Coleman Technologies Blog

No one wants to lose their phone, but it does happen. Whether you’ve left it somewhere or it has clearly been taken, you need to know how to respond to this situation. In this week’s blog, we will give you some tips on what to do if your phone has gone missing.

Your phone isn’t just your phone. They contain every contact we have, all of our correspondence, your payment card information, your banking details, and about everything personal you could possibly imagine. So losing it or having it stolen is a big, big deal. First, you should try to find your phone.

Find Your Phone

If you think that maybe your lost device isn’t the result of theft, you can first retrace your steps and have someone try to call it. Most cell providers can help if you are one of the people who keep your phone on silent and play a loud noise to help you locate it. If this helps you find it, great; if not, it’s time to take it up a level. Both Apple and Android offer a location program that can track lost or stolen phones. You’ll need to set up this feature prior to having your phone go missing, but since there is a good chance that you paid over $1,000 for a new flagship smartphone, it should be one of your first actions when you get the phone home. 

Hopefully, after using the find my phone feature, you will find that you left it someplace and can simply go retrieve it. If that’s not the case, you need to take immediate action to keep your life from being upended completely. Here are some things you should do if you find that you aren’t going to be able to retrieve your phone. 

Cancel Your Service for that Particular Device

The first thing you are going to want to do is call your service provider from another phone and tell them the situation. They will work to shut down service to the phone. They will also help you deal with the situation as you will need to get a replacement phone.

Deactivate Your Personal Accounts

You will need to work fast to deactivate your mobile accounts. You can choose to do this individually, or you can use the service on your phone to wipe everything from the device. This is the best-case scenario when your phone goes missing because it removes the possibility of someone gaining access to the accounts on your phone and making your life that much worse. Most mobile platforms back up your data to the cloud, so you won’t actually lose everything, but it keeps that information from being stolen. 

Change Your Passwords

Obviously, this is a time-consuming task, but you will want to go through and change all of your passwords to ensure that there is no unauthorized access to your accounts. While you should be changing your passwords every so often anyway, being forced to is a big deal and will take a lot of time and effort. 

Report It to Authorities

If you suspect that someone has made off with your smartphone, you will want to file a police report, even if you don’t think the police will do much about it. The more information authorities have regarding any crime that has been carried out, the better they will be about prevention in the future. Additionally, if you happen to have insurance that covers your device, many providers will require a police report to be filed. 

Report the Lost Device to IT

If you use the device for work, you have to immediately report the device lost or stolen if it is. Your IT department will then work to shut down access to work-related devices and can actually go so far as to wipe your phone if it hasn’t already been completed. 

Get a New Phone and Move On

It may be a traumatizing experience to lose your device since you, like many other people, depend so heavily on it, but the best thing is to ensure that you take care of a lost or stolen device and then move into a new phone as soon as possible. 

It’s going to take some work, but you will be back to normal in no time. Check back to our blog regularly for useful technology information that can help you manage the technology you use day after day.

As we begin, it is important that we acknowledge that the Android operating system has been granted FIDO2 certification. In other words, the FIDO (Fast IDentity Online) Alliance has given the Android OS their seal of approval in regard to the authentication standards that the Alliance has set.

What Does This Mean?

In very simple terms, any Android device running 7.0 or higher with the latest Google Chrome update installed can be used as part of a two-factor authentication strategy - more specifically, as a security key. This includes the support that FIDO2 offers for onboard fingerprint scanners as a means of identity authentication. Currently, this authentication standard is only supported by Android, with no indication of Apple devices incorporating it.

In no uncertain terms, this all means that passwords may soon be phased out.

Abandoning Passwords

Passwords have been the standardized form of authenticating one’s identity for quite some time, despite the potential issues that are present with them. How often have we seen just how many ways a determined cybercriminal has to obtain a password? Between insecure databases filled with credentials and unfortunately successful phishing schemes, millions of accounts have been exposed - and that isn’t even taking all the times an insecure password was guessed into account.

The biggest weakness that any password has is the fact that it can be shared at all, that someone other than the owner can use it. Over any other reason, this is why FIDO2 is likely to become as popular as it is expected to be. When was the last time you successfully shared a thumbprint with someone, after all? Furthermore, FIDO2 keeps all of the information that is pulled from its biometrics onboard the device, keeping it safe from being stolen on the Internet.

As an added bonus, FIDO2 won’t allow the user to input their fingerprint’s biometric data into websites that don’t have sufficient security measures in place.

How to Use Your Android Device as a FIDO2 Security Key

In order to leverage your Android device as a security key, you need to make sure that it meets a few benchmarks. First and foremost, you’ll need to be running at least Android 7.0, with the latest version of Chrome installed. You will also need to have Bluetooth activated, and a Google account with two-step verification enabled.

This is somewhat simple to do. Logging into your Google account, access the Security section. Here, you’ll find the option to activate 2-Step Verification. After a short process, your smartphone will work as a security key.

Authenticating Google Sign-Ins with Your Phone

As long as you have enabled both Bluetooth and Location on your mobile device, any Google service you try to access will prompt you to confirm the sign-in attempt via your phone. This process is exceptionally simple - all you have to do is press Yes on your phone and wait. Once you’ve done so, you can confidently access your Google account, securely. As more developers adopt FIDO2, this enhanced security will only appear more often.

What do you think of this new authentication method? Share your impressions in the comments! While you’re there, let us know if there are any other tips you’d like us to cover!

Google’s Project Zero team has discovered 18 zero-day vulnerabilities impacting the Samsung Exynos modems—four of which enable remote code execution. Let’s talk about what this issue does, and what needs to be done to minimize risk.

These Threats are Severe and Need to Be Addressed

Without going too far into the weeds, some of these vulnerabilities—which, in addition to mobile devices, were also identified in wearables and vehicles—can be carried out with the attacker only knowing the target’s phone number and can give the attacker access to the device with no need for the target to provide access. In fact, a vulnerable device could be compromised without the target even being made aware.

Samsung’s list of impacted devices includes:

• Samsung mobile devices, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
• Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series
• Google’s Pixel 6 and Pixel 7 series

Plus, any wearables that use the Exynos W920 chipset and vehicles with the Exynos Auto T5123 chipset are also impacted. It is also important to note that this is by no means an exhaustive list.

Patches Aren’t All Available as Of Yet, But There is a Fix

Because this issue impacts devices from so many vendors and manufacturers, patches aren’t necessarily available for everything that is going to be impacted. However, you should disable Wi-Fi calling and Voice-over-LTE to prevent the threat, and update your devices when patches are released.

For most of the common smartphones, like the recent Google Pixel phones and Samsung Galaxy phones, these updates were pushed out in the March security patch. If you own these devices, you need to make sure you apply these updates because not doing so will leave your device extremely vulnerable to attack.

We’re Here to Help You Manage the Complicated IT Businesses Require

Reach out to us for any assistance needed with implementing these fixes, or any of the rest of your IT. Call us at (604) 513-9428 today for help.

Excessive Permissions

Data security is a priority for many people, but even amongst them, mobile applications often aren’t even considered a potential threat to their data. While you should ever only download applications from an official application store, some attacks can potentially slip through the vetting process to be distributed via these means. Therefore, it is important to carefully consider every application you have installed and the permissions that each one demands. If these permissions seem excessive for the application’s needs, reconsider if the app is necessary to use (chances are, it isn’t). This helps protect you against the tactic that many cybercriminals use: getting a harmless app to the store, and then turning it malicious with an update once it is downloaded.

Rapid Battery Loss

Buckle up, it’s time for a lesson in physics.

According to the first law of thermodynamics, there is a set amount of energy present in the universe. Energy isn’t created or destroyed; it is simply transferred in different forms from one thing to another. This is important to our point.

Have you ever set your fully charged phone down, not touching it or interacting with it at all, only to later pick it up and find a significantly lower charge? While the technology behind the battery isn’t perfect, the amount of energy lost should not be that extreme. Your phone may be infected with malware, which uses your phone’s battery as it operates in the background processes. Check your battery settings to see which applications are using more power than they should be.

Sudden Password Changes

Let’s say that you type in the password to one of your accounts, and it bounces back labeled as incorrect. Fair enough, everyone makes mistakes. However, if this keeps happening, and you know that you’ve entered it correctly, there’s a good chance that your account has been infiltrated and taken over.

To resolve this, you’re going to have to reach out to the company and reclaim your account, if possible. Whether or not your account can be retrieved, you need to change the passwords for all the others too, just to be safe. Keeping to password best practices and restoring your device from a recent backup to clear out any lurking malware, are solid practices.

From your on-site infrastructure, to the cloud environments you’ve deployed, to the mobile devices your employees use, Coleman Technologies can help you manage your IT. Learn more about our many managed services by calling (604) 513-9428.

Screen Rotating Too Much? Lock It in Place!

How often have you been in the middle of doing something, only to shift your phone’s position and have your screen switch orientation as it calibrates to what it assumes is what you are looking for? It doesn’t take long for this to get old, and quick.

Fortunately, Android 9 and later iterations have included a fix for this. In your System Settings, access Display and from there, Advanced. Here is where you’ll find the Auto-rotate screen option and the means to switch it off.

Samsung device users have a bit of a different process. This toggle can instead be found in the Quick Settings menu (the one that emerges from the top of your screen by swiping down twice). It includes an icon labeled Auto rotate, which you will want to switch to Portrait. This effectively disables Landscape mode from switching over unless commanded to in context.

Too Many Notifications? You Have More Options than “Yes” or “No”!

We’ve all been there before, too, and have had those applications that—if given permission to notify you of things—do so seemingly incessantly. Android has now made it very simple to adjust these permissions on the fly. Once you receive one of these annoying notifications, you can press and hold it to access a control panel. This panel can be used to either silence your notifications, or completely turn them off.

Has Your Phone Stopped Charging Well? Clean Up the Charging Port!

Debris that accumulates in your phone’s charging port over time can easily interfere with your device’s ability to charge. So, before you assume the worst and start budgeting for a costly repair job, why not try cleaning out this debris?

With extreme caution, take a toothpick or a cotton swab and try to tease out any junk that the device has collected over time. Then, try charging your device again and see if you have any more success in doing so. You may just find that your issue was little more than pocket lint, and not a problem with the hardware.

For more useful technology information, advice, and tips, subscribe to our blog!

The Stakes Are High
A lost smartphone is something that needs to be taken seriously nowadays. Not only is it an expensive device to replace, its contents could be considered priceless. Anything you’ve accessed via that phone (potentially including your finances and social media) is then at risk. If this device was used for business purposes, your data could be at stake if your device was stolen - and, if you used it as a part of a two-factor authentication measure, there goes your access to your network.

Clearly, this wouldn’t be a good thing.

This is precisely why Android includes a feature to help you find a device, should it ever be lost.

Auto-Location
On your Android device, you need to work proactively and enable a few settings.

In your Settings, you should be able to find a Find My Device option. Make sure this is turned on. Your Location should be set to High accuracy. Finally, you will want to enable Google to Use Location History. While this will diminish your privacy from the eyes of Google, it will make your phone that much easier to find.

To locate your device, you’ll then need to access the same Google account that is used on the device in question from a web browser. Google is able to give you a general idea of where the device was last located on a map, and even what Wi-Fi networks it is connected to. The Find My Device application can do the same thing if you have access to a second device.

Find My Device also allows you to remotely lock your device and display a message to help anyone who might find it get it back to you. Once you’re in the vicinity of your device, you can also command your device to ring. This command will override the volume settings, increasing the chances of it being heard.

If you truly believe that your device has been stolen, there is also the nuclear option: remotely wiping the device via Find My Device.

Keep in mind, in order for these features to work, you absolutely have to enable them on your phone first. Otherwise, you’ll be out of luck if the device ever goes missing.

Act Fast
It is also important to remember that these features will only work as long as the phone is on. Sure, you could still check for its last known location in Find My Device, but there’s no guarantee that it will still be there.

Finally, if you truly believe that your device was stolen, contact the proper authorities and give them everything you know.

With any luck, you’ll be able to find your lost phone lickety-split. While you’re here, take a look at some of our other blogs, where you can find other handy tricks and useful information, courtesy of Coleman Technologies.

WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.

What is YoWhatsApp?

YoWhatsApp is an unofficial version of WhatsApp that users can download and install on their smartphones. The developers claim it offers the ability for users to lock chats, send messages to unsaved numbers, and customize the look and feel of the application with various theme options. There are other unofficial WhatsApp versions out there with similar enhancements.

This sort of thing isn’t new. Ever since the early days of instant messaging software, developers have been building “enhanced” versions of popular messaging applications. Back in the early 2000s when AOL Instant Messenger was popular, there were several unofficial versions that offered additional features that removed ads, allowed more anonymity, and offered more features than the source material. However, using these third-party versions often came with some risk—sometimes they contained malware or made your account less secure.

This definitely appears to be the case with YoWhatsApp. 

What Are the Risks of Using an Unofficial Version of WhatsApp?

According to a recent Kaspersky Report, YoWhatsApp distributes Android malware known as the Triada Trojan. The same was discovered last year with FMWhatsApp, another modified unofficial version of the application.

Triada gains control over your SMS messages, and can enroll its victims in paid subscriptions without their knowledge and impersonate them, sending spam and malicious content to others from their phone number.

This, in turn, can then affect users who actually use the official versions of WhatsApp. 

While, as far as we know, WhatsApp is generally a safe application to use, the various third-party versions are not.

Understand What You Install

The concept of third-party developers creating unofficial “enhanced” versions of popular software isn’t anything new. It isn’t always a risk either, but you need to consider that unofficial versions aren’t usually as supported or secure as the official ones. If someone made a variation of Microsoft Outlook that offered some new features that the original didn’t have, and then Microsoft found and patched some vulnerabilities in their original version of Microsoft Outlook, it would be up to the third-party developer to also patch and update their version. You can’t really rely on that. You also need to consider that cybercriminals will go to great lengths to extort money from a wide set of users, and that includes building a “better” version of a popular app and paying to run ads to get users to download it and install their ransomware.

Whenever you install anything on your PC or smartphone, be sure to check to see if you are getting it from the official developer. If you aren’t sure, take some time to do a Google search, or reach out to Coleman Technologies to have us help you. It’s better to be safe than sorry.

For the longest time, smartphone manufacturers looked to develop devices that came with unique features in all different manners of form factors. Nowadays, however, there are very few phone manufacturers and those that are left have pretty much decided, for now, what the smartphone would look like. Even the ones that fold in half look and function pretty much the same. In this week’s blog, we will take a look at the declining innovation in the smartphone market and why it may not be a bad thing.

The Smartphone

The smartphone is the most important computer ever developed. Users are so connected to their smartphones today that there is an official phobia explaining the fear of going without their phone, called nomophobia. People depend on their smartphone more than many of the people in their lives.   

In many cases, smartphones hold people’s personal and professional lives together. They allow people to interact with their friends and family at the touch of a button and they provide an outlet for people to do more than they would otherwise be able to do. With so much at stake, it would stand to reason that smartphone manufacturers would be pushing the proverbial envelope when it comes to innovating the features on their devices. 

They just haven’t, and there are a few reasons why. Let’s take a look at a few:

We Already Have the Basics

For years, companies added tons of new stuff—like better cameras, faster processors, and brighter screens. Now, most phones already do everything we need really well, so there’s not much new to add.

Small Changes Don’t Feel Big

Each year, phones do get a little better, but the improvements are so small that most people don’t notice a big difference. For example, a camera that goes from 40 to 50 megapixels sounds like a lot, but it doesn’t make photos that much better to our eyes.

Almost Everyone Has One

Nearly everyone who wants a smartphone already has one. So instead of trying to make brand-new phones every year, companies focus more on making their apps and services (marginally) better, which doesn’t feel as exciting as a new gadget.

Tech Limits and Costs

Some new ideas—like foldable screens or cameras that hide under the screen—are still super expensive or hard to make strong enough. Since these are tricky to build, not everyone can afford them yet.

Better Software and Services 

Now that the hardware (like screens and cameras) is pretty good, companies are putting more energy into making software better. They add new features through apps, like cool photo editing or ways to connect your phone to other devices.

Are smartphones smart enough? Do they do everything you need them to do? What else of value do you think they could do that would get you to immediately upgrade? One thing is for certain, they aren’t going away anytime soon. For more great technology content, stop back to our blog on the regular.

Many of the largest-growing smartphone manufacturers set their eyes on untapped markets in Africa, the Middle East, and southeast Asia. Regardless, the smartphone market has now showed negative growth for four consecutive fiscal quarters and the manufacturers are feeling the heat. The new flagships show off how the world’s most successful smartphone manufactures plan on altering their market’s forces. The new flagships include:

Apple iPhone XS Max
The world’s most profitable company’s newest flagship smartphone looks a lot like last year’s, but there are some major upgrades made to this year’s version that you may not be able to miss out on. The iPhone XS Max features Apple’s new A12 Bionic chip that improves device performance by 15 percent and a vastly-improved neural engine that accelerates machine learning on the device.

The newest iPhone has a 6.5-inch edge-to-edge display built on an aluminum chassis. The back of the device is all glass and comes with two separate 12-megapixel (MP) cameras. There is a single 7 MP camera on the front. The iPhone XS Max’s Battery is a 3,174 mAh that has an endurance rating at 78 hours. With a hefty price tag of $1099.99, consumers are paying a premium price for a premium device. It is available on all major carriers in Pace Gray, Silver, and Gold.

Specifications
Build - Stainless Steel with Glass Front/Back
Display - 6.5” Super AMOLED with ~458 ppi
Chipset - Apple A12 Bionic
Memory - 4GB RAM
Storage - 64/256/512 GB
Software - iOS 12/iOS 12.1
Cameras - 12 MP (26mm); 12 MP (52mm) with 2x optical zoom and optical image stabilization; 7 MP front-facing
Battery - 3,174 mAh (78 hours)
Additional Features - Face ID

LG V40 ThinQ
The newest LG flagship, the V40 ThinQ builds on what was LG’s best-reviewed smartphone to date: the LG V30. The V40 ThinQ offers users a 6.4-inch display that is inline with the other devices on this list. Their OLED display sets the standard for any LG-manufactured device and the build quality, a problem LG has had over the years, is premium.

One of the major upgrades of the LG V40 ThinQ is its camera setup. The device comes with two 12-megapixel cameras (one wide angle and one telephoto), as well as a 16 MP ultra-wide-angle lens. The camera app features a ‘triple-preview” that does exactly that: provides an active look through all three lenses so the user can choose which one works best. At $900, it is at least a hundred dollars cheaper than the Samsung or Apple flagship. It is available on all major carriers and can be had in New Platinum Gray, Carmine Red, New Aurora Black, and New Moroccan Blue.

Specifications
Build - Aluminum with Glass Front/Back
Display - 6.4” P-OLED with ~537 ppi
Chipset - Qualcomm Snapdragon 845
Memory - 6 GB RAM
Storage - 64/128GB, microSD up to 512GB
Software - Android 8.1 Oreo
Cameras - 12 MP (27mm) optical image stabilization; 12 MP (52mm) with 2x optical zoom and optical image stabilization; 16 MP (16mm); 8 MP (26mm) and 5 MP (21mm) front-facing.
Battery - 3,300 mAh (64 hours)
Additional Features - Rear-mounted fingerprint scanner

Samsung Galaxy Note 9
Samsung has been making upper-crust mobile devices for much of the past decade, and the Galaxy Note 9 is no different. The Note 9 is made from aluminum and a whole lot of glass, Gorilla Glass 5 to be specific. On board it has a Qualcomm Snapdragon 845 and up to eight gigs of RAM and 512GB of storage space. There are many Ultrabooks that don’t have those specs.

Running on Android 8.1 Oreo, the Note 9 features two 12 MP camera lenses and an 8 MP front-facing camera. With a 4,000 mAh battery, the Note 9 seems to outpace the rest of this year’s devices in battery life and sustainability. With available colors including Metallic Copper, Lavender Purple, Midnight Black, Ocean Blue and Pure White; and, availability on all major carriers, the Note 9 can be found for $1000.

Specifications
Build - Aluminum with Glass Front/Back
Display - 6.4” Super AMOLED with ~516 ppi
Chipset - Qualcomm Snapdragon 845
Memory - 6 or 8 GB of RAM
Storage - 128 or 512 GB of onboard storage and microSD up to 512 GB
Software - Android 8.1 Oreo
Cameras - 12 MP (26mm); 12 MP (52mm) with 2x optical zoom; optical image stabilization; 8 MP front-facing
Battery - 4,000 mAh (97 hours)
Additional Features - Samsung S Pen, rear-mounted fingerprint scanner, iris scanner.

Huawei Mate 20 Pro
Huawei isn’t the type of manufacturer that is typically on a list like this. This is because the company has run into hot water with some in the west who believe that the stake that the Chinese government has in the company is a security threat to users. Whether you believe that or not, Huawei sure has made an impressive phone with the Mate 20 Pro.

Created with a Kirin 980 octa-core processor that comes in at seven nanometers, Huawei has built the Mate 20 Pro with a 6.4-inch AMOLED display, 6/8 GB of RAM and 128/256 GB of storage space. The 4,200 battery provides some of the strongest high-usage results of any manufacturer, but like the LG V40 ThinkQ, it comes with three rear-facing cameras. One is a powerful 40 MP fixed wide-angle lens, another is a 20 MP ultra-wide-angle lens, and the other is an eight MP telephoto lens with a 5x optical zoom. It’s also the first device from a major manufacturer to have an in-display fingerprint reader. It may be difficult to find in the U.S., but for those who can, it comes in Emerald Green, Midnight Blue, Twilight, Pink Gold, and Black, and can be had for a hefty lot of $1,100.

Specifications
Build - Aluminum frame with Glass Front/Back
Display - 6.4” AMOLED with ~538 ppi
Chipset - HiSilicon Kirin 980
Memory - 6/8GB RAM
Storage - 128/256GB with Nano Memory slot up to 256GB
Software - Android 9.0 Pie, Huawei UI
Cameras - 40 MP (27mm); 20 MP (16mm); 8 MP (80mm) with 5x optical zoom and optical image stabilization. Front facing 24 MP.
Battery - 4,200 mAh (85 hours)
Additional Features - Face ID, In-display fingerprint scanner, Qi wireless charging broadcasting, 40-Watt fast charging

Google Pixel 3 XL
The Pixel 3 XL has a crystal clear, OLED display that comes in at 6.3-inches. Currently, the Pixel 3 XL runs Android’s newest OS, 9.0 Pie. The Pixel 3 XL picks up where the Pixel 2 XL left off in terms of camera functionality. Largely lauded as the best camera on any smartphone, the Pixel 3 XL is great for content creators and consumers, alike.

The Pixel 3 XL is available in White, Black, and Not Pink; and has a few neat features that aren’t found on many other phones. With a price tag that is at least $100 less than its direct competitors it will be a popular choice for the next year.

Specifications
Build - Aluminum with Glass Front/Back
Display - 6.3” P-OLED with ~523 ppi
Chipset - Qualcomm Snapdragon 845
Memory - 4GB RAM
Storage - 64/128GB
Software - Android 9.0 Pie
Cameras - 12.2 MP (28mm) with optical image stabilization
Battery - 3,430 mAh (69 hours)
Additional Features - Rear-mounted fingerprint scanner, squeeze to call Google Assistant, Call screen feature, Flip to quiet notifications

Smartphones continue to be a major part of people’s lives. As long as that continues, expect manufacturers to keep improving their best devices every year. What smartphone do you use? Would you consider getting one of these flagship devices? Leave your thoughts in the comments.

Let’s go over a few key practices to successfully using MDM to your business’ benefit.

What is Mobile Device Management?

Mobile device management is the application of software solutions that allow you to implement policies that control how users can access your business’ data. This enables your business to improve its data security while implementing a Bring Your Own Device policy.

If you are currently considering implementing an MDM solution, here are a few best practices to keep in mind as you make your selection:

Comprehensive Compatibility

Some people are fans of Android, while others will pick iOS whenever they have a choice. To successfully implement MDM, both platforms need to be supported. You should also be sure that your solution can differentiate between an employee-owned device and one that is property of your business and be able to adjust its policies accordingly.

Device Tracking and Management

On the off chance you have to let an employee go, you don’t want your BYOD strategy to leave you vulnerable to retribution. A good MDM solution will allow you to review what a device has access to, and to remotely revoke that access as necessary. As a bonus, these features make general device troubleshooting much simpler as well.

Security in Your Control

While your business’ security is obviously a priority for you, your team probably won’t think about it as seriously as you will… despite it largely being their responsibility. They might just assume that the chances of something happening are so low, they can cut a corner or two. Instead of convincing them that they’re mistaken, an MDM solution allows you to set the acceptable benchmarks for your security. This enables minimum password requirements, encryption, remote wiping capabilities, and other utilities.

Comprehensive Backup

If you’re allowing BYOD in your business, there’s a good chance that some of your business’ data is spread out amongst several employee devices. Should something happen to that device, you could easily lose this data. Protecting this data is as simple as backing it up to the cloud.

For more information about mobile device management, or any of our other IT services and support options, give Coleman Technologies a call at (604) 513-9428.

Why Mobile Security is So Important in the First Place

Consider the capabilities of our mobile devices today, as compared to those that were considered high-end before Apple premiered the iPhone in 2007 (Not to discredit all the classic PDA/smartphones that came before the iPhone, like the Palm Trio, the Blackberry, and the line of super cool HTC Windows phones, but general consensus feels that the big shift in mobile computing really started with Apple). The difference is staggering. While those devices that are affectionately referred to as “dumb phones” certainly can contain sensitive data, it is effectively nothing compared to what a smartphone can access.

Applications for money management, shopping, medical data, and so many other examples of personal information currently reside on today’s mobile devices—which is precisely what makes the security that protects these devices so important. The authentication method that a user can confirm their identity through is just one example of this security.

The Best Options, and the Worst Options

The various methods that are available to users now each offer their own method of maintaining security, presumably for the user’s convenience. However, as we have established previously, not all these authentication methods are equally good.

Let’s review your various available options and see how their differences make some a better solution than the others.

Passcodes/PINs/Passwords

These authentication measures are effectively the baseline security on any mobile device, as they also protect the device from other forms of authentication being added without approval. While these security measures are by no means impassable, they form the foundation for any decent security measures if used responsibly.

Of course, we do have to address the inherent weaknesses that these authentication requirements present. Most of these weaknesses are derived from the user responsible for setting them up. For instance, a 2012 study demonstrated that most people used PINs that either represented personally important years, simply repeated digits, or heavily featured the number “69.”  Also prevalent, numbers that are simple to type: 1234, 7890, and so on. Another research study revealed that the benefits on a six-digit PIN were negligible as compared to a four-digit PIN, as the added length provides a false sense of security and winds up encouraging less-secure PINs in general.

Of course, passwords are also an option (and a stronger one to boot) if the user has the patience to retype their password each time the device locks. The consensus is that these authentication measures are the most secure option currently available.

Biometrics

Improved hardware and software now allow users to effectively use their own bodies as the key to their mobile devices, as biometric authentication is now incorporated into many mobile devices. Of course, the efficacy of biometric authentication isn’t universally consistent—some methods are simply more secure than others are.

Fingerprint Sensors: Most smartphones will have fingerprint-detection capabilities for some time, some projections seeing up to 90 percent of devices incorporating these tools by 2023, while 95 percent of phones had such a sensor in 2018.

There are various technologies in play that power these sensors, with varying security efficacy. For instance, Samsung devices are beginning to include sensors under the screen, which create a three-dimensional image of a fingerprint. While this makes them inherently very secure, screen protectors have been shown to bamboozle them, potentially allowing any fingerprint to unlock them. Furthermore, fingerprints can potentially be harvested from surfaces and transplanted to a device, so properly training your device to your unique fingerprint is crucial.

Iris Scanning: The prevailing opinion is that iris scanning is the most secure form of biometric authentication, as fingerprints aren’t as unique as a person’s irises are. Some phones feature these capabilities, but they may not be as popular, as scanning the iris can take a little longer simply because the user must look directly at the sensor for it to work.

Facial Recognition: Many manufacturers have begun to phase out fingerprint sensors for facial recognition options, especially as full screens have grown in popularity. With appropriately captured reference data, decent facial recognition software can simplify the unlocking process significantly.

However, the quality of the software and the images it uses for reference can cause some issue. Poor-quality images—like those with excessive glare—can make it easier for an attacker to make it past the lock, not to mention make it more challenging for the user.

Pattern Passwords/Knock Codes

Finally, many Android devices have the option to designate a pattern on a 2x2 or 3x3 grid that must be tapped correctly to unlock the device. Studies have shown that this method is by far the least secure of the authentication requirements, as it becomes far easier for an attacker to figure out the user’s chosen pattern.

For instance, in one study, researchers discovered that a full 65 percent of the 351 participants selected a code that began at the top-left square and immediately proceeded to the top-right, presumably influenced by Westernized reading patterns. Larger grids encouraged shorter patterns, and the data collected during the study revealed that some patterns were commonly adopted:

1. An hourglass: top left, top right, bottom left, bottom right, top left, top right
2. A square: Top left, top right, bottom right, bottom left, top left, top right
3. The number seven: Top left, top left, top right, top right, bottom left, bottom left

Proving patterns are an even worse method, these researchers also observed that knock codes were more easily forgotten, with about 10 percent of participants having forgotten theirs by the end of the 10-minute study, and their five-second entry time being slower than the 4.5 seconds needed for a PIN.

Make Sure Your Mobile Device is Secured

With our mobile devices playing such a huge role in our personal and professional lives, their security needs to be prioritized, with only the most secure methods protecting them.

For assistance in managing your security, from your in-house business solutions to the devices your employees use each day, reach out to Coleman Technologies. Our team can assist you in implementing the technology you need while educating your employees on the importance of secure practices. Give us a call at (604) 513-9428 to learn more.

Chances are, you’re all too familiar with exactly the kind of scam I’m describing. The one that makes the Do Not Call List sound like wishful thinking, that makes it look like someone from your area - or even your contacts list - is trying to reach you.

Chances are, you’ve answered one of these calls, only to hear silence, broken after you say “Hello?” As soon as you do, a (likely prerecorded) voice launches into its tirade, being a nuisance and bothering people.

Chances are, you may have even received angry phone calls from people you’ve never met, let alone called, claiming that your number has been the source of repeated calls just like these.

You aren’t alone.

Unfortunately, the scammers responsible are talented at skirting rules and regulations.
Calls like these have been harassing users for quite some time, simply because the scammers understand how to cheat and find loopholes. This is all despite the efforts of regulatory bodies like the FCC (the Federal Communications Commission).

In November of 2017, the FCC enabled telephone providers to block calls that were presumably fraudulent. This was based on many factors, like the calls coming from invalid numbers or numbers with no service provider attached.

However, the rules outlined in the 2017 Call Blocking Order weren’t enough to stop scam robocalls for long.

Now, we all have had to deal with the huge nuisance of neighbor spoofing. Neighbor spoofing has almost certainly affected you directly, and if you’ve been lucky enough to avoid it, it’s happened to someone you know.

But you may be asking, what is neighbor spoofing?
If your phone rang, and you have caller ID enabled, you’ve probably developed the habit of checking the number before you answer it - after all, a local number is probably safe to pick up.

Neighbor spoofing has made it so that assumption is no longer the case.

Instead of using a fake number to call their targets, scammers using neighbor spoofing will actually use someone’s real number to call someone relatively nearby - sometimes literally next door. If you’ve ever received an angry phone call from someone demanding an explanation for someone with your number repeatedly calling them and harassing them, your number just so happened to be the one that these cybercriminals spoofed.

There have even been reports of people receiving calls from their own number, claiming to be from the phone company as an attempt to “verify a hacked account.”

Neighbor spoofing is also a very effective method for scammers because it can bamboozle the automated protections already in place to stop scam calls, just like it fools the targeted phone’s user. This also keeps the Do Not Call list from affecting these scammers’ attempts (as if it ever stopped them before).

Additionally, many apps may add some unwanted complications, even if they are effective.
There are mobile applications available that are intended to stop robocalls from ringing your smartphone in the first place. One such application, the aptly-named RoboKiller, does this in two ways. First, RoboKiller references a list of numbers identified as spam, and blocks these calls completely. Second, it uses a patented analysis of the call’s audio fingerprint to compare it to those of other spam calls. Regardless of the number it appears to come from, RoboKiller can identify if it is a match to a known attempt.

You’ll only know that you were targeted after you read the notification that RoboKiller provides.

Meanwhile, RoboKiller responds to the scammer with a time-wasting prerecorded message. You can then review the calls that RoboKiller blocked by opening the app on your phone. There, you can listen to a recording of blocked calls to determine which calls were spam, and which were legitimate attempts to reach you. From there, you can whitelist a number by pressing the Allow button.

Users of RoboKiller can also add numbers to their list of permitted callers to allow them to come through. RoboKiller is a subscription-based application that charges $2.99 each month ($24.99 for an annual subscription), which may be seen as a relatively low cost if you’ve received enough of these calls.

As RoboKiller states on their website, “With RoboKiller, you don’t stop neighbor spoofing. You take action in the fight against the robocall epidemic.”

However, this approach isn’t without some worries.

For one, consider the cost of admission for this app. Yes, $2.99 may seem like a bargain if you have a smartphone, but what about all the people who still don’t? Furthermore, many mobile users today are of older generations, and may not understand how to work the application (or again, may not have a device that is compatible with the app). Yet, these worries may not be necessary for long.

Both the government and the telecom industry have had enough.
It wasn’t long after the 2017 Call Blocking Order was released that the attorneys general from a full 40 states came together to form the Robocall Technologies Working Group. This is a bipartisan commission intent on collaborating with service providers to learn about robocalling technology with the ultimate goal of stopping it.

On October 8th, the attorneys general of 35 of those states signed a letter to the FCC stating that the efforts of law enforcement had not and would not be sufficient to stop abusive scam attempts and robocalls. In this letter, the attorneys state some chilling facts:

• 30.5 billion illegal robocalls were made in 2017 alone, up from the estimated 2016 total of 29.3 billion.
• Estimates have placed the total calls made by the end of 2018 to be somewhere near 40 billion.
• Phone scams allowed cybercriminals to steal an estimated $9.5 billion in 2017.
• August of this year saw 1.8 billion scam attempts in the 4 billion illegal robocalls made that month.

Facts like these only highlight the pervasiveness of these scams, and how important it truly is to eliminate them as much as possible. In fact, the Federal Communications Commission has gone on the record to demand that mobile providers figure out a standardized system to help prevent these calls from reaching mobile users, echoing the demands made by the attorneys general.

This system would rely on call authentication to ensure that only legitimate calls would make it though, and that spoofed calls would be caught by requiring all calls be verified as coming from the correct source.

Not only did Commissioner Ajit Pai release a statement to the press demanding that this system be created, he sent a letter to 14 telecom CEOs, including AT&T’s John Donovan, Charter’s Tom Rutledge, Verizon’s Hans Vesterburg, T-Mobile’s John Legere, Comcast’s Brian Roberts, and Google’s Sundar Pichai.

Pai demanded that these changes be ready to deploy in one year, giving telecoms a ticking clock to establish what they call the SHAKEN/STIR framework (Secure Handling of Asserted information using toKENs/Secure Telephone Identity Revisited). This move was met with the approval of the attorneys general, who went on to encourage the FCC “to implement additional reforms, as necessary, to respond to technological advances that make illegal robocalls and illegal spoofing such a difficult problem to solve.”

As the attorneys general said: “Only by working together, and utilizing every tool at our disposal, can we hope to eradicate this noxious intrusion on consumers’ lives.” Fortunately, this will also benefit the businesses that have been affected.

With any luck, we’ll only have to deal with the robocalling nuisance a little while longer. For assistance in keeping other scams from interrupting your business and putting it at risk, reach out to Coleman Technologies. We have the experience to stop the other threats you would otherwise deal with on a daily basis. Call (604) 513-9428 today.