You may have seen news reports over the last two days detailing a major security flaw in virtually all smartphones. The devices that are at risk are not limited to either iPhone or Android — all of us are affected. If you want to make sure your smartphone and its data stay secure, there are a few steps you can take.
Accept All Security Patches & Updates
The most important thing anyone with a smartphone can do right now is keep their device fully updated. Your phone’s OEM will be rushing to issue security patches now that these vulnerabilities have been discovered, and, according to the U.S. Computer Emergency Readiness Team, updating your software is your best defense against these chip flaws.Apple just released an update to the iOS 11.2.5 beta yesterday, while the company seeded the latest public update, 11.2.1, Dec. 13. While these updates do not explicitly address any of the discovered chip flaws, they do feature the latest security patches and bug fixes Apple has to offer.
While Android does not share the same uniformity as iOS, Google claims its latest security patch covers ARM-based processor vulnerabilities. OEMs and carriers regularly release security patches, such as Wednesday’s AT&T’s S7 and S7 Edge patch, or T-Mobile’s Note 8 patch last month. However, neither of these updates contain fixes for Meltdown and Spectre — it’s the January 2018 security patches you need to look out for.Another issue here is that Spectre or Meltdown exploits aren’t known to exist for mobile devices yet. This means that any security patches aiming to protect against these threats are mostly preemptive. Going forward, we may see mobile-targeted exploits using Spectre or Meltdown — if this happens, phone makers will likely need to issue another security patch to block that specific exploit.Bottom line, make sure your device is running the latest firmware it can. It’s the best way to protect yourself, so take some time each day to check for updates.
Be Careful Which Apps You Install
If a Spectre or Meltdown exploit is created that can actually hack a smartphone, chances are, it’ll come in the form of an app. Since the security flaw is in your processor, and all apps are filtered through your processor as they run, it just takes one with the proper code to execute the exploit.
Apple has recommended that iPhone users do not sideload apps — in other words, only install apps from the App Store, where Apple has had a chance to review their code. Of course, you have to go out of your way to sideload an app on iOS, so most users shouldn’t have a problem here.
The situation on Android is similar, but it’s a lot easier to side load apps on Google’s OS, and there are a lot more unofficial app stores out there. No matter what you do, don’t install random APKs you find on the internet — this is where most Android malware originates. Instead, only install apps from the Google Play Store, and even then, it would be a good idea to install an antivirus scanner to be extra safe. On either operating system, you should still be cautious when installing apps from your phone’s official app store. Take time to read reviews and check into the app’s developer — if there’s anything fishy, resist temptation and don’t install the app.
What to Do with Older Devices
The sad fact is OEMs abandon products after a certain amount of time. If you are using a smartphone that no longer receives updates, you are leaving yourself open to vulnerabilities, both with the chip flaws as well as any others discovered.The best way to protect yourself is to buy a smartphone that is still supported by the manufacturer. Better yet, buy one designed with security in mind. Short of that, if you’re running Android, you may want to look into installing a custom ROM, which is a community-built version of Android, typically with the latest security patches applied.
Another thing to consider when shopping for Android phones is the OEM’s track record with updates. If you don’t want to find yourself in a similar situation in the future where your fairly-new phone isn’t getting important updates to block security threats like these, you’ll want to buy from a manufacture that’s known for keeping their devices updated. To get a good sense for this, we recommend reading our list of phones that are receiving the latest Android update this year.