In late October it was reported that during Liz Truss’s tenure as foreign secretary her smart phone was hacked, allegedly by Russian intelligence forces, writes Cyber Security apprentice Tom Boughton.
Sensitive information relating to Liz Truss and the UK Government, including private conversations between herself and other politicians such as Boris Johnson and Kwasi Kwarteng, were reportedly stolen, leaving them at risk of blackmail.
Specific information about the attack has not yet been published, however, we are able to recommend some phone security configurations which will provide security against smartphone malware and hackers:
Password/Pin Length
One of the simplest ways to increase smartphone security is to implement a strong password or pin. Pins should be a minimum of six digits long, although eight is the recommended length. For devices that use a password we recommend a minimum length of eight characters, including numbers and special characters. Passwords should not be related to the workplace and could (for example) consist of ‘Three Random Words’.
Multiple Layers of Authentication
Another easy method to implement smartphone security is to have a second (or multiple) layer of authentication. For example, the first layer would be the pin/password used to unlock the device, the second could be a prompt for a password when opening an email. This second layer of defence ensures sensitive or work-related data remains confidential if a smartphone is stolen or accessed maliciously.
Anti-malware Software
While not available for iOS-based smartphones, anti-malware software is extremely useful when securing Android devices. Most AVs include a firewall software and active malware detection and may include other features such as security configuration or phone optimisation advice, making them highly valuable applications.
Approved Software Controls
Another way to secure mobile devices is to allow only approved software to be installed on devices. By only allowing apps related to work and restricting access to official app stores (such as the Apple App Store or Google Play Store), the risk of malicious software being accidentally installed on the device is massively reduced.
Automatic Updates
When applications are updated manually, it might take days or even weeks for a security patch to be installed if the user does not notice, potentially allowing an app to become vulnerable to exploitation. Enabling automatic updates resolves this, as updates will then be implemented as soon as they are released. While not all platforms support automatic updates other applications, such as some AV software, will provide some RMM tools, allowing for reminders to be set or updates scheduled.