Musings on Mobile Security

Like almost everyone else in the world, I have a smartphone. In my case it’s a Palm (now HP) Pre. It’s fun to use, and it’s pretty useful–it lets me check my e-mail, surf the web and play Angry Birds. And, of course, it’s a phone too.

But what would happen if I lost it? Or somebody stole it? How much trouble would I be in? I don’t keep my social security number or driver’s license number on it.  I do have my bank account numbers in a Memo. And, of course, it is attached to my various e-mail accounts (Wayne Connect, Gmail, AT&T), so anyone who found it could read my e-mail. They couldn’t find my passwords (I have different ones for my Wayne account and the other two) because they are not accessible, but they could send messages from my account, look at my calendar and my contacts. Is this a risk I’m taking? Sure it is, although I’m careful never to put really sensitive material in my phone.

I do access sensitive websites occasionally (such as Wayne Connect through the web browser), but I have to type in a password, and I don’t allow the Pre to store the password and fill it in automatically.

So recently I’ve been experimenting with locking my phone. Now, whenever I turn it on I have to type in a four-digit PIN before it will give me access to the rest of the phone. You can make emergency calls without a PIN, incidentally. And when the phone rings you can answer it without the PIN too.

I have friends with BlackBerries, iPhones and Droids, and they all have the same characteristics. On the Pre it’s on the utility called ‘Screen and Lock’, and it allows you to choose either a password or a 4-digit PIN number. Here’s what the screen looks like:

On the iPhone it’s under Settings > General > Passcode Lock.  The passcode screen looks like this:

On the Droid it’s under Settings > Location and Security > Security, and you can choose either a PIN number or a swipe pattern:

So, should you lock your phone? As I said, I’ve been keeping mine locked for about a week, and it’s not too obtrusive. How much of a risk am I running? I have no sensitive university-related data on my phone, and I could probably password-protect my memos and not bother otherwise, since nothing else is risky. I’m not sure where I’m going to go with this, and am interested in others’ thoughts on this. What do you do? What do you think you should do?

Beware of wanye.edu!

Many folks got a phishing attempt today, trying to lure them to a fake Wayne website. It looks pretty good:

Clever copy of Webmail Log-in screen
Clever copy of Wayne Connect login screen

It’s a phishing attempt, of course. Don’t click on the link (note that the link is mis-spelled, which it would have to be. If they spelled ‘wayne’ right, your click might have gone to the right place, not theirs.)

Cool Ways to Handle your Wayne Connect E-mail

It has been a long time since I’ve blogged, and I thought I’d get back in the saddle by writing something about cool things you can do with our e-mail system.
I have used the web-based version of Wayne Connect since it first came out, but I am continually learning new tricks and shortcuts, and I’m going to share some of them with you here.

With Wayne Connect, (which is based on the Zimbra e-mail program, also underneath AT&T and Yahoo’s e-mail programs) the main thing to remember is that there is no real need to carefully manage and husband your e-mails. With 10 gigabytes of storage most people can keep five or even ten years of e-mail in the system and be able to access any specific message within a few seconds, because the program comes with very powerful search tools. If you are used to desktop client e-mail programs such as Outlook or Thunderbird you will find the web-based Wayne Connect system equally powerful, once you learn how to run searches quickly.

The key is to use the search box at the top of the window:

You can write simple text in here, and it will find all e-mail messages with that text, even if the text is in an attachment (assuming the attachment has text and isn’t a graphics file such as a jpeg or certain kinds of pdf’s).
In addition, if you use mailboxes you can add a restriction only to look in certain ones by typing
in: and clicking on whatever mailbox shows up in the list.
Furthermore, if you are looking for a message from some person, you can add from: and the name of the sender.
For example, suppose that I want to find all messages from my friend Mervyn that talk about laptops, but haven’t yet been filed to my Notabene mailbox. Such a complex search would look like this:

laptop in:Inbox from: mervyn

and the result (using my mail account) looks like this after you hit enter or click search:

You can add additional search terms as well. For example, if you type has: in the box it will offer to look for attachments, phone numbers or url’s contained within all messages. So if you want Suzie’s phone number, and you remember that it’s in a message that Sam sent, you can search as follows:

from:Sam has:phone

You can also search all your mail (all 10 Gigs of it) by status. Say you want to see all unread e-mail from President Obama (perhaps something’s nagging your conscience). You can use the is: parameter, as follows:

from:Obama is:Unread

Notice that the program offers many other ‘status’ options besides ‘unread’. Just click on one to find it.
There are many other cool things you can do with the Wayne Connect interface, and I’ll write about some more in a subsequent blog entry.