Skip to content ↓

Mobile devices: the new target for data theft

Millions of people now own mobile devices, so it's no surprise that cyber criminals have ramped up their efforts to steal data from them.

Cellphones, smartphones and tablets can hold personal data, including location, home or work address, contacts, email correspondence, SMS or text messages, passwords and other sensitive or risky information.

These devices are relatively easy to lose or steal, since we carry them in our pockets and bags. But that's not the only concern: data can be stolen even as you use your device.

Threats to data on mobile devices

There are multiple threats to mobile devices, but the two main ones are man-in-the-middle attacks and malware. They can capture a device's data in various ways and as a result threaten your identity and privacy — or carry out a scam.

Essential best practices

An aware user is a secure user. Regardless of the make or model of a device, or whether it's your own or one provided by an employer, keeping data secure comes down to how you use and maintain the device. Here are best practices for keeping your data safe:
  1. Install vetted applications. Before downloading an app, read the reviews. Don't allow applications from unofficial sources. Stick with legitimate sources such as the iTunes App Store, Google Play, or Amazon App Store. When installing software, always check the requested permissions on Android or read the pop-up notification on iOS, which may prompt you to share your location or contacts. This lets you know what the application is looking to do with the data it collects.
  2. Enable encryption. Lock your device with a passcode that encrypts the hardware and prevents a thief from being able to access the data when hooking it up to a computer. This option is only available on iOS 4.x and later (on the iPhone 3GS and later), and Android 3.x and later.
  3. Use tracking. You may be able to recover a lost device using mobile locating and tracking. Find out in advance if your device has this option.
  4. Enable remote wiping. Turn on your device's remote wipe service, if available. Then, if the device is lost or stolen, you can send a command remotely to erase the data on it.
  5. Use trusted WiFi. To protect against man-in-the-middle attacks, make sure you are using a trusted wireless connection. The most risky spots are hotels, coffee shops, and airports. Networks that are WPA2-encrypted are safe; this information usually displays in the Network connections window.
Need some pointers?

For more advice on playing it safe or for steps to lock, wipe, or track your device, visit the Mobile Device Ninja page within the Knowledge Base. Be sure to check out the new Mobile Device Security handout [PDF] at the top of the page.

If you still have questions about securing your device, send email to IS&T's Mobile Devices Team.

More MIT News