1 00:00:00,740 --> 00:00:03,890 These days, we work all over the place. 2 00:00:03,890 --> 00:00:07,240 We're not just stuck in our cubicles behind a computer. 3 00:00:07,240 --> 00:00:10,430 Instead, we can be working no matter where we are. 4 00:00:10,430 --> 00:00:12,880 When I'm sitting in the line at the grocery store, 5 00:00:12,880 --> 00:00:15,910 I can be checking my email and answering student questions. 6 00:00:15,910 --> 00:00:17,440 If I'm sitting on an airplane, 7 00:00:17,440 --> 00:00:21,170 I can be texting to my friend while I'm at 35,000 feet. 8 00:00:21,170 --> 00:00:22,680 Mobile devices are great 9 00:00:22,680 --> 00:00:24,690 and they give us a lot of capability 10 00:00:24,690 --> 00:00:26,390 and a lot of connectivity, 11 00:00:26,390 --> 00:00:29,740 but we also store a lot of personal information in these. 12 00:00:29,740 --> 00:00:31,880 We do our banking, our email, 13 00:00:31,880 --> 00:00:34,560 our pictures, even our online shopping, 14 00:00:34,560 --> 00:00:36,590 all from the palm of our hand, 15 00:00:36,590 --> 00:00:39,010 and while that's all wonderful and it's great, 16 00:00:39,010 --> 00:00:40,390 we have to consider the fact 17 00:00:40,390 --> 00:00:42,690 that there is mobile malware out there. 18 00:00:42,690 --> 00:00:44,890 These devices are not immune to it 19 00:00:44,890 --> 00:00:46,730 and so, how are we going to protect ourself 20 00:00:46,730 --> 00:00:49,000 against these mobile variants? 21 00:00:49,000 --> 00:00:50,510 Well, the first thing we want to do 22 00:00:50,510 --> 00:00:54,400 is ensure that we have an antivirus solution on our devices. 23 00:00:54,400 --> 00:00:56,170 There are third-party products out there 24 00:00:56,170 --> 00:00:58,820 for both iPhones and Android devices 25 00:00:58,820 --> 00:01:00,960 that will allow you to have an anti-malware 26 00:01:00,960 --> 00:01:03,640 or antivirus solution on your phone. 27 00:01:03,640 --> 00:01:05,450 It will scan any attachments you have 28 00:01:05,450 --> 00:01:06,680 that are in your email, 29 00:01:06,680 --> 00:01:07,970 as well as check the device 30 00:01:07,970 --> 00:01:09,950 to ensure it's running properly. 31 00:01:09,950 --> 00:01:12,640 In addition to that, one of the biggest things you can do 32 00:01:12,640 --> 00:01:14,870 is always ensure your mobile device 33 00:01:14,870 --> 00:01:16,720 is patched and updated. 34 00:01:16,720 --> 00:01:19,020 That's right, just like your operating system 35 00:01:19,020 --> 00:01:21,150 on your computer, you need to ensure 36 00:01:21,150 --> 00:01:23,460 your phone is patched and updated. 37 00:01:23,460 --> 00:01:24,720 So, if you're one of those people 38 00:01:24,720 --> 00:01:27,820 that always hits Remind Me Later, don't do that 39 00:01:27,820 --> 00:01:30,790 because what happens is if there is a patch out there, 40 00:01:30,790 --> 00:01:32,020 that means that attackers 41 00:01:32,020 --> 00:01:34,060 have already been able to reverse engineer it 42 00:01:34,060 --> 00:01:36,120 and they know what the vulnerability is. 43 00:01:36,120 --> 00:01:38,560 If there's a patch, there's also an exploit, 44 00:01:38,560 --> 00:01:40,100 so always patch your devices 45 00:01:40,100 --> 00:01:42,670 and ensure your applications are updated. 46 00:01:42,670 --> 00:01:45,080 Now, if you're talking about your operating system, 47 00:01:45,080 --> 00:01:47,660 how do you update an operating system on your phone? 48 00:01:47,660 --> 00:01:49,640 Well, if you're using an iPhone, 49 00:01:49,640 --> 00:01:51,010 it's fairly easy. 50 00:01:51,010 --> 00:01:52,920 Apple will actually push a notification to you 51 00:01:52,920 --> 00:01:55,600 and say the latest version of iOS is out, 52 00:01:55,600 --> 00:01:56,990 click here to update 53 00:01:56,990 --> 00:01:58,630 or it'll ask if you want to do it in the middle 54 00:01:58,630 --> 00:01:59,850 of the night because that way, 55 00:01:59,850 --> 00:02:02,370 it doesn't take away valuable time that you're using it. 56 00:02:02,370 --> 00:02:03,512 Either way, you want to make sure 57 00:02:03,512 --> 00:02:05,170 you're updating your device 58 00:02:05,170 --> 00:02:08,040 so that you always have the latest operating system. 59 00:02:08,040 --> 00:02:09,610 Now, when we talk about Android, 60 00:02:09,610 --> 00:02:11,514 it's a little bit more complicated. 61 00:02:11,514 --> 00:02:14,610 Google puts out the base operating system 62 00:02:14,610 --> 00:02:16,510 and when there's a vulnerability found, 63 00:02:16,510 --> 00:02:18,030 they create the patches for it 64 00:02:18,030 --> 00:02:19,470 and then they pass it out 65 00:02:19,470 --> 00:02:21,290 to the different manufacturers. 66 00:02:21,290 --> 00:02:23,616 The problem is most people aren't running 67 00:02:23,616 --> 00:02:26,330 a Google-based Android device. 68 00:02:26,330 --> 00:02:29,580 Instead you may have a Samsung device or a Huawei device 69 00:02:29,580 --> 00:02:31,080 or an HTC. 70 00:02:31,080 --> 00:02:33,710 And each of these manufacturers has taken that base code 71 00:02:33,710 --> 00:02:35,520 and modified it in some way. 72 00:02:35,520 --> 00:02:38,117 So, usually you have to get your operating system update 73 00:02:38,117 --> 00:02:40,100 from your manufacturer, 74 00:02:40,100 --> 00:02:42,200 so if Google founds out there's a bug today 75 00:02:42,200 --> 00:02:43,890 and they release a patch tomorrow, 76 00:02:43,890 --> 00:02:46,450 it could be two, three, four months 77 00:02:46,450 --> 00:02:50,000 before Motorola or HTC pushes that patch out 78 00:02:50,000 --> 00:02:51,540 to your Android device. 79 00:02:51,540 --> 00:02:54,634 For this reason, Apple is a little bit more secure 80 00:02:54,634 --> 00:02:56,256 if you keep it updated 81 00:02:56,256 --> 00:02:59,480 because they do have a quicker patch and release cycle 82 00:02:59,480 --> 00:03:02,110 since they only have to support their own handsets 83 00:03:02,110 --> 00:03:05,000 and not a bunch of other manufacturers. 84 00:03:05,000 --> 00:03:06,160 When we look at that, 85 00:03:06,160 --> 00:03:08,234 we also to consider our applications. 86 00:03:08,234 --> 00:03:11,130 Where should you get your applications from? 87 00:03:11,130 --> 00:03:13,440 I recommend you only install applications 88 00:03:13,440 --> 00:03:16,110 from the official App Store, if you're using Apple 89 00:03:16,110 --> 00:03:17,730 or the official Google Play store 90 00:03:17,730 --> 00:03:19,320 if you're using Android. 91 00:03:19,320 --> 00:03:21,680 The reason for that is because these stores 92 00:03:21,680 --> 00:03:23,194 do do a check of the code 93 00:03:23,194 --> 00:03:25,130 to see if there's anything malicious in it 94 00:03:25,130 --> 00:03:27,370 before they post it to the official store. 95 00:03:27,370 --> 00:03:30,140 Also, these applications are digitally signed 96 00:03:30,140 --> 00:03:33,000 so they can't be modified once they have been updated 97 00:03:33,000 --> 00:03:34,597 and placed into the store. 98 00:03:34,597 --> 00:03:37,800 While I said that, that is not always the case 99 00:03:37,800 --> 00:03:40,110 and malicious software does make it 100 00:03:40,110 --> 00:03:41,870 into the official stores as well. 101 00:03:41,870 --> 00:03:43,580 Here's a news article, for instance, 102 00:03:43,580 --> 00:03:46,990 that shows how Google had to pull 13 different Android apps 103 00:03:46,990 --> 00:03:49,077 that was installed over half a million times 104 00:03:49,077 --> 00:03:51,760 because they had malware in them. 105 00:03:51,760 --> 00:03:54,090 These apps were able to get into the store 106 00:03:54,090 --> 00:03:55,480 and have malware embedded in it 107 00:03:55,480 --> 00:03:56,917 and got past Google's security 108 00:03:56,917 --> 00:04:01,100 and were pushed out to half a million people's smartphones. 109 00:04:01,100 --> 00:04:03,730 So, just because you're getting it from the store, 110 00:04:03,730 --> 00:04:06,970 doesn't mean it's 100% malware-free either. 111 00:04:06,970 --> 00:04:09,540 They're using signature-based definition scanning 112 00:04:09,540 --> 00:04:11,500 just like most of the antivirus products are 113 00:04:11,500 --> 00:04:13,410 and if it's a zero-day vulnerability 114 00:04:13,410 --> 00:04:14,820 that's being exploited, 115 00:04:14,820 --> 00:04:16,360 these things can get through the store, 116 00:04:16,360 --> 00:04:17,920 so you still have to be worried about it 117 00:04:17,920 --> 00:04:19,450 even if you get it from the store 118 00:04:19,450 --> 00:04:21,600 but definitely you want to pull it from the store 119 00:04:21,600 --> 00:04:22,720 as opposed to just downloading it 120 00:04:22,720 --> 00:04:23,920 from a random website 121 00:04:23,920 --> 00:04:25,300 because you have a much higher chance 122 00:04:25,300 --> 00:04:26,800 of it being secure. 123 00:04:26,800 --> 00:04:29,330 In addition to that, we want to make sure 124 00:04:29,330 --> 00:04:32,200 that we have our defenses up when we're using our phone. 125 00:04:32,200 --> 00:04:33,550 Just because we're using a phone, 126 00:04:33,550 --> 00:04:36,090 doesn't mean we want to fall for phishing attacks 127 00:04:36,090 --> 00:04:39,080 or spyware attacks or any of those other things. 128 00:04:39,080 --> 00:04:41,260 So, we want to be careful with the sites we visit 129 00:04:41,260 --> 00:04:42,530 and the things that we click on 130 00:04:42,530 --> 00:04:43,710 because those are ways 131 00:04:43,710 --> 00:04:46,060 that you can have additional attacks coming at you. 132 00:04:46,060 --> 00:04:47,420 Just like your main device, 133 00:04:47,420 --> 00:04:50,790 you do have attacks coming at you all of the time. 134 00:04:50,790 --> 00:04:53,400 One of the unique ones that happens with your phones 135 00:04:53,400 --> 00:04:56,440 and your smartphones versus a traditional computer 136 00:04:56,440 --> 00:04:58,210 is some pre-texting scams 137 00:04:58,210 --> 00:05:01,200 that are coming through SMS or text messaging. 138 00:05:01,200 --> 00:05:03,210 I don't know about you but I get these things 139 00:05:03,210 --> 00:05:04,720 at least a couple of times a week 140 00:05:04,720 --> 00:05:07,260 where somebody will send a message through SMS 141 00:05:07,260 --> 00:05:09,660 with a link and they expect you to click on it 142 00:05:09,660 --> 00:05:11,970 and if you click it, your web browser will open it 143 00:05:11,970 --> 00:05:13,550 and malware will be installed, 144 00:05:13,550 --> 00:05:14,700 so always be careful 145 00:05:14,700 --> 00:05:17,010 and look out for those type of social engineering 146 00:05:17,010 --> 00:05:18,500 and pre-texting scams 147 00:05:18,500 --> 00:05:21,030 that can come to you through SMS. 148 00:05:21,030 --> 00:05:23,450 So, in conclusion, there's a couple of things 149 00:05:23,450 --> 00:05:24,340 that I want you to remember 150 00:05:24,340 --> 00:05:26,470 when we talk about mobile malware. 151 00:05:26,470 --> 00:05:28,720 Do not jailbreak or root your device. 152 00:05:28,720 --> 00:05:30,430 When you do that, you're bypassing 153 00:05:30,430 --> 00:05:33,150 the natural protections that your system has 154 00:05:33,150 --> 00:05:36,030 and that's going to make you more vulnerable to attack. 155 00:05:36,030 --> 00:05:38,600 Don't use custom firmware or a custom ROM. 156 00:05:38,600 --> 00:05:40,010 When you're using a custom firmware 157 00:05:40,010 --> 00:05:42,980 or a custom ROM, this is specific to Android users, 158 00:05:42,980 --> 00:05:44,350 you're using an alternate version 159 00:05:44,350 --> 00:05:45,640 of the operating system. 160 00:05:45,640 --> 00:05:47,930 It's been forked off the original source code, 161 00:05:47,930 --> 00:05:49,950 so when Google has something that's been patched, 162 00:05:49,950 --> 00:05:51,490 it doesn't necessarily make its way 163 00:05:51,490 --> 00:05:53,830 into those custom firmwares or custom ROMs 164 00:05:53,830 --> 00:05:55,576 and so, you're still going to be vulnerable. 165 00:05:55,576 --> 00:05:59,940 Also, only load official apps from the official stores. 166 00:05:59,940 --> 00:06:00,856 The reason for this, again, 167 00:06:00,856 --> 00:06:04,150 is because those have at least some quality control 168 00:06:04,150 --> 00:06:05,660 and some level of check 169 00:06:05,660 --> 00:06:07,570 before they're released into the public. 170 00:06:07,570 --> 00:06:10,810 And finally, always update your phone's operating system. 171 00:06:10,810 --> 00:06:12,750 Any time there's an update or a patch 172 00:06:12,750 --> 00:06:14,960 for your operating system, or your applications, 173 00:06:14,960 --> 00:06:16,330 you want to make sure you're installing it 174 00:06:16,330 --> 00:06:19,193 because that's going to patch up the known vulnerabilities.