By Dipesh Shah
Even as we move towards a better normal, the pandemic has definitely changed our relationship with technology, accelerating the shift towards digitisation. We are now working from home, being informed about latest technology trends, enjoying the innovations in online media and shopping as the smartphone continues to occupy centre stage in our lives. For many of us, it has replaced our laptops and wallets, and even house keys.
Even as we expand the use of a smartphone, we need to learn to be aware and have skills to deal with the issues around privacy and security of our data and our behaviours. While our IT security readiness has increased when it comes to usage of laptops and desktops, as more work shifts to the smartphone, it will attract those who could trade in your privacy and security for their benefit. For instance, Cybersecurity firm IronNet reported that cyberattacks have increased 168% between May 2020 and May 2021, with attacks on smartphones becoming one of the biggest cybersecurity threats in the Asia Pacific region.
While developers may need to create software backdoors for apps and other software for easy access when troubleshooting, hackers, many a times, are able to discover the backdoors, exposing our data and privacy. To prevent such unauthorised backdoor access, it is best not to download unauthorised apps that could introduce malware or spyware into our smartphones.
Hackers and cyber attackers are on the lookout for zero-day software vulnerabilities that may have been discovered but not patched yet by OEMs. The biggest danger is rooting which disables most of the internal security features of an operating system. Some OEMs have built-in hardware and firmware features that will protect your device from such zero-day vulnerabilities by making it difficult for untrusted code to be booted on your device. If the software is not digitally signed by someone in OEM’s chain of trust, then the phone won’t load the software at all. The digital signature guarantees, with cryptographic assurance, that the operating system software being loaded has not been modified. That eliminates one favourite technique for rooting phones.
Rollback protection is another method used by OEMs to prevent hackers from loading an out-of-date and unsecure version of the phone’s firmware.
Security of a device should cover hardware, software, systems and applications. Smart and complete security measures on the phones are needed to detect any compromise with device or data. On the privacy side, users need control in terms of what data and permissions are granted to their apps and for what purpose. Samsung’s defense grade security platform Knox, for example, ensures that the data on your smartphones is secure and users are provided easy tools to manage privacy of their data.
When you are home, sharing your devices with siblings, spouse and parents is inevitable. Many of us, however, tend to have some aspects of our digital life that we want to keep discrete. Solutions such as Samsung’s AltZ life allows users to quickly switch from private to public mode at press of a button when sharing their phones.
User device security and data privacy is an extremely important topic today. Consumers should spend time understanding and using the tools provided by OEMs. They offer security updates on a regular basis to users, which one should install at the earliest to protect the data on their smartphones.
The writer is managing director, Samsung R&D Institute, Bangalore