Bluetooth is best recognized as the wireless technology that enables hands-free earpieces and uses the Internet of Things to connect your phone to audio, navigation, and gadgets (such as, IoT). Bluetooth, as useful as it is for productivity and comfort, can also pose significant security-based mobile threats. While most of the issues that were identified five to ten years ago have been rectified, others still exist. There’s also cause to be wary when it comes to new, as-yet-undiscovered privacy-related issues.
Some perceived benefits include:
The ability to replace cables is one of the most important advantages of Bluetooth technology. Bluetooth technology can be used to replace a number of cords, including those used for peripheral devices (e.g., mouse and keyboard connections), printers, and wireless headsets and ear buds that connect to personal computers (PCs) or mobile phones.
File sharing is simple. A piconet can be formed by a Bluetooth-enabled device to allow file sharing capabilities with other Bluetooth devices, such as laptops.
Synchronization over the air. Bluetooth allows Bluetooth-enabled devices to automatically synchronise. Bluetooth, for example, allows contact information from electronic address books and calendars to be synchronised.
Internet access is required. Bluetooth devices that have Internet connection can share it with other Bluetooth devices. A laptop, for example, can use a Bluetooth connection to have a mobile phone establish a dial-up connection, allowing the laptop to connect to the Internet via the phone.
As technology advances, phone hackers, often known as “phreakers,” have an even greater edge. The following is a simplified list of Bluetooth-related attacks:
Vulnerabilities in General Software
Bluetooth software isn’t perfect, especially in devices that use the newer Bluetooth 5 specification. It’s almost unheard of to come across software that has no security flaws. It’s easy for attackers to identify new, previously undiscovered vulnerabilities in Bluetooth devices, as Finnish security researchers Tommi Mäkilä, Jukka Taimisto, and Miia Vuontisjärvi demonstrated in 2011. Charges for pricey premium-rate or international calls, data theft, or drive-by virus downloads are all possible consequences.
To protect yourself from these vulnerabilities, make sure to turn off your Bluetooth when you’re not using it.
This attack is usually only possible when a phone is connected to the network in “discovery” or “visible” mode. Setting the phone to “invisible” mode was assumed to stop the attacks, however, tools have lately been developed on the internet that can overcome even these settings. SNARF attacks may now be set up on practically any phone. The only guaranteed way to protect yourself from SNARF threats is to turn off Bluetooth on your phone when you don’t need it.
Bluetooth is a wireless communication standard named after Harald “Bluetooth” Gormsson, a Viking king who worked to unite various 10th-century European groups. Criminals should not be able to listen in on your data or phone calls if you use Bluetooth encryption.
Eavesdropping, in other words, should not be an issue. Older Bluetooth devices that use outdated versions of the Bluetooth protocol, on the other hand, are likely to be vulnerable to unpatched security flaws.
To counter this issue, prohibit the usage of Bluetooth 1.x, 2.0, or 4.0-LE devices and require that devices use the most recent versions and protocols.
Denial of Service
Malicious attackers can cause your devices to crash, prevent you from receiving calls, and drain your power. To counteract this threat, make sure your Bluetooth is turned off while you’re not using it.
The range of Bluetooth is far greater than you might believe.
Bluetooth is intended to function as a “personal area network.” That is to say, Bluetooth should not be used to connect devices that are more than a few feet apart. However, simply keeping a safe distance between you and a possible attacker isn’t enough; hackers have been known to effectively communicate over considerably longer distances using directional, high-gain antennas.
The BLUEBUG exploit establishes the phone’s serial connection, giving the attacker access to all of the phone’s AT commands. This allows the attacker to make and receive phone calls, as well as access internet data services. It’s also been revealed that if the phone is connected to a GSM network, it’s easy to listen in on nearby phones’ chats. If executed correctly, this attack takes about 2 seconds to finish and leaves almost no sign of its intrusion. Incoming calls can then be routed to other devices by an attacker.
Another security breach is the BACKDOOR attack, which works by establishing an unauthorized connection to the target’s phone. This attack, on the other hand, works by creating a trust relationship using Bluetooth’s pairing mechanism, but then removes the attacker device from the pair list after the link is made. As a result, unless the device’s owner is watching the pair list at the precise moment a connection is created, it’s doubtful that they’ll realize the attacker is still linked after the pair has been deleted from the list.
The attacker will then gain access to all of the information that a “trusted” connection would provide, but without the owner’s permission. This would allow access to the phone’s authorized data, as well as phone calls and instant messages. This attack, however, is more limited than the SNARF attack because it only grants access to information marked for trusted connections.
WARNIBBLING is a hacking technique in which a phreaker tries to locate and access as many vulnerable Bluetooth phones as possible. To sniff for accessible phones, they often utilize laptops or PCs with high gain antennas and sophisticated software, such as Redfang. Rather than staying still, warnibblers will wander around, mapping as many phones as they can. Some drive, while others move from café to café, but the end consequence is the same: they frequently compromise the safety of huge groups of people.
BLUEJACKING, unlike prior attacks, does not provide adversary access to any data. Instead, a tiny flaw in the Bluetooth pairing process can be exploited to send a message to a user. This is usually innocuous, as attackers employed BLUEJACKING to express themselves, spread counter-culture propaganda, or simply demonstrate their ability to breach a consumer’s security.
Bluetooth technology necessitates the development of an organisational wireless security policy.
It is necessary to make sure that all Bluetooth users on the network are aware of their security responsibilities when using Bluetooth.
To fully understand the organization’s Bluetooth security posture, detailed security assessments must be performed at regular intervals.
It is necessary to guarantee that wireless devices and networks that use Bluetooth technology are well understood and documented from an architectural standpoint.
Users should be given a list of precautions to take in order to better protect their portable Bluetooth devices from theft.
Change the Bluetooth device’s default settings to reflect the organization’s security policy; Bluetooth devices should be set to the lowest necessary and sufficient power level to keep transmissions within the organization’s secure perimeter.
PIN numbers that are suitably random and long should be chosen. Avoid PINs that are static or weak, such as all zeros.
If a Bluetooth device is misplaced or stolen, users should unpair it from all other Bluetooth devices with which it was previously associated.
Antivirus software must be installed on Bluetooth-enabled hosts, which are regularly attacked by malware.
Bluetooth software patches and upgrades must be thoroughly tested and deployed on a regular basis.
Users should not accept any transmissions from unidentified or suspicious devices. Messages, data, and photos are examples of these forms of transfers.
See the bigger picture
Bluetooth is a wireless technology that can do a lot more than merely connect items wirelessly. Bluetooth version 4.0 offers faster data rates, a longer range, and improved security. It’s critical to create and convey company policies for mobile device security, including Bluetooth, so that your organization’s data isn’t jeopardized and your end users can operate safely while on the go. Keep in mind that mobile devices provide a range of threats that must be handled, and Bluetooth security is just one piece of the mobile security puzzle that is sometimes disregarded. For both home and business security, make sure to include mobile device security as part of your overall cybersecurity strategy.
Israel was attributed for the IMSI catchers discovered in Washington, D.C. three years prior in September 2019, demonstrating the frequency of these types of eavesdropping equipment. Previously used only by law enforcement to locate the international mobile subscriber identity (IMSI) associated with a criminal suspect’s SIM card for investigation purposes, an IMSI catcher may now be purchased or built by almost anyone to intercept a target’s communications. With such low barriers to entry, these devices are no longer simply for the bad people to be concerned about.
This paper will look into certain aspects to unfold the true dangers of ISMI/stringays, etc.
What is IMSI and how does it work?
Cracking GSM encryption, passive GSM interception, and aggressive GSM interception are all examples of GSM attacks. IMSI catchers come under the last type, serving as a transceiver and actively interfering with communications between mobile phones and base stations (simultaneously transmitting and receiving).
IMSI catchers deploy a “man-in-the-middle” [MITM] attack, presenting the fake mobile phone to the genuine base station and the fake base station to the real mobile phone at the same time. IMSI catchers can determine the IMSI numbers of nearby mobile phones, which is the trademark capability from which they get their name. They can then identify mobile traffic on the network and target it for interception and analysis using the IMSI.
Stingrays have become commonly known as IMSI catchers. Particularly among law enforcement agencies, they’ve been dubbed “cell site simulators” or “cell site emulators”, fake cell tower, rogue base station, StingRay or dirtbox. Because the 2G protocol has a lot of security flaws that make spying easier, IMSI catchers will frequently try to force communication over 2G. For one thing, encryption isn’t always necessary. Many of the underlying cryptographic methods (such as A5/1) can be broken in real time if this is the case.
IMSI catchers with more advanced capabilities can intercept texts and listen in on phone calls. They may also be able to intercept data transmissions, such as phone numbers dialled, web pages browsed, and other data. IMSI catchers are frequently equipped with jamming technology (to cause 3G and 4G phones to connect at 2G speeds) and other denial-of-service features. Some IMSI catchers may be able to retrieve things such as images and SMS from the target phone.
IMSI Catchers: How Do Criminals Use Them?
An IMSI catcher thus provides threat actors with a number of alternatives, based on the device’s capabilities and the cellular protocol in use.
Location Tracking: An IMSI catcher can force a targeted smartphone to respond with its specific location using GPS or the signal intensities of the phone’s adjacent cell towers, allowing trilateration based on these towers’ known locations. When a threat actor knows where a target is, he or she can learn more about them, such as their exact location within a large office complex or the sites they frequent, or just track them across the coverage area.
Data interception: Some IMSI catchers allow operators to reroute calls and texts, alter communications, and impersonate a user’s identity in calls and texts.
Spyware delivery: Some of the more expensive IMSI catchers claim to be able to transmit spyware to the target device. Without the use of an IMSI catcher, such spyware can ping the target’s position and discreetly gather images and sounds through the device’s cameras and microphones.
Data extraction: An IMSI catcher may also gather metadata such as phone numbers, caller IDs, call durations, and the content of unencrypted phone conversations and text messages, as well as some forms of data consumption (like websites visited).
Options for Detection
There is no guaranteed way for a smartphone user to know if their device is linked to an IMSI catcher, much alone prohibit connections with IMSI catchers, at this time. Slow cellular connections and a change in band in the status bar (for example, from LTE to 2G) are indicators, however slow connections happen to unaffected users as well, and certain IMSI catchers can operate in 4G.
IMSI catcher detection applications are only available for Android, and they require rooting the device – which is itself a security flaw – in order to access the cellular network communications available through the smartphone baseband’s diagnostic interface. For identifying IMSI catchers, there are more reliable hardware options available, which makes sense for protecting several smartphone users in a single location, such as a business headquarters or military post.
A typical arrangement includes a fixed, embedded system with sensor hardware and a cellular modem for continually monitoring the broadcast signals of nearby base stations, as well as a database to which data can be uploaded for analysis. When an IMSI catcher is found, alarms can be sent to all smartphone users in the organisation.
Upgrade to Efani’s Black Seal Protection
While this appears to be a catastrophic situation, there is one option that can safeguard you from all of these threats: the EFANI Black Seal Protection. EFANI uses many levels of security and privacy to encrypt your voice, SMS, and text messages, as well as a cloud-based solution to detect, protect, and warn users in real time when an intrusion attempt is made.
At the network level, Efani’s Black Seal Protection delivers a unique military-grade capability for detecting IMSI Catchers and preventing Man in the Middle Attacks. The key strength of this solution is its ease of use. It is designed for cutting-edge protection on the SIM-card level and mass-deployment in large enterprises.
Installing the EFANI encrypted SIM card into your smartphone and answering a few questions to activate is all it takes. The user experience is unchanged, but security, privacy, and peace of mind have been added.
Perhaps most crucially, simply acknowledging that your cellular connections are unreliable may cause you to reconsider the information you exchange through them. Your security posture will benefit as a result.
In a nutshell
Communication interceptions, service denial, and even location monitoring are all frequent MITM threats. Symptoms of such attacks aren’t always visible, with the exception of service denial if all communications are stopped. Otherwise, if someone wasn’t actively seeking for intercepted communications or double-checking every page they visited to make sure they weren’t being sent to an attacker-controlled domain, they might not even be aware that they were being tracked.
There’s a myth. Just because you are using Linux doesn’t mean you are not getting any viruses or malware.
In reality, all operating systems, when combined with the people who use them, present a plethora of security threats and vulnerabilities that can be exploited.
Believing in Linux magic is a hoax but yes, you can be super protective with the Linux privacy tips we are here to give you.
Enjoy the read…
Make sure you select a strong and lengthy password, even though this should be required. This should be a mandatory step during the installation process. Make sure you have rigorous password policies in place because all it takes is one susceptible machine on your network to bring the world to an end. Your Linux privacy is all in your hands.
Data Encryption and Linux Privacy
Encrypting your data is an important step when it comes to maximizing your Linux privacy. Full disc encryption is great, but if you’re working on a shared machine, you can also encrypt simply your home directory. This is normally done during the installation process, and it is tough to do later. In that case, the most straightforward remedy is to back up your data and then reinstall the OS with encryption options selected.
Remove Unnecessary Applications
A lightweight OS is all you need for speed, usage, and privacy. Only keeping the apps that are really necessary will ensure optimal efficiency. It also lowers the chances of a poorly developed application acting as a portal to vulnerabilities.
After you have identified such apps, you can use BleachBit to do deep cleaning. It can quickly delete cookies, free your cache, and obliterate temporary files.
[Please note that this is just for educational purposes, we do not endorse any third-party applications/solutions, therefore, we are not liable].
Disable Unnecessary Daemons
You might have selected a few services at the time of installation that you won’t use. External ports may be used by these daemons. You can easily switch off these services if you don’t need them. This will preserve your privacy while also potentially optimizing your boot times!
Remote Connection Settings for your Linux Privacy
There are a few easy actions you may take to lessen the danger of an attack and increase your Linux privacy if you utilize SSH for remote access. The simplest solution is to use a port other than the default 22. (and below 1024). PermitRootLogin no in the SSH config file can also be used to block remote root login.
Boost Linux Privacy with a VPN
Right present, there are a plethora of VPN services to choose from. Many of them come with Linux clients pre-installed. Your internet traffic will be cloaked and encrypted using a VPN. Anyone attempting to intercept your traffic will see all of your online activity as jumbled. Furthermore, certain VPNs can spoof or modify your IP address. We highly suggest building your own VPN and if needed you can let us know if you want a blog on building a VPN on Linux.
Your operating system may already have a built-in firewall, most likely iptables. Firewalls can be difficult to configure using the command line, but a GUI frontend, such as Gufw, is likely to be available for easier control.
Privacy is intimidating especially during a pandemic-led cyber crisis. There was never a stronger need for cybersecurity protocols than now. We want the best protection for you and your PII. Take care and deploy an Efani carrier to protect yourself against sim swapping (at minimum)!
The FBI’s war with scammers has focused a renewed emphasis on the need for data encryption and urgent data protection. Regardless of your feelings about the case, I shouldn’t have to tell you how important it is to protect your personal information, and it all begins with your mobile.
With the plethora of corporate sensitive data leaks, hacking, sim swapping, and ransomware on the rise, security and privacy are popular subjects these days. You should know how to set up data encryption on your Android or iOS device, regardless of whether you favor Android or iOS.
Encrypt your Android and iOS devices by following the steps below. Once completed, you will only need to input a password to decrypt your data when turning on or waking up your device.
Encrypt data on your iPhone or iPad
Data Protection is a file encryption feature found on iPhones and iPads. Here’s how to turn it on or confirm that it’s already on.
Open the Settings app on your iOS device and tap on Face ID & Passcode or Touch ID & Passcode according to your device.
Put your passcode in here.
If it is not already enabled, scroll down and select Turn Passcode On. If it wasn’t already turned on, you’ll be guided through the process of creating a passcode.
Look for Data protection that is activated towards the bottom of the screen as you scroll down. Your iPhone data is encrypted if you view it.
FYI, the passcode locks the screen and encrypts some of the data on the iPhone or iPad, but not all of it. Your personal data, texts, emails, attachments, and data from select apps that support data encryption are all encrypted using this manner.
Android Data Encryption
The lock screen and device encryption are independent but coupled on Android devices. Without the screen lock enabled, you can’t encrypt your Android device, since the encryption password is linked to the screen lock passcode.
If your device’s battery isn’t fully charged, plug it in before continuing.
If you haven’t already, create a password with at least six characters and at least one number.
Select Settings > Security > Encrypt Device from the drop-down menu. To access the encrypt option on some phones, go to Storage > Storage encryption or Storage > Lock screen and security > Other security settings.
To finish the process, follow the on-screen directions. During the encryption procedure, your device may restart many times. Before using your device, wait until the entire process is completed. Please note that many phones allow you to encrypt an SD card from the Security settings page.
BONUS – How to encrypt your MAC and Windows
This was unexpected BUT we care for your privacy and securing your sensitive data. Here’s how to encrypt your MAC:
FileVault may be found under System Preferences > Security & Privacy > FileVault.
Select “Turn On FileVault…” from the drop-down menu.
Vital: Write down the recovery key that appears and keep it separate from your Mac.
Wait for the encryption to complete before continuing to use the computer.
For Windows encryption, do the following:
Note that BitLocker might not be available in all Windows versions.
To access BitLocker Drive Encryption, go to Control Panel > (better type in) BitLocker Drive Encryption. Next to the drive you want to encrypt, click “Turn on BitLocker.”
Enter a password or passphrase that is long and diversified in alphanumeric characters.
Vital: Use one of the techniques shown to create a backup of the recovery key.
Should you encrypt your Android device, really?
There are several reasons why you should not encrypt your Android handset. Although it may appear that encrypting your phone is a no-brainer, there are a few reasons why you should wait. Each device has a somewhat different technique. For instance, Motorola allows you to use a pin and pattern once the phone has been encrypted, whereas Samsung only allows you to use a fingerprint or password.
After each reboot, Samsung also requires you to enter the password. While this reduces the chance for hackers to access your sensitive information, some people may find it too inconvenient. When you encrypt your Android device, it will suffer a minor performance hit. On modern high-end phones, it’s barely perceptible, but older models and low-end phones may be affected.
Only recent high-end gadgets, such as the Galaxy S6, LG G4, HTC One M9, and their subsequent variants, should be encrypted (Galaxy S7, LG G5 and so on) as a recommendation.
The advantage of robust encryption is the additional security it gives for your sensitive data. The disadvantage of encrypting your mobile data is that it takes longer to log in to your smartphone, at least on Android devices, because it decrypts the data each time you do so. Also, once you’ve decided to encrypt your Android smartphone, there’s no way to back out except by doing a factory reset.
For many people, keeping personal information really private and safe is worth it. Encryption isn’t an option for mobile professionals in certain industries, such as finance and health care. You must safeguard all devices that hold or access consumers’ personally identifiable information, or you will be in violation of the law.
Encryption does more than prevent unauthorised access to your mobile device’s data. Think of the lock screen as a lock on a door: Without the key, uninvited criminal can’t trespass in and steal all your belongings. Even if a hacker manages to get past the lock screen, encrypting your data renders it unreadable and useless.
Vulnerabilities in software and hardware are continually being discovered, while the majority of them are rapidly patched. Passwords for lock screens can even be hacked by determined attackers. It is always good to protect yourself against hackers and secure our device with Efani and their premium services.
FYI, before iOS 8, when an iPhone went into sleep mode, it automatically unplugged itself from the VPN. Even when the screen is turned off, iOS devices will remain connected to the VPN. You won’t need to rejoin the dedicated VPN all the time.
As told in the previous blog, the easiest and quickest method would be to use a dedicated VPN. StrongVPN is good for advanced users, whilst ExpressVPN and TunnelBear are more user-friendly. Although ExpressVPN offers relatively faster connections, TunnelBear offers a free tier for people just getting started.
Please NOTE that we do NOT endorse any third-party applications. This is for educational purposes and Efani will not be liable by any means.
Configure iOS built-in VPNs
In iOS, you can connect to IKEv2, Cisco IPSec, and L2TP/IPSec VPNs. If your preferred VPN doesn’t have an iOS app, you can use iOS’ built-in settings to set up a VPN. On your iPhone or iPad, tap the Settings app, select General, and then VPN [check image below for illustration]. To add your first VPN configuration to your phone or tablet, tap “Add VPN Configuration.” You can also add several VPNs from this screen if you need to do so.
Depending on the type of VPN you wish to connect to, choose IKEv2, IPSec, or L2TP. To connect, enter the connection details for your VPN on this screen. If your workplace provides your VPN, it should be able to give you these details.
FYI, iOS 10 has abandoned PPTP VPN support. If possible, opt for a VPN of your choice and avoid using PPTP, not only because it is old but an insecure protocol as well.
If you need to connect to the VPN using certificate files, you’ll need to import them when you’re setting up your own VPN. If the certificate files were delivered to you through email, you can open them in the dedicated email app, click on the attachments, and subsequently import them. You may also use Brave or a similar browser to find them on a website and tap them to import them.
Let’s dig further … Psst, grab a cuppa in the meantime of tea if you’re from Europe?
Certificate files in the PKCS # x (possibly in these formats .cer,.crt,.der) and PKCS#12 (.p12, .pfx formats) are supported by iPhones and iPads. If you really need these certificate files to be accessed, the company that provides you with the VPN server should provide them and include them in the VPN setup instructions. If you wish to get rid of any certificates you’ve installed, go to Settings > General and search for Profiles.
Organizations who want to control their iOS devices from a central location can use a mobile device management server to transmit certificates and VPN settings to their devices.
How to disconnect VPN?
ICYMI, in order to connect to or disengage [disconnect in the simplest terms] from a VPN, visit the Settings window and toggle the VPN slider near the top of the screen. When you’re connected to the VPN, a “VPN” icon will appear in the status bar at the top of the screen.
If you have numerous VPNs set up on your iPhone or iPad, you may choose between them by going to Settings > General > VPN — the same window where you added these VPNs in the first place.
Remember OpenVPN Connect?
Let’s test your knowledge. In our previous blog, we spoke about OpenVPN Connect. If you want to connect to an OpenVPN server, skip the entire procedure stated above. This section is dedicated to OpenVPN Network only. Keep in mind that OpenVPN servers are handled differently.
In the case of OpenVPN, you can download the official OpenVPN Network app. Install the app, launch it, and connect to an OpenVPN network. You’ll need to import a profile (.ovpn file) into the OpenVPN Connect app to configure your VPN server. Connect your iPhone or iPad to your computer, open iTunes, and choose the linked device if you wish to do it manually.
They establish a VPN connection at the system level, which means that all of your device’s apps will connect to it—just like VPNs you connect to using the built-in Settings app. You can copy the .ovpn file, as well as accompanying certificate and key files, to the OpenVPN app under the Apps area. You can then use the app to connect to the VPN. The OpenVPN Connect app, like others, isn’t just another app you use.
That’s all there is to it for the average home user. Large enterprises that manage iPhone or iPad deployments centrally will want to avoid per-device settings and instead use configuration profiles or a mobile device management server to specify a VPN server.
You’ll need a VPN if you want to download an app that isn’t available in your country, connect to a company network on the go, or simply keep safe on public Wi-Fi. Here’s how to use your Android phone [built-in option] to connect to a VPN.
As we all know, we have one of the easiest methods to connect to a standalone VPN application, but we have learned why we shouldn’t trust this option. Contrary to this, there is an option to install a third-party app – OpenVPN Networks.
Android doesn’t have built-in support for OpenVPN servers. You’ll need to install a third-party app if you’re using an OpenVPN network. The official OpenVPN app is compatible with Android 4.0 and higher and does not require rooting. You’ll need to root your device to connect to an OpenVPN network if you’re using an older version of Android. Figure 1 shows a typical interface of this application.
Disclaimer – please NOTE that we do NOT endorse any third-party applications. This is for educational purposes and Efani will not be liable by any means.
The built-in VPN on Android
PPTP and L2TP VPNs are supported natively in Android. You can use these VPNs without installing any third-party software, but neither option is ideal. PPTP is often viewed as obsolete and insecure, while L2TP has its own set of security vulnerabilities (notably its use of pre-shared keys, which many VPN providers publish publicly). Instead, it would be optional to utilize OpenVPN or a separate/standalone application if you have the better option (at your discretion). Here’s how to utilize PPTP and P2TP if you have to.
Step 1: Go to settings and click on “more connections”. This option may vary from android to android.
Step 2: Click on the VPN option.
Step 3: Tap the Add [+] button and enter the VPN’s information. Select the sort of VPN server you’re connecting to, and enter the VPN server’s address into the Name area to assist you to remember which VPN is which (either an address like vpn.xyz.com or a numerical IP address).
Step 4: Once you’ve set up the VPN, tap it to connect. Multiple VPN servers can be established, and you can move between them from the VPN page. When you connect, you’ll need the username and password that your VPN demands. You can, however, save these account details for future use.
FYI, a constant “VPN enabled” message will appear in your notifications drawer while connected to a VPN. Tap the notification and then Disconnect to disconnect.
Bonus – Always-on VPN
Google introduced the ability to enable always-on VPN mode in Android 4.2. When you enable this option, Android will only allow data to be transferred through the VPN. If you’re utilizing public Wi-Fi and want to make sure your VPN is constantly on, this is a good option.
Toggle the “Always-on VPN” slider after tapping the cog symbol next to the VPN name to enable it.
VPNs aren’t necessary for all; in fact, the majority of users will be dandy However, if the need for one comes, it’s useful to know how to use one and which ones can be trusted. As always, value your privacy.
The internet is a challenging place for those who value their privacy. People are (legitimately) concerned about their privacy after the senate voted to allow internet service providers (ISPs) to sell your personal information to advertisers. While protecting your privacy is crucial, this does not need signing up for a VPN service and tunnelling all of your internet activity via VPN servers.
Enough jibber-jabber from me; let’s get on with the guide.
 Theoretical understanding
Section (a) – What is a virtual private network (VPN)?
The term VPN refers to a virtual private network that uses the Internet as its transport mechanism while keeping the data on the VPN “secure”.
Section (b) – But what exactly IS a virtual private network (VPN)?
This question can be answered in a variety of ways. It all relies on how your network is set up. The most frequent design is to have a single primary internal network with remote nodes accessing the central network through VPN. Remote workplaces or employees working from home are prominent examples of remote nodes. You can also join two small (or large) networks together to create a single larger network.
Section (c) – So, how does a virtual private network (VPN) work?
Simply put, a VPN is created by creating a secure tunnel between two networks and routing IP via it. Here are some diagrams to help visualize this notion (using IP masquerading):
The Client Router is a Linux system that serves as the remote network’s firewall or gateway. The local IP address 192.168.12.0 is used by the remote network. Local routing information on the routers was excluded for the sake of a simplified diagram (Figure 1). The main concept is to use the tunnel to transport traffic for all private networks (10.0.0, 172.16.0.0, and 192.168.0.0).
This is one way of doing things. To put it another way, while the distant network can see the private network, the private network cannot always see the remote network. You must declare that the routes are bidirectional in order for this to happen.
Section (a) – Keeping uninvited folks out
A VPN’s security is extremely crucial. Isn’t that why you’re making one in the first place? When setting up your server, there are a few things to keep in mind.
Disallow passwords – You don’t use passwords, you disable them totally. SSH’s public key authentication system should be used for all authentication on this workstation. Only those with keys will be able to enter because remembering a binary key that is 530 characters long is very hard.
So, how do you go about doing that? It necessitates the modification of the /etc/passwd file. The second field contains either the hash of the password or an ‘x’ indicating that the authentication system should look in the /etc/shadow file. Rather than “*,” you modify that field to “*.” This informs the authentication system that no password exists and that no password should be used.
 Myths vs Reality
Section (a) – A virtual private network (VPN) does not make you “private”
You probably already know what a VPN is, but just in case you don’t, here’s a situation (or a refresher!). You’re engrossed in a film. In a sports automobile on the highway, a criminal tries to flee a crime scene. From the above, a helicopter is chasing the automobile. The helicopter loses track of the automobile as it reaches a tunnel with many exits.
A VPN works in the same way as the tunnel in this movie scene does: it joins multiple routes and merges them into one, and a helicopter can’t see what’s going on inside. I’m sure a VPN service has been recommended to you by a number of people. They usually tell you that a VPN is fantastic because it allows you to access geo-restricted content, bypass China’s Great Firewall, and browse the internet safely.
Governments can spy on you, internet companies can sell your surfing history, and tech giants can amass massive quantities of data to track you throughout the web. Many people believe that VPNs, or virtual private networks, can shield them from snoopers and spies. However, if VPNs attempt to fix a problem, they can expose you to far bigger privacy threats.
VPNs do not protect your privacy or provide anonymity by default. VPNs simply redirect all of your internet traffic away from your internet provider’s servers and toward the VPN provider’s servers.
That raises the question of why you should trust a VPN that claims to secure your privacy better than your ISP. You can’t, and you shouldn’t, rather set up your own VPN.
Section (b) – Should I use a VPN to keep myself safe online?
You have an immediate answer NO. Here is the rationale behind it – many cafes and motels do not devote a significant amount of time to safeguarding their Wi-Fi infrastructure. It implies that a user may see another computer’s user on the local network, much like at home. Furthermore, if a hacker is present in your favorite coffee shop, they may be able to snoop on your internet traffic in order to gather information about you.
Yes, you. You are popular but in a dangerous way! Assume that all of the free VPN apps in the App Store and Google Play are there for a reason. Free VPNs are by far among the worst offenders. If it’s free, you’re the product, as the saying goes. That is to say, they profit from you – specifically, your sensitive data. VPNs, like any free service, are frequently sponsored by advertisements. This entails selling your internet traffic to the highest bidder in order to give you tailored adverts when connected to the VPN. They’ll track your online behaviour, sell it to marketers, place their own adverts on non-secure pages, or steal your identity. Free VPNs should be avoided at all costs. Other free VPN services have been accused of introducing advertisements into the websites you browse.
Some VPN services claim to preserve your privacy by not storing records or tracking which websites you visit or when you visit them. While this may be true in some circumstances, there’s no way of knowing for certain.
In reality, several VPN companies have stated that they don’t keep any logs, but this has been proven to be incorrect.
 Cut to the chase!
When using public Wi-Fi, a home VPN creates an encrypted tunnel for you to utilise, and it can even allow you to access country-specific services from outside the country—all from your Android, iOS, or Chromebook. The VPN would give you secure remote access to your home network. You could even grant other individuals access, making it simple to offer them access to servers you host on your home network.
You might also set up a VPN server on one of your personal computers. However, you’ll want to utilize a computer or device that is always on—not a desktop PC that you would probably turn off when you leave the house. Windows has a built-in means to host VPNs, while Apple’s Server program also has a VPN server option.
Windows has a built-in means to host VPNs, while Apple’s Server programme also has a VPN server option. However, these aren’t the most powerful (or secure) solutions available, and they can be difficult to set up and get running properly.Windows has a built-in means to host VPNs, while Apple’s Server programme also has a VPN server option. However, these aren’t the most powerful (or secure) solutions available, and they can be difficult to set up and get running properly.
Installing a third-party VPN server, such as OpenVPN, is also an option. VPN servers are accessible for almost any operating system, including Windows, Mac OS X, and Linux. All you have to do now is forward the required ports from your router to the PC that will execute the server software.
Section (a) – Windows built-in VPN
Although this option is relatively buried, Windows has the ability to function as a VPN server utilising the point-to-point tunnelling protocol (PPTP). Here’s where to look for it and how to set up your VPN server.
NOTE – Some users who have installed the Windows 10 Creators Update may experience difficulties setting up a VPN server because the Routing and Remote Access Service does not start. This is a known problem that has yet to be resolved through software updates.
Step 1 – To set up a VPN server on Windows, go to Start > Settings > Network Connections.
Step 2 – Go to Network & Internet.
Step 3 – Go to VPN and click on “add a VPN connection”.
Step 5 – Once you click on “add a VPN connection” you will see a pop up window like this:
You have to click on the VPN provider where you will see Figure (b) and add fields like in Figure (c)
NOTE – wait unless you’re connected or if you run into problems then you may have some problems with your network drivers.
Creating a VPN Server (continued)
Step 1 – To set up a VPN server on Windows, go to Start > Control Panel > Network Connections. To do so quickly, go to Start, type “ncpa.cpl,” and then click the result (or simply press Enter).
Step 2 – To open the full options in the “Network Connections” box, use the Alt key, open the “File” menu, and then select the “New Incoming Connection” option, subsequently.
Figure (a) – before ALT key
Figure (b) – after ALT key
Figure (c) – New Incoming Connection
Step 3 – Select the user accounts that will be able to connect remotely next. Instead of allowing VPN logins from your primary user account, you may wish to create a new, limited user account to boost security. By clicking the “Add someone” button, you can do so. Whatever user account you choose, make sure it has an extremely strong password, as a weak password can be cracked with a dictionary attack.
Click the “Next” button once you’ve chosen your user.
Step 4 – To allow VPN connections over the Internet, select the “Through the Internet” option on the next screen. You’ll probably just see that choice here, but if you have the dial-up hardware, you could also enable incoming connections using a dial-up modem.
Step 5 – The networking protocols that should be enabled for incoming connections can then be selected. You can uncheck the “File and Printer Sharing for Microsoft Networks” option, for example, if you don’t want anyone connected to the VPN to have access to shared files and printers on your local network.
When everything is in place, click the “Allow Access” button.
Step 6 – After that, Windows configures access for the user accounts you choose, which can take a few moments.
Your VPN server should now be up and running, ready to accept inbound connection requests. Return to the “Network Connections” window and eliminate the “Incoming Connections” item if you wish to disable the VPN server in the future.
If you’re using the Internet to connect to your new VPN server, you’ll need to configure port forwarding so that your router knows to transmit traffic of that sort to the correct computer. Forward port 1723 to the IP address of the machine where you set up the VPN server on your router’s settings page. Check out our tutorial on how to forward ports on your router for additional information.
Create a port forwarding rule that passes a random “external port”—such as 23243—to “internal port” 1723 on your machine for optimal protection. This allows you to connect to the VPN server using port 23243 and protects you against harmful programmes that scan for and attempt to connect to VPN servers using the default port.
You might also use a router or firewall to enable only particular IP addresses to connect to your network.
Connecting to Your VPN Server
You’ll need your computer’s public IP address (your network’s Internet IP address) or, if you’ve set up a dynamic DNS service, its dynamic DNS address to connect to the VPN server. Follow method 1 Figure A to C for this.
Section (b) – macOS Server for $19.99
If you know your way around a network, it shouldn’t take you more than a half hour to set up. And if you don’t, this is an excellent opportunity to learn.
MacOS Server, Apple’s server software, has an easy-to-configure VPN service that gives you encrypted internet access from anywhere while also allowing you to view your files remotely. All you’ll need is:
A Mac desktop that is always ethernet connected to your network. On Craigslist, you may locate an inexpensive Mac Mini, or you could use an existing iMac if you already have one.
macOS Server costs $19.99 and can be downloaded from the Mac App Store.
A router with port forwarding and dynamic DNS that you can set up.
Because of their integration, Apple’s AirPort routers make things incredibly simple, but other routers should function properly.
Step 1 – macOS Server Installation
If you haven’t already, get macOS Server ($19.99) from the Mac App Store and install it on the computer you’ll be using as your VPN. If you have an iMac, you could utilise it as a server, or you could use a Mac Mini purchased particularly for that purpose.
Please feel free to run the software when it has been installed; it will set up a few variables and then be ready for your use. Also, before we can utilise the VPN, we’ll need to set up a few things on your network.
Step 2 – Configure Port Forwarding
Port forwarding, which must be configured at the router level, is required to connect to your VPN. If you have an Apple AirPort router, you’re in luck: macOS Server will take care of this for you when you set up your VPN. You may skip this section and instead follow the directions when they appear later. To begin, type your router’s IP address into a web browser to gain access to its admin panel.
Then, select the port forwarding settings and forward the following ports to the IP address of your macOS Server:
UDP 500 – ISAKMP/IKE;
UDP 1701 – L2TP; and
UDP 4500 – IPsec NAT Traversal.
Step 3 – Configure Dynamic DNS
Instead, you’ll need to configure dynamic DNS on your router, which will provide you with a web address that you may use to connect to your home network from away.
Step 4 – Turn on the VPN service.
Return to your macOS Server and open the macOS Server application. Go to the VPN area of the website.
Step 5 – Turn on the VPN service.
Return to your macOS Server and open the macOS Server application. Go to the VPN area of the website. Type the Dynamic DNS address you set up above (or your ISP’s static IP, if you have one) in the “VPN Host Name” field. In that box, create a unique “shared secret”: the longer and more random it is, the more secure your connection will be. For usage on other devices, copy this secret.
Everything else on this page is purely optional and geared toward more advanced users. You can assign a block of local IP addresses for connected devices using Client Addresses. DNS settings allow you to specify which DNS servers linked devices utilise. Routes, on the other hand, allow you to specify the connection path followed by connected devices.
When you’ve finished configuring everything, click the huge On/Off switch in the top-right corner. Your VPN will be activated.
Eventually, there’s a button labelled “Configuration Profile.” This will create a file that you can send to iOS and macOS devices to rapidly configure a VPN connection, sparing you and any other users the time and effort of typing out the Shared Secret and setting things.
Time to ACT!!
How to Set Up a Virtual Private Network (VPN)
It’s time to connect to your VPN from a different device now that it’s been set up. It’s worth noting that you can’t connect locally; it’ll only work if you’re not connected to your home network. To test things, I used my neighbor’s Wi-Fi, but you could also disable Wi-Fi on your phone and connect using your data connection instead.
On a Mac, the simplest method is to establish a Configuration Profile on the server that hosts your VPN connection, then open that Profile. This will set up your Mac to connect to your VPN with only a username and password required.
If that isn’t an option, you can always do it manually. To create a new network, go to System Preferences > Network and click the “+” button in the bottom-left corner. Select “VPN.” Choose “L2TP over IPSec” as your VPN type, and then call it whatever you want. Select “Create”.
Use your static IP or dynamic DNS address as the server address, and the primary account on your macOS Server as the account name. After that, go to “Authentication Settings.”
Enter your Shared Secret and, if you want to avoid having to type it in every time, your user password.
You should be able to connect to your VPN at this point! If your device supports L2TP, you can connect from iOS, Windows, Linux, and Android. All you’ll need is:
Your IP address or dynamic DNS address
The VPN protocol used is L2TP with IPSec.
Your Confidential Information
A username and password are required.
If you submit sensitive information to an unencrypted website or download malware by accident, a VPN will not protect you. In other words, a VPN protects you while you’re in transit from one site to the next, but it won’t protect you from acts you take after you are at your destination.
P.S We hear you, you want a VPN set up for your Android and iPhone or iPad? Keep an eye out for part (2) of this guide.
These days, cybersecurity apps are a must-have. Cybersecurity apps protect you against security threats that might be quite costly. Vulnerabilities might arise as a result of a lack of awareness or laziness.
When slackers are linked to the internet, they are never safe. Nowadays, security is a top priority, and many third-party apps have worked to improve it.
Antivirus and malware protection with multi-vector protection against Trojans, keyloggers, phishing, spyware, backdoors, rootkits, zero-day threats, and advanced persistent threats. When utilizing the Internet, the built-in Identity & Privacy Shield prevents data from being stolen or taken, and the outbound firewall prevents viruses from stealing data.
It is among those cybersecurity apps for your android that you really need to look into. Cloud-based security eliminates the need to worry about or perform updates, ensuring that endpoints are always up to current.
2. Google Cloud Platform
The Cloud Platform is a collection of cloud-based services that can be used to build anything from simple websites to sophisticated applications.
3. Avast Mobile Security
Avast is an excellent software for protecting your Android phone from viruses and other threats. Avast is a trusted free antivirus for Android that warns you when spyware and adware are installed and intrudes on your privacy. The current Android malware has a detection rate of roughly 99.9%, with nearly 100% of malware discovered in the recent four weeks. This is one of the best cybersecurity apps for you if malware and safe browsing are your main concerns.
Web security solutions to protect your organization and resources from data theft, phishing, botnets, and other malware.
Malwarebytes sophisticated security will safeguard your Android devices against ransomware, malware, and other threats.
It can effectively detect and remove hazardous threats before they compromise your device. While using the Chrome browser, Malwarebytes provides real-time protections and scans for even the most complex phishing URLs. It will also notify you if it detects anything unusual.
6. Secure Call
It protects your calls by ensuring that no one can hear them. Secure Call encrypts all of your private calls from beginning to end, preventing strangers from listening in.
Use Secure Call if you’re seeking for cybersecurity apps that provide end-to-end encryption for phone calls.
With people having several accounts online and each account having a different password, remembering passwords is becoming increasingly difficult.
LastPass is one of the best password managers on the market, allowing you to save passwords for many accounts with additional protection layers.
Please note that we do NOT endorse any cybersecurity related app aforementioned. It is advised to design security measures as per your risk appetite and research/explore the subject matter thoroughly. If you find any ambiguities, please feel free to contact us!
I hope the cybersecurity apps listed above will assist you in keeping your Android mobile/devices safe and secure. On top of these security features, our readers would like to take a step further on securing their cell phone numbers. Efani would love to facilitate this new journey of securing our users against probable sim swapping vectors with our guaranteed protection and $5 million insurance.
Location services on Android can be turned on and off without you knowing properly.
There’s a reason why apps ask for permission to use your location so regularly, even if they work fine without it. Many organizations, such as Google, rely on your location data to give accurate weather forecasts or the most up-to-date traffic events.
In some circumstances, apps may just require your location data for market research purposes. If you’re not sure what information you’re transmitting or just want to remain anonymous, here’s how to turn off location services on Android phone.
Note: While it’s simple to turn off location services entirely on your iOS or Android smartphone, you can also turn them off for certain apps. Because some apps rely on location services to work, you may want to make some exceptions.
To disable location services on Android, follow these steps:
Step 1: Open “Settings” from the app drawer or simply go to them via the top right corner of your notifications panel.
Step 2: Tap on the “Location”.
Step 3: Toggle it “Off”.
Disable Location Services on Android for Specific Apps
Specific apps run on android’s location services. If you frequently use Google Maps, or apps that may use location, you may not want to disable the location services on Android. If you don’t, then you can disable the location services for the specific app instead of the whole.
Follow these steps to do so:
Step 1: In the “Location” settings, go to “App permissions”.
Step 2: Select the app you want to disable the location services for.
Step 3: Make sure you toggle “Deny”.
Disable Google Location Services
No matter what Android you are using, Google will have its location-specific apps running and turned on in the background.
If you are a privacy paranoid, follow along these steps to disable these Google Location Services:
Step 1: Go to the “Location” in the settings.
Step 2: Here you will find Emergency Location Service, Google Location Accuracy, Google Location History, Google Location Sharing, and Location in Search.
Step 3: If you find it “On”, you can disable it by tapping and toggling them Off.
You can allow apps to ask for one-time access to location services on android to complete certain tasks. When the notification appears, select “Only this time” to allow the app to access your location for a single time before disabling it (iOS has a similar feature). This is a great way to get specific information without having to give an app broad access.
The Bottom Line
The privacy implications of location tracking data, which is at the center of our modern life, are rarely discussed. The information about a person’s whereabouts is extremely sensitive. It’s not so much about personal privacy as it is about a web of interconnections. If you’re a victim of a data breach, you’re not the only one who suffers; anyone with whom you have a relationship also suffers.
What is the answer? Keep a close eye on the apps you download and the rights you provide them. Be aware of the implications of allowing location services. Examine your social media privacy settings to improve your privacy.
If you are running an Android device with “stock” interface, 8.1 Oreo or newer, these steps to reset network settings will be helpful.
But don’t worry, next section is for other models taking Samsung as an example.
Let’s start then…
Step 1: Go to “Settings” to reset network settings. You can either go by tapping the app from drawer or through your notification panel (top right corner).
Step 2: Tap “System” here.
Step 3: Now, tap “Reset options” to view reset options of your device. Else, you might need to tap Advanced> Reset Options, depending on your device.
Step 4: Here you may find various reset options. Tap “Reset Wi-Fi, mobile & Bluetooth” or “Reset Network Settings”, depending on your device.
Step 5: Confirm and tap “Reset Settings”.
Step 6: Input your screen lock, PIN password, biometric or your active form of authentication and tap “Reset Settings” again to confirm.
Once this is done, your Android device’s network settings will be returned to factory defaults, and you’ll need to restart it to apply the changes. You’ll need to reconnect to your Wi-Fi or mobile network, as well as restore any previous Bluetooth connections.