Share this page!

Rafay Baloch Profile picture
Twitter logo
3 May, 8 tweets, 2 min read
Thread: Protecting Mobile Devices

Contrary to the popular belief, doing a factory reset on your phone does not guarantee removal of sophisticated spyware. As per recent analysis by @citizenlab , Pegasus spyware can persist a factory reset on certain android phones.
If you are a high profile target, always assume that your mobile devices are likely to be targeted. While, the following steps can't ensure protection against sophisticated cyber weapons they will surely help reduce the attack surface.
1. Do not link any cloud accounts to your mobile device.

2. Change your password on regular basis, use a different password for each service and if you use a password manager, only use it to store "Password Hints" instead of actual passwords.
3. Periodically log out of your email accounts.

4. Do not store whatsapp, telegram and other OTT services chat backups on cloud.
5. Store bare minimum data on your mobile device, and all secrets should be kept encrypted and stored offline.

6. Replace your mobile device once in a while and do not buy refurbished phones.
7. Use multi-factor authentication on all of your email accounts, ensure that phone number linked with these accounts should not be publicly known and linked to your identity. A better approach is to use hardware authentication device such as Yubikey or FIDO U2F Security Key.
8. Do not click on any links at all, always move links to a sandboxed environment and then view then. However this advice is not practical as links are meant to be clicked, however following this religiously will prevent you from "One Click"
Feel free to add your suggestions to this thread. #cybersecurity #privacy #infosec

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rafay Baloch

Rafay Baloch Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @rafaybaloch

Rafay Baloch Profile picture
13 Jan
Whatsapp's new privacy policy has triggered a debate among masses about its alternatives from Privacy/Security standpoint. Clearly, @telegram & @signalapp are popular candidates leading to Q's on which one being more secure. Lets discuss key security differences in this thread
Secure by default: Both, Signal and Telegram support End to end encryption (E2E), however, the Signal has E2E is enabled by default, where-as in the case of Telegram a secret chat has to be initiated to enable E2E on the conversation to conversation basis
Data Storage: Telegram chats are stored on cloud unless secret chat is enabled. This means the encryption keys are stored on the server and technically telegram can decrypt conversations. Signal stores messages in a local SQLite database.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @rafaybaloch has new unrolls!

Check out other threads from @rafaybaloch!

Read all threads by @rafaybaloch