Online Tutorial: Phone Security

1.) Encryption

Encrypt your entire Operating System (OS). Phone encryption is the first line of defense for whichever phone you happen to use, ensuring that no one can even so much as turn on your device without the proper credentials. It is important to understand that encrypting your phone and setting a screen lock for it are not the same thing. It is also important to understand that, depending on the type of phone you have and who manufactured it, screen locks can be bypassed by 3rd parties – such as hackers – as well as through different back-doors found within various software applications/programs you’ve installed on it. Encrypting your phone on the other hand encrypts your entire operating system all at once, requiring password authentication for the phone to even boot up and power on in the first place – ensuring that no App, program or file can be exploited or corrupted to gain full access to your phone.

Depending on what type of phone you have, your settings might come with a built in feature allowing to encrypt individual Apps. If not, you can install a firewall application for that – more on this later on in the article. If you are unfamiliar where to find your phones encryption options, they are available in the “security” section under the main settings menu. Please note that it can take an hour or more to fully encrypt your phone, so it’s important to always begin with a fully charged battery.

Select an appropriate screen lock. Screen locks are a different form of encryption in a sense, ensuring that no one can use/operate your phone when you lose it, are away from it or leave it out in public. As far as how you set it up, there are 4 different options to choose from – each one having its pro’s and cons.

  • Password Lock. Users will be required to enter a unique password consisting of letters, numbers and symbols to unlock your device. Personally, I believe password protection to be by far the most secure of all options. However, for the same reason, it could be considered the most “inconvenient, because it requires the most amount of time/attention to enter every time you wish to unlock your device.
  • Pin Lock. Pin locks work exactly like password protections, only they exclude letters and symbols. Meaning that users will be required to enter a pass-code of random numbers in order to unlock your phone. For the very reason that pins exclude letters and symbols, they are a little less secure than passwords, exponentially decreasing the theoretical number of guesses it would take to crack/unlock your device.
  • Pattern Lock. I am finding that this is becoming the most “trendy” screen lock these days, simply requiring users to use their fingers to “connect the dots” and draw a unique pattern on the front of their screen before it unlocks. However, I find pattern locks to be less secure than some of the other options, because there is a much higher probability of successfully drawing a random pattern to unlock a device than their is guessing an advanced password or pin.
  • Biometrics. The newest “craze” is security is using your own fingerprints, eyes, face or facial expressions to unlock different devices. However, while these options may be the most convenient and fastest, they are also by far the least secure. I say this because multiple studies have proven how easy it is to trick biometric security measures, and often times the pictures off your own social media accounts are enough to bypass them.

Password/Pin protect your SIMor SSID card. It is important to understand that encrypting your operating system and setting a screen lock will do nothing to protect your data cards or memory chips, securing those is an entirely separate matter. So lastly, you are going to want to encrypt/password protect your SIM and/or SSID card. To do this simply enter into the security options within your phones main settings menu, find/select your memory chips and create a unique pin lock for them. This ensures that no matter where your memory chip goes or whatever phone/device it’s plugged into, no one will be allowed to access your contacts, photos, videos, messages, files or data without entering the correct pin code first.

If you would like help learning how to build strong and easy to remember passwords to encrypt your accounts/devices, please read more in the tutorial provided below.

How To Write Un-Hackable Passwords: https://roguesec.co/how-to-write-un-hackable-passwords/

2.) Firewalls

Some phones come pre-installed with various firewall options, but if yours does not then there is a sizeable number of firewall Apps to choose from. Firewalls are critically important to security because they allow users to seal off or block different Apps, limiting the possible points of entry for hackers or other 3rd parties. Depending on the type of firewall you select, you may also have the option to encrypt individual Apps on your phone, adding a 4th layer of encryption to your device while ensuring that even if someone is able to unlock it, they will not be allowed to use selected Apps without further permissions. This is particularly important/helpful if you utilize different types of chatrooms, group chats for work or VoIP services.

Perhaps most importantly, firewalls severely limit potential abuses of your phone. You can select different options to completely seal off individual Apps altogether, or seal off different settings/areas of your phone from outside sources.Not only does this prevent hackers from using selected Apps to compromise your phone, but at the same time it prevents App owners themselves and other 3rd parties from gaining access to your phone all the same. Firewalls also protect against unwarranted data collection of your phone, including call/text history and general phone usage. More importantly, building a strong firewall and sealing off selected Apps can free up memory space/data usage, both speeding up your phone and saving battery life. If there are Apps on your phone that you’ve never used a single day in your life, or you feel may be spying on you/invading your privacy, simply use your firewall to disable them altogether with the click of a button.

On a similar but side note, never blindly give every App different permissions just because they ask for them. For example, when first navigating a new phone you might find that you are regularly asked to allow different Apps to do random things, such as collect data or record audio/video. It might seem harmless, but think about it for a second. What the hell does the Google Chrome web browser possibly need to record audio for? The simple answer is it doesn’t, you are only being set up to have your phone hacked by authorities and/or law enforcement officials at a later date in time – should they ever feel the need. By checking these options and blindly granting permission to different Apps, your are secretly granting 3rd parties the permission to ‘flip the switch‘ so to speak and turn your phone into a spy/recording device whenever they want. So, don’t fall for it. There is literally no need to give different developers that much permission over your phone.

3.) Manage Security Certificates

Similarly, you should seriously check out the security certificates or “Trusted Credentials” list which came pre-installed on your phone. On my Android ZTE for example, my phone was handed to me with over 100 different security certificates installed on it, some of which grant different Government agencies/offices direct root access to my phone without requiring legal documents or warrants of any kind – no exaggeration. You might not have been told about this when you bought your phone, buy they are there. Just a short list of some of the organizations which have direct root access to my phone; China Financial Certification Authority, CyberTrust, Deutsche Telekom, Hellenic Academic Research Institute, HongKong Post, Japanese Government, VISA, TurkTrust,Wells Fargo, as well as countless other organizations operating under different Government umbrellas.

Thankfully though, you do have the ability to revoke these certificates/permissions if you like. Simply find where these certificates are under your settings menu and disable whichever ones you desire. Just note that disabling some of the most fundamental ones, such as those issues by your telecommunications provider, may break access to different areas of your phone – but this is always reversible.

4.) Internet Security & Antivirus

Most people are always surprised to learn that the same measures used to secure your computer can often times be transferred directly to your phone, this includes things like VPN’s and antivirus. For the purposes of this section of the article, I would like to discuss different measures you can install to help protect your phone and keep your data that much more private/secured.

  • VPN’s: I am not going to get into a breakdown of what VPN’s are and how they work, it is just important to understand that you can install and utilize a VPN connection on your phone all the same as a computer. If you already own a paid VPN account, simply install the service providers App on your phone and establish a new connection through it. Your IP Address and internet connection will be secured all the same, just note that the internet speed of your phone will be effected a little more significantly than a computer, simply because a phone can not process as much information as fast as a computer can.
  • Proxy’s: It is another common misconception that you can’t utilize proxy connections or the Tor network on your phone, this is simply untrue. You can either hide your IP address and internet activity by installing the Tor App directly, or you can install something known as Orbot – developed by The Tor Project. Orbot transfers all data/network activity from your phone across various tor relays, essentially turning the Tor network itself into a giant VPN connection/encryption setting for all of your data and every last thing you do on your phone. Unlike Tor, Orbot doesn’t just simply protect internet activity – even the Apps developers profess itself to be a “full phone VPN.
  • Re-Route DNS: Another way to protect against data spying, 3rd party abuses or intrusive hackers is to re-route your DNS through different service providers. For example, I personally route all of my network activity through Cloudflare DNS servers for added privacy and security. IBM’s Quad 9 DNS service is another good option, blocking you from gaining access to known malicious websites while preventing your device from ever becoming part of or wrapped up in a botnet. You can do your own research to find other options which may be more suitable, but another popular option is Google’s public DNS service.
  • Install Different Browsers: Just as with computers, you can choose a whole host of different browser options, many of which are far more secure and private than Google Chrome or the built in web browser found on your phone. If you would like to learn more about browsers, as well as the different/added benefits of each, please utilize the following link: https://roguesec.co/building-selecting-safer-web-browsers/
  • Antivirus: Phone antivirus programs essentially work the same as computer antivirus’, only they are far simpler and much cheaper. A good antivirus program for your phone should cost anywhere from $2-5$ per month, and will protect your phone against malicious hyperlinks, scan all downloads for viruses, as well as prevent all of the most common/basic forms of cyber attack. Some phone based antivirus service providers, such as Kaspersky Lab, also come with built in VPN connections to secure your internet activity at the same time.

5.) VoIP Services

While VoIP services are not necessarily essential for everyday phone use, they do offer critical protections for political activists, journalists, researchers and citizens living under oppressive regimes all around the world. VoIP stands for “Voice over Internet Protocol,” which is just a fancy way of saying they transport all calls and messages over established internet connections, rather than routing them through your telecommunications or phone service provider – such as AT&T or Verizon. For this reason, VoIp services prevent your data from being intercepted, recorded or stolen by telecommunications companies and other 3rd parties, such as Governments, thus protecting any information you send across them. VoIP services also offer the ability to encrypt messages or calls between like users, further protecting your privacy. By comparison, both of these options are not available on standard text messages or phone calls. In politically oppressive countries, VoIp services offer a critical means to bypass Government imposed restrictions or blockades on national telecommunications. VoIP services also let you make international calls for free.

While this might sound a bit complex or advanced, once installed, operating a VoIP connection/application is no more different or complicated than making a regular phone call or sending traditional text messages. Lastly, VoIP connections also offer a secondary means to reach contacts, should your phone lose service, go out of range or come under blackout. Rather than relying on the signal strength of your network service provider, all you need to use VoIP services is an active internet connection.

The Best/Top VoIP Service Providers:

Offensive Firewall Exploitation: The Next Evolution of Hacking?

While working with a “partner” the other day helping to teach them how to track and  take down a notorious bigot/troll whom was wrecking havoc on hacking servers, I accidentally wound up compromising the identity of one of my Anonymous friends entirely by mistake. The experience got me thinking however, about a new hacking technique that I’ve never heard of before and wouldn’t necessarily be that hard to pull off. I am calling it “Offensive Firewall Exploitation,” an entirely new hacking theory utilizing legalized/trusted means for illegal practices.

The concept involves using existing security measures and custom edits to your websites defensive firewall to uncover information about a site’s unique visitor and exploit different channels after a direct connection is established with their device. Connections which could, in theory, be used to compromise or disable the devices of anyone who visits a particular website.

404 Error Logs As IP Loggers

I never really thought of it before last week, but if you are a website owner there is no longer any reason or need to secretly attach/embed an IP Logger program/file to a hyperlink. If you are a website owner and have set up your firewall to catch, record and log all 404 related errors, then all you need to do is create/send a false URL address with your domain name attached to it and just like that you will have a legal means of recording the IP Addresses of anyone who clicks on it. From there you can do a legal WHOIS or reverse DNS search to uncover more about the visitor.

For example: https://roguesecuritylabs.ltd/I-will-record-your-IP-if-you-click-on-or-enter-this-url

The beautify of it is that a false URL address through your domain is a completely undetectable means of recording IP Addresses. I say this because if you ever do attach an IP Logger program or file to a given hyperlink, then most of the time an online link scan or anti-virus will be able to pick up on it and alert the users not to click on/open it. However, a false URL Address will bypass every program, security scanner and anti-virus test out there, making every false link appear trustworthy and non-malicious. Moreover, 404 error logs are incredibly easy to utilize/implement through your sites Firewall defenses.

Test Hyperlinks for Malicious Content, Malware or Programs: https://onlinelinkscan.com

Exploiting The TLS Handshake

Transport Layer Security (TLS) is the so called “next evolution” of Secured-Socket Layer (SSL) protection, establishing a direct connection (handshake) with each unique visitor that accesses a given site. As I have briefly explained in a separate article loosely related to this matter, think of TLS as a mini VPN connection made between a website and its visitor, securing whatever data is exchanged/transmitted across the internet while that person visits the website. Unlike your SSL, which protects any data physically entered onto a website, TLS on the other protects a visitors data as it is being sent across the internet whilst they are visiting/interacting with your site through their web browser.

TLS works by ‘reaching out’ to a visitors web browser each time they land on your site, establishing a so-called “handshake” with them. This handshake is used to create a secured connection or tunnel between the two parties, encrypting their internet data/activity as they interact with or browse your website. While TLS handshakes are on the ‘cutting edge’ of security in 2018, it also makes me question what else this direct connection could be used for in the future, or how it could theoretically be exploited.

Quite simply, TLS establishes a direct connection with a persons device – that’s literally its sole purpose and how it was designed. In theory, I propose a website owner or hacker could use this connection as a means to gain access to any/every given device that accesses a website. For example, a TLS connection encrypts/protects data from 3rd parties externally. Meaning anyone outside of that website and device. In this way TLS makes a “tunnel” for data to flow between the two parties; a website and its visitor. Using this same tunnel, I put forward that hackers could use it a a conduit to inject or transmit malicious code, script or other files/programs directly onto a visitors device. If not through the TLS handshake directly, than through a manipulated version of the handshake protocol mimicking its interactions.

Custom Firewall/CSS Edits To Manipulate Hardware

Reviewing and implementing new procedures/rules to my firewall, one of the most intriguing edits I’ve implemented is the blocking of my websites visitors from being able to select, copy and paste any content off my site. Meaning that it is impossible for someone to highlight/select text on my website in order to copy and paste it anywhere else online or onto their computer. I do this for three reasons. First is to safeguard/copy protect my content, the second is to increase traffic and lastly, to prevent outright plagiarism. But think about that concept for a moment. Just by simply editing my own firewall, I am actually able to control how your mouse – your computers own hardware – acts and behaves on my site. Essentially, just by enabling one firewall rule, I can prevent your mouse from being able to functioning correctly – entirely legally too.

With that established, if my defensive firewall can control a visitors mouse through the connection they make with my website, what else or what other hardware could I theoretically effect/control once a visitor accesses my website?

Adding things up, if I can grab someones unique IP Address through a fake URL address using a 404 error logs, and establish a direct connection to that persons computer through the shell work of TLS once they are on my site, then edit custom rules to my firewall to control their hardware, what are the possible/theoretical limits I could  implement to compromise or corrupt that persons computer/systems? I propose that, using existing security measures, it is entirely possible to gain complete remote access to or shut down major components of a visitors computer simply by owning a website and sending out one fake URL address – or any URL address for that matter. Theoretically one wouldn’t have to be the sites website owner directly, these procedures could be enacted on any website that has been taken over or hacked.

I am not trying to be a mad scientist here, but someone once described hacking as the art/means of making computers act and behave in new ways they were never designed to do. In this way I think it is entirely possible to turn the same defensive security measures one implements to defensively guard their site into offensive hacking machines/exploits.

Advanced Caching Attack Targeting WordPress Owners

Doxxing yourself out of the Anonymous Hacker Collective by starting a public security company does come with certain risks, such as the increased likelihood that the number of cyber attacks you are about to absorb is going to skyrocket. To that effect, over the course of the last week I have begun picking up on a new probe/hacking technique I’ve never come across before.

Auditing my firewall logs, it appears as though hackers are attempting to probe the back end of my website by searching for archived blog posts within the contents of my trash can. This is done by attempting to manually search for a hyperlink with “_trashed” added to the end it, indicating that the attacker is not actually looking for the published version of the article itself, but instead for the specific URL assigned to an article once it has been unpublished and transferred into your trash bin.

For example, these people automatically know that every WordPress blog comes pre-installed with at least one published blog post; The Journey Begins. Therefore, roguesecuritylabs.com/the-journey-begins becomes roguesecuritylabs.com/the-journey-begins_trashed. Or roguesecuritylabs.ltd/-encrypted-email-providers becomes roguesecuritylabs.com/encrypted-email-providers_trashed. So on and so forth.

What are They Searching for?

Researching the mechanics of how the trash bin works and how WordPress remembers data, even when a blog post has been unpublished and trashed, your LiteSpeed and Varnish Cache still treat/remember it as though it is a published post, because once upon a time that article actually was published. That is what cache is all about, after-all. But more on that briefly.

Earlier this year I was forced to mitigate a string of attacks originating out of Ukraine, where hackers had begun attempting to launch Cross-Site Scripting (XSS) attacks against cached versions of old blog posts I had once published under a different, but still connected, domain name. What I had uncovered was that the attackers were attempting to use my Varnish Cache in an attempt to enable Server-Side Includes (SSI) Injection of malicious scripts in outdated versions/URL’s of articles they hoped would be less secure than their current versions. While my firewall sealed them off gaining access to wp-Admin dashboard, I was only truly saved by the NoScript browser add on through Mozilla Firefox, which first alerted me to the XSS attack allowing me to block it.

Similarly, as was reported about 1 month after I first mitigated the attack, GoSecure came out with a new threat analysis explaining how “While conducting a security assessment, we noticed an unexpected behavior in the markup language Edge Side Includes (ESI), a language used in many popular HTTP surrogates (reverse proxies, load balancers, caching servers, proxy servers). We identified that successful ESI attacks can lead to Server Side Request Forgery (SSRF), various Cross-Site Scripting (XSS) vectors that bypass the HTTPOnly cookie mitigation flag, and server-side denial of service. We call this technique ESI Injection.” Adding that “through our testing, we’ve discovered a little under a dozen popular products that can process ESI: Varnish, Squid Proxy, IBM WebSphere, Oracle Fusion/WebLogic, Akamai, Fastly, F5, Node.js ESI, LiteSpeed and some language-specific plugins.

View GoSecure‘s Full Report: https://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/

Combing my experience earlier this year, along with the new knowledge that trashed articles/URL’s on WordPress are still automatically cached as though they still exist published by default, it appears as though hackers are attempting to probe for cached versions of old articles in order to launch Edge Side Include (ESI) attacks against them.

How To Mitigate The Attack

Step 1: Purge or Remove All Cache. Thankfully, because of my experience earlier this year, I already knew better than to leave all my cache just “innocently” hanging around, and have security measures in place to purge all Varnish cache on a weekly basis. Similarly, you should make it a habit to purge/clear your Varnish cache on a regular basis, or disable the LiteSpeed cache plugin altogether – if you have already installed it. Granted I am a bit of a security freak, but I just don’t want the added security liability of leaving my cache out in the open simply to make my site milliseconds faster for my visitors, the risk/reward just isn’t there for me.

Step 2: Force all traffic through HTTPS. As GoSecure‘s report even elludes to, these sorts of attacks are only successful through bypassing holes in http protocols. Something which can easily be resolved by simply forcing all of your website traffic through the encryption of your SSL.

Step 3: Empty your trash bin. Quite simply, hackers can’t exploit a trashed article or URL if there is nothing inside your trash bin intself. Not only will clearing out your trash bin help free up some of your data and make your site more organized, but it will also prevent this latest hack from finding you.

Phone Security

1.) Encryption

Encrypt your entire Operating System (OS). Phone encoryption is the first line of defense for whichever phone you happen to use, ensuring that no one can even so much as turn on your device without the proper credentials. It is important to understand that encrypting your phone and setting a screen lock for it are not the same thing. It is also important to understand that, depending on the type of phone you have and who manufactured it, screen locks can be bypassed by 3rd parties – such as hackers – as well as through different backdoors found within various software applications/programs you’ve installed on it. Encrypting your phone on the other hand encrypts your entire operating system all at once, requiring password authentication for the phone to even boot up and power on in the first place – ensuring that no App, program or file can be exploited or corrupted to gain full access to your phone.

Depending on what type of phone you have, your settings might come with a built in feature allowing to encrypt individual Apps. If not, you can install a firewall application for that – more on this later on in the article. If you are unfamiliar where to find your phones encryption options, they are available in the “security” section under the main settings menu. Please note that it can take an hour or more to fully encrypt your phone, so it’s important to always begin with a fully charged battery.

Select an appropriate screen lock. Screen locks are a different form of encryption in a sense, ensuring that no one can use/operate your phone when you lose it, are away from it or leave it out in public. As far as how you set it up, there are 4 different options to choose from – each one having its pro’s and cons.

  • Password Lock. Users will be required to enter a unique password consisting of letters, numbers and symbols to unlock your device. Personally, I believe password protection to be by far the most secure of all options. However, for the same reason, it could be considered the most “inconvenient,” because it requires the most amount of time/attention to enter every time you wish to unlock your device.
  • Pin Lock. Pin locks work exactly like password protections, only they exclude letters and symbols. Meaning that users will be required to enter a pass-code of random numbers in order to unlock your phone. For the very reason that pins exclude letters and symbols, they are a little less secure than passwords, exponentially decreasing the theoretical number of guesses it would take to crack/unlock your device.
  • Patter Lock. I am finding that this is becoming the most “trendy” screen lock these days, simply requiring users to use their fingers to “connect the dots” and draw a unique pattern on the front of their screen before it unlocks. However, I find pattern locks to be less secure than some of the other options, because there is a much higher probability of successfully drawing a random pattern to unlock a device than their is guessing an advanced password or pin.
  • Biometrics. The newest “craze” is security is using your own fingerprints, eyes, face or facial expressions to unlock different devices. However, while these options may be the most convenient and fastest, they are also by far the least secure. I say this because multiple studies have proven how easy it is to trick biometric security measures, and often times the pictures off your own social media accounts are enough to bypass them.

Password/Pin protect your SIMor SSID card. It is important to understand that encrypting your operating system and setting a screen lock will do nothing to protect your data cards or memory chips, securing those is an entirely separate matter. So lastly, you are going to want to encrypt/password protect your SIM and/or SSID card. To do this simply enter into the security options within your phones main settings menu, find/select your memory chips and create a unique pin lock for them. This ensures that no matter where your memory chip goes or whatever phone/device it’s plugged into, no one will be allowed to access your contacts, photos, videos, messages, files or data without entering the correct pin code first.

If you would like help learning how to build strong and easy to remember passwords to encrypt your accounts/devices, please read more in the tutorial provided below.

How To Write Un-Hackable Passwords: https://roguesec.co/how-to-write-un-hackable-passwords/

2.) Firewalls

Some phones come pre-installed with various firewall options, but if yours does not then there is a sizeable number of firewall Apps to choose from. Firewalls are critically important to security because they allow users to seal off or block different Apps, limiting the possible points of entry for hackers or other 3rd parties. Depending on the type of firewall you select, you may also have the option to encrypt individual Apps on your phone, adding a 4th layer of encryption to your device while ensuring that even if someone is able to unlock it, they will not be allowed to use selected Apps without further permissions. This is particularly important/helpful if you utilize different types of chatrooms, group chats for work or VoIP services.

Perhaps most importantly, firewalls severely limit potential abuses of your phone. You can select different options to completely seal off individual Apps altogether, or seal off different settings/areas of your phone from outside sources.Not only does this prevent hackers from using selected Apps to compromise your phone, but at the same time it prevents App owners themselves and other 3rd parties from gaining access to your phone all the same. Firewalls also protect against unwarranted data collection of your phone, including call/text history and general phone usage. More importantly, building a strong firewall and sealing off selected Apps can free up memory space/data usage, both speeding up your phone and saving battery life. If there are Apps on your phone that you’ve never used a single day in your life, or you feel may be spying on you/invading your privacy, simply use your firewall to disable them altogether with the click of a button.

On a similar but side note, never blindly give every App different permissions just because they ask for them. For example, when first navigating a new phone you might find that you are regularly asked to allow different Apps to do random things, such as collect data or record audio/video. It might seem harmless, but think about it for a second. What the hell does the Google Chrome web browser possibly need to record audio for? The simple answer is it doesn’t, you are only being set up to have your phone hacked by authorities and/or law enforcement officials at a later date in time – should they ever feel the need. By checking these options and blindly granting permission to different Apps, your are secretly granting 3rd parties the permission to ‘flip the switch‘ so to speak and turn your phone into a spy/recording device whenever they want. So, don’t fall for it. There is literally no need to give different developers that much permission over your phone.

3.) Manage Security Certificates

Similarly, you should seriously check out the security certificates or “Trusted Credentials” list which came pre-installed on your phone. On my Android ZTE for example, my phone was handed to me with over 100 different security certificates installed on it, some of which grant different Government agencies/offices direct root access to my phone without requiring legal documents or warrants of any kind – no exaggeration. You might not have been told about this when you bought your phone, buy they are there. Just a short list of some of the organizations which have direct root access to my phone; China Financial Certification Authority, CyberTrust, Deutsche Telekom, Hellenic Academic Research Institute, HongKong Post, Japanese Government, VISA, TurkTrust,Wells Fargo, as well as countless other organizations operating under different Government umbrellas.

Thankfully though, you do have the ability to revoke these certificates/permissions if you like. Simply find where these certificates are under your settings menu and disable whichever ones you desire. Just note that disabling some of the most fundamental ones, such as those issues by your telecommunications provider, may break access to different areas of your phone – but this is always reversible.

4.) Internet Security & Antivirus

Most people are always surprised to learn that the same measures used to secure your computer can often times be transferred directly to your phone, this includes things like VPN’s and antivirus. For the purposes of this section of the article, I would like to discuss different measures you can install to help protect your phone and keep your data that much more private/secured.

  • VPN’s: I am not going to get into a breakdown of what VPN’s are and how they work, it is just important to understand that you can install and utilize a VPN connection on your phone all the same as a computer. If you already own a paid VPN account, simply install the service providers App on your phone and establish a new connection through it. Your IP Address and internet connection will be secured all the same, just note that the internet speed of your phone will be effected a little more significantly than a computer, simply because a phone can not process as much information as fast as a computer can.
  • Proxy’s: It is another common misconception that you can’t utilize proxy connections or the Tor network on your phone, this is simply untrue. You can either hide your IP address and internet activity by installing the Tor App directly, or you can install something known as Orbot – developed by The Tor Project. Orbot transfers all data/network activity from your phone across various tor relays, essentially turning the Tor network itself into a giant VPN connection/encryption setting for all of your data and every last thing you do on your phone. Unlike Tor, Orbot doesn’t just simply protect internet activity – even the Apps developers profess itself to be a “full phone VPN.”
  • Re-Route DNS: Another way to protect against data spying, 3rd party abuses or intrusive hackers is to re-route your DNS through different service providers. For example, I personally route all of my network activity through Cloudflare DNS servers for added privacy and security. IBM’s Quad 9 DNS service is another good option, blocking you from gaining access to known malicious websites while preventing your device from ever becoming part of or wrapped up in a botnet. You can do your own research to find other options which may be more suitable, but another popular option is Google’s public DNS service.
  • Install Different Browsers: Just as with computers, you can choose a whole host of different browser options, many of which are far more secure and private than Google Chrome or the built in web browser found on your phone. If you would like to learn more about browsers, as well as the different/added benefits of each, please utilize the following link: https://roguesec.co/building-selecting-safer-web-browsers/
  • Antivirus: Phone antivirus programs essentially work the same as computer antivirus’, only they are far simpler and much cheaper. A good antivirus program for your phone should cost anywhere from $2-5$ per month, and will protect your phone against malicious hyperlinks, scan all downloads for viruses, as well as prevent all of the most common/basic forms of cyber attack. Some phone based antivirus service providers, such as Kaspersky Lab, also come with built in VPN connections to secure your internet activity at the same time.

5.) VoIP Services

While VoIP services are not necessarily essential for everyday phone use, they do offer critical protections for political activists, journalists, researchers and citizens living under oppressive regimes all around the world. VoIP stands for “Voice over Internet Protocol,” which is just a fancy way of saying they transport all calls and messages over established internet connections, rather than routing them through your telecommunications or phone service provider – such as AT&T or Verizon. For this reason, VoIp services prevent your data from being intercepted, recorded or stolen by telecommunications companies and other 3rd parties, such as Governments, thus protecting any information you send across them. VoIP services also offer the ability to encrypt messages or calls between like users, further protecting your privacy. By comparison, both of these options are not available on standard text messages or phone calls. In politically oppressive countries, VoIp services offer a critical means to bypass Government imposed restrictions or blockades on national telecommunications. VoIP services also let you make international calls for free.

While this might sound a bit complex or advanced, once installed, operating a VoIP connection/application is no more different or complicated than making a regular phone call or sending traditional text messages. Lastly, VoIP connections also offer a secondary means to reach contacts, should your phone lose service, go out of range or come under blackout. Rather than relying on the signal strength of your network service provider, all you need to use VoIP services is an active internet connection.

The Best/Top VoIP Service Providers:

 

Miscellaneous Tips, Tricks & Security ‘Hacks’

The following information will help you both secure your computer straight from the start menu and help you restore you computer back to safety if it is ever compromised.

First, you should make sure that your firewall is turned on. Even if you know nothing at all about computers or security, turning on your firewall literally takes no skill, it is already pre-configured by your computer manufacturer and you just have to make sure that it is turned on. If you really want to take the time, I recommend going through your firewall’s settings, checking the rules and entering the terms onto a Google search just so you can learn yourself something new about them.

Second, if you haven’t done so already, you should encrypt your computer. If for some reason you are still unaware, “encryption” is just a fancy word for creating password entry. If you ever leave your computer unattended in a public setting or live in a house with multiple people, you should always makes sure that no one can use your computer without authorization. Meaning that when your computer starts, before anyone can physically access anything or do anything on it, they have to enter the correct password first. Setting this up is incredibly easy and you can edit or select this option straight from the settings on your computers start menu.

The next option is extremely critical, but is something which is often overlooked. You are going to want to make sure to disable remote access to your computer. Believe it or not, anyone whom knows anything about hacking can physically access/use your device through something as simple as Windows cmd if they share the same internet connection or know your IP Address. If you do not disable remote access to your computer you are essentially leaving the door wide open for anyone to walk through or exploit.

Lastly, if at any point in time you believe that you have downloaded any virus, Malware or Spyware, you can simply go to your computers start menu and search for “system restore.” All you have to do is find a date before you believe you contracted the virus, select it and restore you computers settings/files back to that date. This will restore your computers systems as it existed on that date. However, just note that while you will be losing the virus from your computer, you will also be losing all of the files, documents, pictures or anything else you have created or saved since that date. While it does not work every time or with some of its stronger versions, this should literally be your first move if you ever contract ransomware.

External Hard Drive

This next bit is something that I almost never see included in other online security tutorials, which is why I am including it here today. If you want a fool proof way to secure, protect and back up all of your most important files, you should invest in what is known as an external hard drive. You can buy a USB external hard drive in any major box store for anywhere from $75 – $200 and it fully ensures that if your computer ever gets compromised, all of your files and data is backed up.

External hard drives are extremely important if you wind up getting a serious computer virus, such as ransomware. An external hard drive will allow you to completely wipe your computers data, clear the virus off your systems and then re-load your files right back onto your computer as if nothing ever happened. Considering that most ransomware will charge your thousands of dollars to un-encrypt your data, an external hard drive back up is literally a $100 fix to a $1,000 problem. Always remember, backup, backup, backup your data – buy a USB!

Moreover, if you live in an at risk country and are ever worried about someone gaining remote access to or searching your computer, you can keep programs like Tor or TAILS on your external hard drive for safekeeping. If necessary, a USB is also much easier to hide or destroy if it ever comes to that point. You can also set up separate encryption for your USB, making it impossible to search without authentication.

How to Encrypt Your USB: https://www.online-tech-tips.com/computer-tips/encrypt-usb-flash-drive/

Learn Linux

Contrary to popular belief, even if you are using a “Windows Computer,” you do not actually have to run Windows as your primary operating system. While learning how to use and install Linux is not necessary and often times a useless nerd skill, there is no debating that Linux systems are far more secure than Windows or Apple will ever be. Therefore, if you are truly interested in learning a new skill or improving your cyber security practices, then learning Linux systems should be at the top of your priority list.

I am not going to teach you how to do this in this article or any other for that matter, that is what they make Google and YouTube for. Instead, I will just tell you what the world’s most secure operating system is; TAILS.

Download TAILS Here: https://tails.boum.org/install/download/index.en.htmlhttps://tails.boum.org/install/download/index.en.html

Why Windows Is More Secure Than Linux: http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html

Sweet cmd Commands

If your network connection ever starts to become slow or your web pages simply aren’t loading as fast as normal, there is a simple trick that will automatically speed your internet connection back up, without disconnecting you from the internet or requiring your internet router to be reset. The best part is, not only will the following command sequence speed your internet connection back up, but it can also negate DDoS attacks and will kick any 3rd parties, such as hacker, off your computer/connection every time it is used.

Simply go to start menu, open cmd and type in the following sequence exactly as it is written below – don’t actually type “(enter),” that is simply where you press enter before typing the next command:

  • title H4x0r (press enter)
  • color a (enter)
  • echo off (enter)
  • cls (enter)
  • ipconfig/flushdns (enter)
  • ipconfig/release (enter)
  • ipconfig/renew (enter)

Please note that only the sequence in bold is necessary, the first part is just for fun 😛

Random Helpful Links

Test Hyperlinkes for Malicious/Hidden Content, Such As IP Loggers, Before You Click Them: http://onlinelinkscan.com/

Test Recent Downloads for Malicious Content/Viruses: https://virscan.org/

Encrypt Your Hard Drive: http://www.pcworld.com/article/153826/data_encryption_tools.html

Encrypt Individual Your Files on Windows, Linux & Mac: http://www.howtogeek.com/195124/how-to-easily-encrypt-files-on-windows-linux-and-mac-os-x/

Enable BIOS Protection: http://www.pcworld.com/article/158292/Enable_BIOS_Passwords_for_Extra_Security.html

pfSense Firewall – The Worlds Most Used/Trusted Open Source Firewall: https://www.pfsense.org/download/

How To Enable Quad9 DNS service from IBM: https://www.quad9.net/

How to Enable Cloudflare’s 1.1.1.1. Privacy Based DNS Service: https://1.1.1.1/