Account and Mobile Security
- A compromised mobile phone could turn on the microphone and eavesdrop without any compromise indicator noticeable by the user. The audio leakage from keyboard typing can be used to infer the words up to a certain degree of accuracy. This might reveal passwords. See Microphone.
- Similar for camera.
SIM Swap Scam
Due to SIM Swap Scam and Malicious SMS Re-Routing, consider setting a registration lock. This prevents someone who has gotten access to your mobile number from re-registration without knowing the pin code for re-registration.
- Signal messenger: three dots → settings → privacy → scroll down → Registration Lock PIN
- Telegram: settings → privacy and security → two factor authentication
- WhatsApp: settings → account → Two-step verification
Malicious SMS Re-Routing
Two-factor Authentication (2FA)
Even users who are knowledgeable about bulk phishing or spear phishing can benefit from 2FA. See Two-factor Authentication (2FA).
Phone Number Security Compartmentalization
Consider using at least two different mobile phone numbers. One that you give to friends, colleges, etc. To real people. The other phone number you give only to banks and perhaps other money sensitive services that require SMS as a second factor or as a means to contact you.
The rationale behind this is that people you know might give your mobile number to others. Or their mobile phone may be hacked or stolen. Thereby or through other means your mobile number might end up being published on the internet. This might make you a target for SIM swap scam. However, if you used different phone numbers in different places, a SIM swap scam would cause less damage.
A phone which is being carried outside and daily is more likely to get stolen or robbed than a phone which most of the time is being kept in a safe(er) location. Thereby using your everyday phone, the thief at least does not get a chance to fraudulently access any bank accounts.
Due to possible SIM swap scam:
- Avoid using a phone number (SMS) for Two-factor authentication (2FA) whenever possible and use better options such as "google authenticator". It doesn't or shouldn't have to be literally be "google authenticator" but any alternative 2FA application. See 2FA for more information.
- Inform all contacts of a possible SIM swap scam. Should they receive any requests for money or other strange requests, encourage them to call you instead to confirm.
- Prefer messengers or other chat applications that support a Registration Lock PIN over SMS.
- Do not Use (Mobile) Phone Verification
- Phone Number Validation vs User Privacy
- Two-factor Authentication (2FA)
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.