YOU LOCK YOUR front door. You mash the button on your car’s key fob until the alarm beeps. You even have some overbearing antivirus software making your computer run slower. But you probably don’t think about whether anyone’s trying to get into your phone.
You should: It’s a gold mine of data, passwords, and secrets, all on the other side of a four-digit passcode or a fingerprint scan—locks that can easily be picked by someone with the right tools. “If the entire United States government wants to hack your phone,” says Alex Thurber, general manager of mobile solutions at BlackBerry, “they’re going to get in.”
While no smartphone is truly unhackable, they’re not all equally porous. Lots of companies are working to build devices that make it very hard to peer inside. Startups like Sirin Labs, which created a phone called Solarin, are using chip-level 256-bit AES encryption (translation: intelligence agency–grade puzzlements) as a safeguard against breaches. The Solarin also has a switch to activate a “secure zone,” which kills every feature except encrypted phone calls and texting. Silent Circle’s Blackphone has a similar feature, called Spaces, that lets you keep your personal life separate from your work life, separate from your espionage. Turing Robotic Industries is working with big-name security vendors to preinstall protective software that would make Android phones less penetrable.
And now for something decidedly less mainstream: The Boeing Black, a hypersecure smartphone developed for the defense community, uses virtual-desktop software that keeps all the device’s data on a different machine, so that even if someone got into Black there’d be nothing to find. The phone also has a self-destruct routine that activates if someone tries to crack it open.
There’s a problem with all these devices: Safe phones are boring. Secure handsets tend to run older processors, use last year’s software, and have user interfaces even hackers might find inscrutable. Syl Chao, CEO of Turing Robotic Industries, says the real challenge is to make supersecure smartphones cool enough for customers to want them. “People care about security,” he says, “but they also have a lot on their mind. They don’t want to think about security.”
Because you’ve read this far, you are thinking about security, and you can take steps to protect yourself. Most important, keep your phone and apps up to date, since Google, Apple, and app developers frequently release new code as they play whack-a-mole against exploits. Also, be aware of what your phone is doing. Devices like the Blackphone can tell you which apps are using which sensors and radios. If you’re on another Android handset, apps like DCentral 1 do something similar, though not as thoroughly. Then there’s the simple stuff: Don’t click that sketchy link, never hand your phone to a stranger, and stay off public hot spots.
If you make yourself hard to compromise, attackers will usually just move on. It’s like the old saying: You don’t need to have a perfectly secure house; you just need to be harder to rob than your neighbor.