Tag Archive for GOOG

| September 24, 2016
Comments Off on FIDO

FIDO

FIDOSince 2013 there have been nearly 5 billion data records lost or stolen according to the Breach Level Index. The UN says there are 6.8 billion mobile phone accounts which mean globally 96% of humans have a cell phone. It would seem that these factoids could interact to cut the pace of lost or stolen data records. An effort is underway to use mobile devices to better secure data called FIDO.

https://fidoalliance.org/FIDO (Fast ID Online) is an open standard for a secure and easy-to-use universal authentication interface. FIDO plans to address the lack of interoperability among strong authentication devices. TargetTech says FIDO is developed by the FIDO Alliance, a non-profit organization formed in 2012. FIDO members include AgnitioAlibaba, ARM (ARMH), Blackberry (BBRY), Google (GOOG), Infineon Technologies, Lenovo (LNVGY), Master Card, Microsoft (MSFT), Netflix, Nok Nok Labs, PayPal, RSA, Samsung, Synaptics, Validity Sensors and Visa.

The FIDO specifications define a common interface for user authentication on the client. The article explains the goal of FIDO authentication is to promote data privacy and stronger authentication for online services without hard-to-adopt measures. FIDO’s standard supports multifactor authentication and strong features like biometrics. It stores supporting data in a smartphone to eliminate the need for multiple passwords.

encrypted virtual containerThe author writes that FIDO is much like an encrypted virtual container of strong authentication elements. The elements include: biometrics, USB security tokens, Near Field Communication (NFC), Trusted Platform Modules (TPM), embedded secure elements, smart cards, and Bluetooth. Data from authentication sources are used for the local key, while the requesting service gets a separate login to keep user data private.

FIDO is based on public-key cryptography that works through two different protocols for two different user experiences. According to TargetTech the Universal Authentication Framework (UAF) protocol allows the user to register an enabled device with a FIDO-ready server or website. Users authenticate on their devices with fingerprints or PINs, for example, and log in to the server using a secure public key.

authenticate users with a strong second factorThe Universal Second Factor (U2F), originally developed by Google, is an effort to get the Web ecosystem (browsers, online service providers, operating systems) to authenticate users with a strong second factor, such as a USB touchscreen key or NFC on a mobile device.

FIDO’s local storage of biometrics and other personal identification is intended to ease user concerns about personal data stored on an external server or in the cloud. By abstracting the protocol implementation, FIDO also reduces the work required for developers to create secure logins.

Samsung and PayPal have announced a FIDO authentication partnership. Beginning with the Samsung Galaxy S5 users can authorize transactions to their PayPal accounts using their fingerprints, which authenticates users by sending unique encrypted keys to their online PayPal wallets without storing biometric information on the company’s servers.

Samsung and PayPal FIDO authentication partnershipFIDO promises to clean up the strong authentication marketplace, making it easier for one-fob-fits-all products. The open standards shift some of the burdens for protecting personally identifiable information to software on devices or biometric features, and away from stored credentials and passwords. ComputerWeekly described FIDO’s potential this way:

The FIDO method is more secure than current methods because no password of identifying information is sent out; instead, it is processed by software on the end user’s device that calculates cryptographic strings to be sent to a login server.

In the past, multiple-factor authentication methods were based on either a hardware fob or a tokenless product. These products use custom software, proprietary programming interfaces, and much work to integrate the method into your existing on-premises and Web-based applications.

same authentication device can be used in multiple ways for signing into a variety of providersComputerWeekly says FIDO will divorce second-factor methods from the actual applications that will depend on them. That means the same authentication device can be used in multiple ways for signing into a variety of providers, without one being aware of the others or the need for extensive programming for stronger authentication.

Integrating FIDO-compliant built-in technology with digital wallets and e-commerce can not only help protect consumers but reduce the risk, liability, and fraud for financial institutions and digital marketplaces.

The big leap that FIDO is taking is to use biometric data – voiceprint, fingerprint, facial recognition, etc. and digitize and protect that information with solid cryptographic techniques. But unlike the traditional second-factor authentication key fobs or even the tokenless phone call-back scenarios, this information remains on your smartphone or laptop and isn’t shared with any application provider. FIDO can even use a simple four-digit PIN code, and everything will stay on the originating device. With this approach, ComputerWeekly says FIDO avoids the potential for a Target-like point-of-sale exploit that could release millions of logins to the world, a big selling point for many IT shops and providers.

Target-like point-of-sale exploitIt can eliminate having to carry a separate dongle as just about everyone has a mobile phone these days this is a mobile world we live in, and we need mobile-compatible solutions; otherwise, you’re behind the curve right out of the gate.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| September 7, 2016
Comments Off on Stop using SMS for Two-Factor Authentication

Stop using SMS for Two-Factor Authentication

Stop using SMS for Two-Factor AuthenticationFollowers of the Bach Seat know that passwords suck and no longer provide reliable security. Because automated mass cybercrime attacks are hammering businesses daily, the National Institute of Standards and Technology (NIST) is disrupting the online security status–quo. According to InfoWorld, the US government’s standards body has decided that passwords are not good enough anymore. NIST now wants government agencies to use two-factor authentication (2FA) to secure applications, networks, and systems.

NIST logoTwo-factor authentication is a security process where the user provides two means of identification from separate categories of credentials. The first is typically something you have, a physical token, such as a card. The second is usually something you know like a PIN number.

The proposed standard discourages organizations from sending special codes via SMS messages. Many services offer two-factor authentication. They ask users to enter a one-time passcode sent via SMS into the app or site to verify the transaction. The author writes that weaknesses in the SMS mechanism concern NIST.

NIST now recommends that developers use tokens and software cryptographic authenticators instead of SMS to deliver special codes. They wrote in a draft version of the DAG; “OOB [out of band] using SMS is deprecated and will no longer be allowed in future releases of this guidance.”

Short Message Service (SMS)Federal agencies must use applications that conform to NIST guidelines. This means for software to be sold to federal agencies, it must follow NIST guidelines. InfoWorld says this is especially relevant for secure electronic communications.

SMS-based Two-Factor Authentication is considered insecure by NIST for a number of reasons. First, someone other than the user may be in possession of the phone. The author says an attacker with a stolen phone would be able to trigger the login request. In some cases, the contents of the text message appear on the lock screen, which means the code is exposed to anyone who glances at the screen.

SMS based two-factor authentication (2FA)InfoWorld says that NIST isn’t deprecating SMS-based methods simply because someone may be able to intercept the codes by taking control of the handset, that risk also exists with tokens and software authenticators. The main reason NIST appears to be down on SMS is that it is insecure over VoIP.

The author says there has been a significant increase in attacks targeting SMS-based two-factor authentication recently. SMS messages can be hijacked over some VoIP services. SMS messages delivered through VoIP are only as secure as the websites and systems of the VoIP provider. If an attacker can hack the VoIP servers or network they can intercept the SMS security codes or have them rerouted to her own phone. Security researchers have used weaknesses in the SMS protocol to remotely interact with applications on the target phone and compromise users.

Signalling System 7 (SS7) Sophos’ Naked Security Blog further explains some of the risks. There is malware that can redirect text messages. There are attacks against the Signalling System 7 (SS7) protocol. SS7 controls how the phone system works.  (rb- Some believe that TLA’s hacked SS7 to spy on citizens.) This hack allows an attacker to divert the SMS containing a one-time passcode to their own device, which lets the attacker hijack any service, including Twitter (TWTR), Facebook (FB) or Google (GOOG) Gmail, that uses SMS to send the secret code to reset the account password.

Mobile phone number portability also poses a problem for SMS security. Sophos says that phone ports, also known as SIM swaps can make SMS insecure. SIM swap attacks are where an attacker convinces your mobile provider to issue you a new SIM card to replace one that’s been lost, damaged, stolen or that is the wrong size for your new phone.

SIM swap attacksSophos also says in many places it is very easy for criminals to convince a mobile phone store to transfer someone’s phone number to a new SIM and therefore hijacking all their text messages.

ComputerWorld highlights a recent attack that used social engineering to bypass Google’s two-factor authentication. Criminals sent users text messages informing them that someone was trying to break into their Gmail accounts and that they should enter the passcode to temporarily lock the account. The passcode, which was a real code generated by Google when the attackers tried to log in, arrived in a separate text message, and users who didn’t realize the first message was not legitimate would pass the unique code on to the criminals.

NIST’s decision to deprecate SMS two-factor Passwordauthentication is a smart one,” said Keith Graham, CTO of authentication provider SecureAuth. “The days of vanilla two-factor approaches are no longer enough for security.

For now, applications and services using SMS-based authentication can continue to do so as long as it isn’t a service that virtualizes phone numbers. Developers and application owners should explore other options, including dedicated two-factor apps. One example is Google Authenticator, which uses a secret key and time to generate a unique code locally on the device for the user to enter into the application.

Hardware tokens such as RSA’s SecurID display a Hardware tokens new code every few seconds. A hardware security dongle such as YubiKey, used by many companies including Google and GitHub, supports one-time passwords, public-key encryption, and authentication. Knowing that NIST is not very happy with SMS will push the authentication industry towards more secure options.

Many popular services and applications offer only SMS-based authentication, including Twitter and online banking services from major banks. Once the NIST guidelines are final, these services will have to make some changes.

Fingerprint RecognitionMany developers are increasingly looking at fingerprint recognition. ComputerWorld says this is because the latest mobile devices have fingerprint sensors. Organizations can also use adaptive authentication techniques, such as layering device recognition, geo-location, login history, or even behavioral biometrics to continually verify the true identity of the user, SecureAuth’s Graham said.

NIST acknowledged that biometrics is becoming more widespread as a method for authentication, but refrained from issuing a full recommendation. The recommendation was withheld because biometrics aren’t considered secret and can be obtained and forged by attackers through various methods.

Biometric methods are acceptable only when used with another authentication factor, according to the draft guidelines. NIST wrote in the DAG;

[Biometrics] can be obtained online or by taking a picture of someone with a camera phone (e.g. facial images) with or without their knowledge, lifted from objects someone touches (e.g., latent fingerprints), or captured with high-resolution images (e.g., iris patterns for blue eyes)

Biometrics

At this point, it appears NIST is moving away from recommending SMS-based authentication as a secure method for out-of-band verification. They are soliciting feedback from partners and NIST stakeholders on the new standard. They told InfoWorld, “It only seemed appropriate for us to engage where so much of our community already congregates and collaborates.

You can review the draft of Special Publication 800-63-3: Digital Authentication Guidelines on Github or on NIST’s website until Sept. 17. Sophos recommends security researcher Jim Fenton’s presentation from the PasswordsCon event in Las Vegas that sums up the changes.

VentureBeat offers some suggestions to replace your SMS system:

  • Hardware tokens that generate time-based codes.
  • Apps that generate time-based codes, such as the Google Authenticator app or RSA SecurID,
  • Hardware dongles based on the U2F standard.
  • Systems that use push notifications to your phone.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| August 22, 2016
Comments Off on Chatbot Risks

Chatbot Risks

Chatbot RisksChatbots are the latest rage on social media. As Time explained, they have been around since the 1960s. That’s when MIT professor Joseph Weizenbaum created a chatbot called ELIZA. Chatbots found a home on desktop messaging clients like AOL Instant Messenger. Chatbots went dormant as messaging transitioned away from desktops and onto mobile devices.

Sophiscated botBut they’re poised for a resurgence in 2016. There are two reasons for this. First, artificial intelligence and cloud computing has gotten better thanks to improvements in machine learning. Second, bots could be big money.

Tech titans have chatbots on social media

All the tech titans have released social bots on the web; Apple’s (AAPL) Siri, Facebook’s (FB) “bots on Messenger“, Google’s (GOOG) Allo, and Microsoft’s (MSFT) ill-fated Tay. They believe there’s a buck to be made here, and they’re scrambling to make sure they don’t get left out.

Social botThe July issue of the Communications of the ACM included an article, “The Rise of Social Bots,” which lays out social bots’ impact on online communities and society at large. The authors define a social bot as a computer algorithm that automatically produces content and interacts with humans on social media, trying to emulate and possibly alter their behavior.

The Business Insider published this infographic about the social bot ecosystem.

Business Insider infographic

Chatbots can be deceptive

The ACM article argues that social bots populate techno-social systems; they are often benign, or even useful, but some are created to harm by tampering with, manipulating, and deceiving social media users. The article offers several examples of how social bots can be a hindrance. The first example involves the Twitter (TWTR) posts around the Boston Marathon bombing. The researcher’s analysis found that social bots were automatically retweeting false accusations and rumors. The researchers argue that forwarding false claims without verifying the false tweets granted the false information more influence.

bots can artificially inflate political candidatesThe ACM article also discusses how social bots can artificially inflate political candidates. During the 2010 mid-term elections some politicians used social bots to inject thousands of false tweets to smear their opponents. This type of activity puts the integrity of the democratic process at risk. These types of attackers are also called astroturfing, or twitter-bombs.

Anti-vaxxer chatbots

The article offers another example of the use of social bots to influence an election in California. During the recent debate in California about a law on vaccination requirements there appears to be widespread use of social bots by opponents to vaccinations. This social bot interference puts an unknown number of people at risk of death or disease.

bot provoked stock market crashGreed is the most likely use of social bots. One example from the article is the April 2013 hack of the Twitter account of the Associated Press. In this case, the Syrian Electronic Army used the hacked account to posted a false statement about a terror attack on the White House which injured President Obama. This false story provoked an immediate $136 Billion stock market crash as an unwarranted result of the widespread use of social bots to amplify false rumors.

Chatbots manipulate social media reality

Research has shown that human emotions are contagious on social media. This means that social bots can be used to artificially manipulate social media users’ perception of reality without being aware they are being manipulated. The article says the latest generation of Twitter social bots has many “human-like” online behaviors that make it difficult to separate bots from humans. According to the authors, social bots can:

  • Search the web to fill in their profiles,
  • Post pre-collected content at a defined time
  • Engage in conversations with people,
  • Infiltrate discussions and add topically correct information.

Some bots garner attention.Some bots work to gain greater status by searching out and following popular or influential users or taking other steps to garner attention. Other bots are identity thieves, adopting slight variants of user names to steal personal information, picture, and links.

Strategies to thwart bad chatbots

The authors review several attempts to thwart these growing sophisticated bots.

1. Innocent-by-association – This theory measured the number of legitimate links vs. the number of social bots (Sybil) links a user has. This method was proven to be flawed. Researchers found that Facebook users are pretty indiscriminate when adding users. The article says that 20% of legitimate Facebook users accept any friend request and 60% accept friend requests with only one contact in common.

2. Crowdsourcing – Another approach to stop social bots is crowdsourcing. The crowdsourcing approach would rely on users and experts reviewing an account. The reviewers would have to reach a majority decision that the account in question was a bot or legit. The authors pointed out some issues with crowdsourcing.

  • It will not scale to large existing social networks like Facebook or Twitter.
  • “Experts” need to be paid to check accounts.
  • It exposes user’s personal information related to the account to unknown users and “experts.”

3. Feature-based detection is the third method the researchers noted by the authors. Feature-based bot detection uses behavior-based analysis with machine learning to separate human-like behavior from bot-like behavior. Some of the behaviors that these types of applications include:

  • The number of retweets.
  • Age of account.
  • Username length.

4. Sybil until proven otherwise – The Chinese social network RenRen uses the fourth method noted by the author. This network uses a “Sybil until proven otherwise” approach. According to the article, this approach is better at detecting unknown attacks, like embedding text in graphics.

rb-

Use your brainWhile people’s ability to critically assimilate information, is beyond technology, the authors call for new ways to detect social bot-generated spam vs. real political discourse.

The researchers speculate there will not be a solution to the social bot problem. The more likely outcome is a bot arms race, like what we are seeing in the war on SPAM and other malware.

Related articles
  • Man vs. Machine: What do Chatbots Mean for Social Media? (blogs.adobe.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , ,
| July 9, 2016
Comments Off on Security Cam Concerns in Ann Arbor

Security Cam Concerns in Ann Arbor

Security Cam Concerns in Ann ArborNext time you are in Ann Arbor to get a bite to eat at Zingerman’s or attend a U of M football game at Michigan stadium someone may be watching you. NetworkWorld, says Ann Arbor is one of the top U.S. cities with the most unsecured security cameras. In fact, Ann Arbor ranks seventh nationally.

The report’s author, security firm Protection 1, analyzed the data from Insecam. Inseacam identifies open security cameras and Protection 1 estimates there are over 11,000 open security cameras on the Internet in the U.S. Protection 1 identified the cities with the most cameras that can be viewed by anyone online. The top 10 cities with unsecured security cameras are:

  1. open security camerasWalnut Creek, CA – 89.69 / 100,000 residents
  2. Richardson, TX – 72.74 / 100,000 residents
  3. Torrance, CA – 72.55 / 100,000 residents
  4. Newark, NJ – 38.07 / 100,000 residents
  5. Rancho Cucamonga, CA – 36.76 / 100,000 residents
  6. Corvallis, OR – 37.98 / 100,000 residents
  7. Ann Arbor, MI – 34.18 / 100,000 residents
  8. Orlando, FL – 34.05 / 100,000 residents
  9. Eau Claire, WI – 22.21 / 100,000 residents
  10. Albany, NY – 20.32 / 100,000 residents

using the manufacturer's default passwordOpen security cameras connect to the Internet via Wi-Fi or a cable. They have no password protection or are using the manufacturer’s default password. Malicious people and governments can record or broadcast our lives from unprotected open security cameras. Open cameras are also vulnerable attacks that can turn them into bots.

From a privacy perspective, the most worrisome finding is that 15% of the open cameras are in Americans’ homes. Anyone can watch these cameras if the default password is not changed to a unique password to lock down the camera.

Besides being spied on from the web, open cameras can be exploited by criminals. Cyber-criminals can force online cameras to attack other things on the Internet as part of a DDoS attack.

distributed denial-of-service (DDoS)A DDoS attack against a jewelry shop website led to the discovery of a CCTV-based botnet. A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing a denial of service for users of the targeted system. TargetTech says the flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

Help Net Security reports that Sucuri researchers discovered the jewelry site was being attacked by a CCTV botnet made up of 25,000+ cameras from around the globe. The website was first attacked by a layer 7 attack (HTTP Flood) at 35,000 HTTP requests per second and then, when those efforts were thwarted, with 50,000 HTTP requests per second.

Sucuri researchers discovered that all the attacking IP addresses had a similar default page with the ‘DVR Components’ title. After digging some more, they found that all these devices are BusyBox based. Busybox is a GNU-based software that aims to be the smallest and simplest correct implementation of the standard Linux command-line tools.

CCTV botnet made up of 25,000+ cameras from around the globeThe compromised CCTV cameras were located around the globe:

  • 24% originated from Taiwan,
  • 12% United States,
  • 9% Indonesia,
  • 8% Mexico,
  • and elsewhere.

rb-

Unless something is done, security flaws, misconfiguration, and ignorance about the dangers of connecting unsecured devices to the IoT will keep these botnets functioning well into the future.

block or absorb malicious trafficTo protect your website from botnets and DDoS, you need to be able to block or absorb malicious traffic. Firms should talk to their hosting provider about DDoS attack protection. Can they route incoming malicious traffic through distributed caching to help filter out malicious traffic — reducing the strain on existing web servers. If not find a reputable third-party service that can help filter out malicious traffic.

DDoS defense services require a paid subscription, but often cost less than scaling up your own server capacity to deal with a DDoS attack.

Arbor Networks is one firm that provides services and devices to defend against DDoS.

Google has launched Project Shield, to use Google’s infrastructure to support free expression online by helping independent sites mitigate DDoS attack traffic.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| June 11, 2016
Comments Off on What You Need To Know About Germs on Your Cell

What You Need To Know About Germs on Your Cell

What You Need To Know About Germs on Your CellOver 2.6 billion Americans now have a cell phone. And they are walking around with some nasty stuff on their phones. I’m not talking about porn or malware but real viruses. An article by Caroline Kee and Taylor Miller at Buzzfeed found that most phones are covered with some pretty scary germs.

Swab cell phones for germsThe author took swabs of people’s cell phones to prove the point. Ms. Kee shared her swabs with Dr. Susan Whittier from Columbia University. They found that all phones had germs, bacteria, protozoa, viruses, and fungi on them, some of which are good for us and some of which are bad for us. The tests revealed that most phones had five kinds of harmless germs from the skin, mouth, nose, and environment.

Staphylococcus epidermidis (not aureus): Dr. Whittier says if you were to just swab your skin, this is what you’d find. It is normal and would get on the phone from regular daily use, like touching or talking on it.

All phones had germs, bacteria, protozoa, viruses, and fungi on themMicrococcus: Dr. Whittier says this makes up the normal skin flora, especially on the face. Everyone has different skin bacteria; it depends on the person. It can get on your phone if you touch your face a lot or talk on it often.

Streptococcus viridians: This bug lives in the mouth and throat, so it can get on your phone from talking, your fingers after touching your lips, coughing, etc. It’s usually harmless, but it can also cause infections in vulnerable people.

Moraxella: This is from sinuses, and it’s often found in people with recurrent sinusitis or post-nasal drip. In high levels, it can cause inner ear and bloodstream infections. It’s still a pretty normal thing to find on a phone.

25,000 germs on a cell phoneBacillus: Bacillus is a common bacteria from the environment, so it’s basically a sign that you’ve been outdoors. A lot of Bacillus means the phone is super dirty.

The bad news is that pathogens – potentially disease-causing strains of bacteria – were found on some of the phones tested. This is alarming. Think – salmonella, Ebola, bird flu, etc.

The most dangerous bug found on a phone was MRSA. MRSA, the flesh-eating bacteria, is a Staphylococcus aureus bacteria that is resistant to many antibiotics, including methicillin. It can cause serious infections in the skin and internal organs and can be fatal in vulnerable people. MRSA can spread easily between people and surfaces—often in health care settings, but it can also live on surfaces like subway handles, doorknobs, community bathrooms, showers, and especially gyms.

MRSA, the flesh eating bacteriaColumbia’s Whittier explained, “It’s a little worrisome for a phone to test positive for MRSA because it isn’t part of our normal flora.” We also know that MRSA loves to lurk on gym equipment and locker rooms, so it’s not completely abnormal to have it on your phone. About half the population carries Staph aureus with no problems. But this also makes it easy to spread between people and causes disease. Dr. Whittier warns that if Staph aureus gets into an open wound, it can cause major skin and blood infections, which can result in boils, food poisoning, toxic shock syndrome, and even death.

Poop. You’ve heard of E. coli. E. coli outbreaks have shut down restaurants like Chipotle and have caused many supermarket foods recalls. It was found on mobile phones. It’s a fecal organism, so it’s usually found in poop, but it can also live in the gastrointestinal tract along with other gut bacteria. Buzzfeed reports there are different types of E. coli, and some strains are way more pathogenic than others.  E. coli has the potential to cause serious food poisoning and even death.

E.Coli bacteria

E. coli infections spread through the fecal-oral route. You will get sick if you touch your mouth with contaminated hands after using the bathroom or touching fecal matter. It turns out this is very common. In 2015, Verizon found that 90% of cell phone users use their mobile phones in the bathroom. A 2013 study by Michigan State University found that just 5% of people properly washed their hands after using the bathroom.

The Columbia MD warns this is why you shouldn’t bring your phone to the bathroom or use it while eating. E. coli on a phone could be from the person’s stool if they didn’t wash their hands or another person’s stool if the phone went into a public bathroom because fecal matter sprays everywhere when the toilet flushes

Dont bring your phone to the bathroomWhat to do? Even if you’re an avid hand-washer, your phone can still pick up germs all day. The Buzzfeed article makes two recommendations to keep your phone safe. Keep your mobile phone out of the bathroom (where gross stuff like Norovirus lurks). And don’t use your cell phone while you’re eating since that can transmit bacteria and viruses to your mouth and get you sick.

How can you keep those nasty bugs off your phone? The article recommends cleaning your phone once a week using this magical “phone soap.” It’s not actually soap — it’s a charger box that shoots out UV lights that “kill 99.9% of germs using UV rays” at Amazon.

rb-

Back in 2013, I wrote about dirty mobile phones spreading Ebola here.

Wash your handsThe advice from 2012 on how to disinfect your cell is still the same as in 2016. Use a soft, slightly damp, lint-free cloth. Avoid getting moisture in openings. Don’t use window cleaners, household cleaners, aerosol sprays, solvents, alcohol, ammonia, or abrasives to clean your iPhone. The front and back glass surfaces have an oleophobic coating. To remove fingerprints, wipe these surfaces with a soft, lint-free cloth. The ability of this coating to repel oil will diminish over time with normal usage, and rubbing the screen with an abrasive material will further diminish its effect and may scratch the glass.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »