Whether it’s spying, stealing your money or general victimization, an unsecured smartphone can be a recipe for misery. Here’s how to block hackers from your phone.
Keep Your Phone (And Apps!) Updated
When your phone tells you that there’s an important update – install it! These days, small security updates are frequently pushed out to both iOS and Android phones. They are usually patches that fix newly-discovered exploits.The release of the patch also signals the existence of the exploit to the world, so expect many hackers trying their luck, hoping to find unpatched phones in the wild. While not quite as critical, you should also keep your apps updated. Especially if there’s mention of security issues in the update description. Poorly-written apps can sometimes open a door to your phone, depending on the type of exploit. It’s pretty rare, but not so far-fetched that you should postpone app updates indefinitely.
Don’t Sideload Apps or Use Dodgy App Stores
The Google Play Store and Apple App Store both have quality control measures in place that help ensure malicious apps don’t make it onto your phone. It can still happen, but by and large you don’t have to worry about apps on these official storefronts. The real problems come from manually installing apps (sideloading) on your device that come from sources you can’t trust. Pirated apps are one notorious example. Such apps often contain malicious code. If you use these, you might as well just hand your phone with its passcode to a hacker. Sideloading isn’t bad by itself. There are plenty of trustworthy apps that you can install that way. However, you need to be 100% certain of their origin. On Apple devices you can’t sideload applications or use alternative app stores without “jailbreaking” the device. You can read more about the risks involved in our article on the Cydia alternative app store.
Use a Strong Screen Lock
All smartphones allow you to set up a security lock. So that if someone picks up the phone they can’t simply get into your apps or start looking through your information. Having such a lock is an essential way to secure an Android phone from hackers, but what’s even more important is choosing a lock type that has the right level of security. The traditional pin code is very secure. We recommend using at least a 6-digit code, but even a 4-digit code is fairly strong. With six numbers there are a million possible combinations and with four there are ten thousand. Given that most phones allow for limited guesses before the device locks up or wipes itself, that’s more than enough. It can be tempting to use biometric locks such as fingerprint or facial recognition. Think carefully about it however, since facial recognition can still be fooled in many cases. Not to mention that someone can unlock your phone by pointing it at your face or forcing you to place your finger on the scanner. Pattern locks can also be a problem, especially if you leave the pattern smudged onto your screen!
Use a Biometric Killswitch
If you do decide to stick with biometric locks on your smart device, learn how to quickly disable them. You can learn about how to do this in iOS in our Face ID and Touch ID article. On modern iOS devices you hold down the power and one of the volume buttons to disable biometrics. If you have anything from the iPhone 5s to the iPhone 7, you can disable biometrics by pressing the power button five times. Familiarize yourself with your iOS device’s killswitch before you ever have to use it for real. If you have “Hey Siri” activated, you can also disable biometrics by simply saying “Hey Siri, whose phone is this?” All of these methods only last until the next time you lock your device again. On Android Pie and newer, open the phone settings and look for something called “lock screen settings” or “secure lock screen settings”. The exact menu wording might differ depending on your brand of phone. There should be a setting called “Show Lockdown Options”. If you toggle this on, then pressing the power button from the lock screen will show you a “Lockdown Mode” button. If you select it, your biometrics will immediately stop working, requiring a passcode to open the phone up.
Avoid Public WiFi
Public WiFi networks are the perfect hunting ground for hackers looking to score an easy payday. Why? Because when you’re on a WiFi network with other users you don’t know, your devices can see each other’s network traffic. That means that any unencrypted data sent by your phone can be read by other users with the WiFi password. It also means that your phone can be attacked directly via its local network address. If the public WiFi provider has misconfigured their network security, it could leave your device vulnerable. The best way to block hackers from your phone is to avoid these networks entirely.
Use a VPN
If you must use a public WiFi network, then it’s essential that you use a virtual private network (VPN) app to encrypt all the data passing through your network connection. We’d recommend only using a credible paid service. It’s going to cost a few dollars a month, but it’s well worth it.
Use Non-data Cables for Charging
The port your phone uses for charging is also a data connection. We know that this probably isn’t news to you, but have you considered that this data connection can be used to compromise your phone? It’s possible to install malware on a smartphone through the USB port. Which is why crafty hackers will swap harmless chargers in places like airport lounges or coffee shops with compromised ones. Once you plug in your phone to charge it, the device loads the malware onto your handset. If you absolutely must use a public charging point, get yourself a small charging-only cable. These cables lack the wiring for data transfer, making it impossible for even a hacked charger to do anything to your phone.
Perfect Security Doesn’t Exist
No matter how many countermeasures you take against hackers, there’s never going to be a foolproof defense. So make sure you take extra measures, such as encrypting your most sensitive information, never keeping things such as password lists on your phone, and generally practicing good cyber security habits. It’s also worth considering that most hackers don’t really target the technology itself. Instead they tend to target the people who use that technology. It’s called “social engineering” and hacker attacks such as phishing are common examples of it. No security app will protect you if you’re fooled during a moment of inattention! So the best tip we can give you to block hackers from your phone is to cultivate a security mindset! That will let you adapt to new threats as they appear and make it that much more likely you’ll avoid becoming the next hacking victim.