Mobile Computing: Recommended Practices

Healthy-Paranoia
Android Bluetooth Chromebook iOS LTE Mac SIM card USB condom USB rubber ducky Wi-Fi
Page content

TL;DR

Make each device’s name generic. Be mindful when connecting to rental cars via Bluetooth. Deactivate wireless signals when you’re not around your devices. Destroy previous SIM cards. Don’t use borrowed USB cables or chargers. Know the resources available to you for remotely locating and managing your devices.

Terms & Tech

Nearly every device you carry connects to a Long Term Evolution (LTE) carrier network or a wireless LAN (Wi-Fi) or both. Carriers provision information onto physical or electronic Subscriber Identity Module (SIM) cards that combine device identifiers with account numbers and cryptographic keys that when used together, grant access to the network. Wi-Fi allows for provisioned and/or guest users (the network operator chooses which to allow) based on the login method. Wi-Fi does not use SIM cards. Both carrier networks and Wi-Fi have their own protocols and mechanisms for identifying devices and authorizing them to use the network. Both also collect a variety of logs that have information about your connectivity.

Recommendations

  1. Change your device name from [your name]’s iPhone or Android device name to something that doesn’t have your name, operating system, or anything personally identifiable. This goes for phones, tablets, computers, watches, etc. The device name is visible in plain text in an unsecured Wi-Fi network. The device name is logged in every Wi-Fi network. The device name is also logged when you connect to devices over Bluetooth, like a rental car.
  2. You can and should connect to rental cars via Bluetooth, but don’t download your phone’s phonebook when you connect your phone so you won’t forget about deleting the connection and the data when you return it. You almost certainly don’t need phonebook names or call history displayed. It’s not clear if/how the information is cached or stored on the vehicle and simply not worth the risk of sharing that information with the rental company or subsequent renters.
  3. Completely shut down devices when you leave them behind in cars, hotel rooms, etc. Alternatively, disable Wi-Fi and Bluetooth on the devices. You are advertising device presence to anyone with a wireless scanner like Flipper Zero, and you’re even broadcasting the type of device.
  4. Completely obliterate all previous physical SIM cards if/when you get a new one. SIMs contain subscriber-specific data on them. And though less likely, they may also contain text messages, phonebook data, photos, and files, especially if the SIM is older and has been kept and reused each time the phone was upgraded. When a carrier issues a replacement SIM (for whatever reason - you can even just ask for one), there’s no mechanism to erase data from the prior SIM. Destroy it in a shredder or cut in half and discard the two pieces in separate disposals.
  5. Carry your own device charger cables and block for two reasons. First, Juice Jacking is real and even an innocent looking USB port in an AC wall outlet can be compromised. You could carry a USB condom as a backup, but abstinence is 100% effective. Second, you may inadvertently run across a USB rubber ducky.
  6. Know your resources in case you misplace a mobile device. You can find your Android devices here: https://android.com/find and your Apple devices (iOS & Mac) here: https://www.icloud.com/find. Google devices use Google accounts, so this page can also be used: https://myaccount.google.com/device-activity. Benefits of this page include showing everywhere your account is logged into a device, e.g. Android, Chrome, Google Home devices, etc. This page gives you an interface to find the device (which may include playing a sound), secure your device by locking it, displaying a message or phone number on the lock screen, log out, or erase the device. You might not be able erase a device that has both a personal and corporate profile on it, but you can wipe the corporate account from it via https://mydevices.google.com (for Google Workspace Enterprise customers).
  7. This post has recommendations securing your home network.