually craft the video to make it an exploit? This feels more like hype machine honestly with the way it was announced with fanfare. That's not to say it isn't a very nasty exploit but it just feels like it's being blown out of proportion now because when the facts are released everybody is going to go "meh".
Google patched it nice and fast but an exploit like this really shows how little the OEM's and carriers care about their customers. Most devices will never see a patch for this exploit before it is shown to the world next month while others simply will never see a patch.
This also shows two keys differences between Google and Apple and their eco-systems.
1. Apple doesn't give two shits about security (we already knew this though). They still haven't patched the XARA exploit completely and it only took them 6 months and then being beat over the head after the exploit was fully outed to care enough to patch it. Google patched and pushed the code that fixed this pretty damn quick. It's already there in some revision of 5.1.1. Issue now is what I mentioned above about the OEM's and carriers.
2. Shows how much easier it is for iOS to get patches out there. Most Nexus devices won't get the OTA directly from Google, unless you bought it from the Play Store, meaning you still have to wait on the carriers.
They've explained that the attack varies depending on your app. If you're using the stock Android app (Messenger), it won't happen unless you view the message. However, Hangouts' pre-fetch will compromise you the moment the message hits.
It's a security firm's hype, to be sure, but Google does consider it a high-priority problem. This isn't just an attempt to scare you into buying antivirus software. It's just a shame that Android's nature means that most people won't get the fix until they replace their phones.
IceDigger
[H]F Junkie
- Joined
- Feb 22, 2001
- Messages
- 12,089
Is Google stealing your stuff?
Don't trust em.
Don't trust em.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,417
Yeah I saw the confirmation about the pre-fetch vs opening the MMS in a later article. Hadn't read that before my earlier post.
Definitely a big issue. Big question now is do they publish everything publicly next month even though they know OEMs/Carriers won't have the patches out in a timely manner if at all?
This is one of those times I hope they show it but don't give it to the public.
WTF are you talking about?
D
Deleted whining member 223597
Guest
By not running Android. Lulz. (This part is meant for all the angry fanboys)
Honestly though I've never run anything other than a PIN or since the 5S, TouchID (requires a password as well).
Honestly though I've never run anything other than a PIN or since the 5S, TouchID (requires a password as well).
[21CW]killerofall
2[H]4U
- Joined
- Mar 16, 2006
- Messages
- 4,064
Face unlock, that and my phone is so old, no one would want to steal it. I also don't use apps that requires an account to use (except Pandora) so there is nothing to steal but names and numbers, which I keep backed up online and I wouldn't care if anyone saw them.
D
Deleted member 108676
Guest
iPhone, finger print
Who has a landline besides grandparents and businesses these days?
That was a brute force issue.
And, since it always seems like you're angry about those nudes getting leaked, I've got some really bad news for you.
Who has a landline besides grandparents and businesses these days?
That was a brute force issue.
And, since it always seems like you're angry about those nudes getting leaked, I've got some really bad news for you.
Aside from the obvious physical protections like being passcoded/using touch ID, having Find My IPhone enabled, and never leaving it in a place where it could be stolen, I have the app for my VPN on my phone. Anytime I go in wifi I usually switch it on. It's PIA.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,417
Doesn't surprise me in the least simply because the fingerprint reader code is slapped on top of AOSP by the OEMs. Previous security researchers have show how many exploits the code for things like Sense and TouchWiz add so this really shouldn't be a surprise to anybody.
What would be interesting to know is can this be exploited on Android M which officially adds fingerprint scanning support to Android?
Android M will likely be significantly better, but the proof's in the pudding, of course.
Also, remember how some tried to paint the iPhone's Touch ID as horribly flawed because a thief could theoretically create a fake finger... and then it turned out that numerous Android phones (including the Galaxy S5/S6) were not only susceptible to the same technique, but were vulnerable to a remote attack that simply isn't possible on the iPhone? Good times.
Also, remember how some tried to paint the iPhone's Touch ID as horribly flawed because a thief could theoretically create a fake finger... and then it turned out that numerous Android phones (including the Galaxy S5/S6) were not only susceptible to the same technique, but were vulnerable to a remote attack that simply isn't possible on the iPhone? Good times.
Posting a link doesn't make you less clueless in security matters. If you had a clue you'd know that fingerprint alone is for convenience and not for security and that companies disable it on laptops/tablets that have fingerprint sensor of the swipe kind like on Lenovo. If it does get enabled it's used as part of a multifactor authentication along with password and/or token.