Demystifying mobile encryption

2017 has seen celebrities including Holly Willoughby and Emma Watson become victims of hackers who have stolen private images off their phones and released them to the media. While these high-profile cases have solely focused on celebrities, the threat of having information stolen from your phone is real and can happen to anyone, regardless of their social standing. 

Smartphones are now viewed as a necessity in the consumer’s everyday life, with Ofcom revealing that 71 per cent of UK adults have a smartphone. Yet, despite this high figure, public knowledge on cybersecurity and encryption is lacking. Without the proper protection, a cybercriminal can access personal and valuable information on a smartphone, which can range from photos to bank account information.  

Mobile phones have become a gateway into our lives, and even if locked, you are often able to see messages, the types of apps a person has on their phone and the news they read. Once unlocked a whole wealth of information becomes available. However, this can be limited through greater encryption. 

What is encryption and why do we need it on our phones? 

Encryption is the science behind protecting information saved on an electronic device, which on a mobile phone would include photos, text messages, contacts and emails. It protects this information by scrambling the data into a format that cannot be read by computers or people without a key, such as a pin code or fingerprint scanner. The level of encryption on a device varies, with some manufacturers boasting a higher level of encryption than others.  

Apple, for example, only began encrypting iOS devices in 2014 with the release of iOS 8, which means that any device before this update can still be accessed by Apple if law enforcements present the company with a warrant. With iOS 8 and beyond, Apple can no longer bypass the lock and gain access to the data, meaning it can only be accessed with the device’s PIN. 

This was a key issue which came to a head with the legal case between Apple and the FBI over accessing the iPhone used by a shooter in the San Bernardino attack in 2016. Despite a U.S magistrate declaring Apple must build a tool for the FBI to access the iPhone (which Apple  resisted, from fear that the tool would end up in the wrong hands), the FBI and the Justice Department eventually found an alternative way to get into the phone and the case was dismissed. 

Different forms of breaches

Android also introduced default encryptions in 2014, but it wasn’t until the release of Android 6.0 Marshmallow in 2015 that Google started requiring manufactures to enable encryption on all devices out of the box. 

Whether you’re sending a text message to your partner or a confidential document to your manager, you most likely don’t want prying eyes to see any of your personal content. Text messages that aren’t encrypted can be picked up by a firmware, which acts as a radio receiver that can pick up even more messages. The full extent of the threat becomes evident when you realise 35 per cent of communication sent by mobile devices are unencrypted. 

Mobile security breaches can happen in different forms, from downloading malware-infected apps to hopping on a hacker’s faux wi-fi. Almost half a million Brits had their phone stolen last year. Poor passwords and weak security pins make accessing the phone easy work for criminals trying to steal data.  Outside resources are also something to be wary off - free wi-fi, charging stations and third-party apps should be treated with a degree of suspicion. One of the most recent examples of third party apps which have put users’ data at risk has been Pokemon Go. The viral sensation saw millions sign away their private data on the first version of the app. Before an updated version was released, the iOS app only gave new users the option to play if they agreed to give full access to all of their Google account information. This meant that Google could potentially ‘see and modify nearly all information in your Google Account’, according to Google.

One key aspect to also bear in mind when using your phone is the use of any connected devices and the supporting apps on your phone. If you use an IoT home security camera, for example, that’s linked to your phone, you will need to check that the camera has up to date security. Connecting to third party devices, such as a security camera, opens a new area of access for hackers, who would be able to gain access to your phone and camera feed through an unsecure camera. 

Basic encryption protects the information you directly input into your mobile and the information saved on the cloud, but has no bearing on the data stored on the phone. Encryption levels on devices are measured using Advanced Encryption Standard (AES).  Devices have different AES levels – a good benchmark to aim for is 256 AES, this is the maximum-security level available to consumers, and a standard that we have kept to in our debut UK mid-range mobile Genio.

Another point to be aware of is the varying AES levels that different countries adhere to, as some nations may wish to restrict the import of cryptography technologies. The data on your phone, when unprotected can be a very telling a danger if the information were to fall into the wrong hands. This is something we’re aware of at Macate which is why we’ve developed unique patented technology that automatically detects the user’s location to give the highest grade of encryption compliant to the country they are in, making travel more practical for those that want security peace of mind wherever they go.

In recent years, the dark web has exploded, with bitcoin allowing buyers and sellers to make transactions anonymously across borders without waiting for bank transfers. Research from Elliptic found that the UK has the third highest number of listings on the dark web for credit cards, with market places on the dark web selling stolen details making upwards of a few hundred million dollars a year. It is important to remember that these don’t have to be physical cards, but merely the numbers, which can be accessed through your phone’s e-wallet. Whenever you purchase something online, your payment details will be saved on your phone, and if not protected properly, they can be hacked and resold. 

While not everyone will need military standard levels of encryption, it is important to be wary of the information you share online and input into your phone. Ensuring that your passwords are different and changed regularly is essential, but to make sure your phone and its content are properly protected do some research into your phone’s encryption levels and make sure you have plugged any holes which would have let hackers into your phone. With cyber criminals on the rise, and hacking become a regular occurrence on a global scale, it is important to be vigilant in the protection of your personal data. 

Darren Gillan, Managing Director UK, Macate Group Limited
Image Credit: Sergey Nivens / Shutterstock