Mobile phone update support confusion

[Amateur]

I've been reading that Samsung are to extend their update support for new mobiles.
Up to 4 years.
Which means all the latest security patches will be available.
What I don't understand is if someone buys a new phone thats 12 months old Do they only get three years support, and if it's two years old only 2 years etc....?
And if it's correct how long will a phone really be safe without updates?
With all the safety built into banking app and the insistence from my bank the app and my account are completely safe, I'm not so sure.



or is it a plot to make you buy a newer phone.?

 

[Spectric]

or is it a plot to make you buy a newer phone

You got it, remember that these phones are used by a large number of addicted phone zombies who will just want the latest even if it is just a color change, whilst the Apple is just a fashion brand that people will throw money at.

 

[RichardG]

Almost certainly from the day the phone is launched. It also seems that not all phones will get the update and after 2 years it may only be twice per year.

A phone is safe until an exploit is found that is being exploited in the wild. Apple has released patches in a few weeks after major flaws have been found so having to wait 3 months for a critical patch is not much use but it’s better than nothing.

I moved to iPhones several years ago just because of the support and security patches. Apple supports a phone for 5 years from the last day it stops selling it so you can normally keep one for 6 years or more safe in the knowledge that’s it’s as secure as a new one.

Having said all this if you only use a phone to make calls then it doesn’t really matter at all.

 

[Amateur]

Thankyou
so what exactly am I in danger of being hacked by, what do they want?
and what state has your phone to be in to get hacked?
does it need to be in use at the time, can they hack your phone if it's in sleep mode, do I get hacked using apps?

I've searched but I just can't find any solid date exposing all this......but I'm flooded with, you'll get hacked if your phone doesn't get updates......

and what about all the second hand phones for sale in shops?
They obviously have a market.
Why would anyone want an old iPhone if this sort of safety is really needed?

 

[D_W]

Don't do banking on your phone or have anything on there other than general browsing (Which means don't turn on google passwords for devices as those will autocomplete all kinds of things you don't want to) and probably no problem.

That assumes also not downloading entertainment apps, etc, on the phone (which isn't a problem if you're just using the phone as a phone).

Separately, the pain of getting a new phone probably depends on what you get. My carrier requires buying the phone separately (coverage is cheap then), and has options from $149 - $1000 (Sometimes the top end is higher). The basic phone is just whatever motorola or LG offers as the bottom end. FIL always gets that phone and doesn't use it for anything other than wifi streaming audio and as a phone. I don't think he's had any issues and perhaps buys one every four years.

I went the same route a few years ago and got a second phone (but $199). It worked fine for several years until I canceled the line (work pays for the phone now) - the only thing it really suffered was less storage and the camera wasn't nearly as good as the $800 phones at the time. Other than that, I didn't notice much.

 

[Amateur]

Don't do banking on your phone or have anything on there other than general browsing (Which means don't turn on google passwords for devices as those will autocomplete all kinds of things you don't want to) and probably no problem.

That's on an older phone with no patches and updates?

 

[D_W]

I think that's pretty good policy across the board. Short useless story - my dad is 73. He trusts computers and phones for nothing and refuses to get anywhere close to even looking at his bank account online.

He's also naive.

A couple of months ago, he called me and told me that his computer had a problem and some guy wanted to charge him $299 to fix it, and a number popped up. He didn't immediately let the guy onto his PC but called the number. I mentioned to him to stay away as the next thing that guy would do is log on to his computer and start searching for anything of value that he could find, and would leave a keylogger.

At that point, my dad admitted that he'd already allowed the guy onto his computer. I told him to immediately notify the bank and anyone else he's ever accessed on the PC. He disregarded this suggestion (still thinking the guy was a "real" tech service person) and continued to complain about $299 and described berating the "customer service agent" about how terrible the price was. The computer became a paperweight, but he stayed on the phone berating the guy about the price having no clue the guy was looking for much more.

I told him to find a local computer service brick and mortar and get his computer cleaned, and reiterated that he could have issues. He had none because he doesn't use a computer to do anything other than check email and read sports scores and sports recruiting information. I wouldn't normally believe this, but I've been on his PC before and the browsing history has about 6 links in it ( and literally nothing on the desktop or anywhere else. he wouldn't know how to save a file, anyway).

What saved him? Certainly not savvy. What saved him was the fact that he still will not do any banking unless he's talking to a person or writing a paper check. A CPA does his taxes, so nothing of value done digitally.

I'd say if you want to be safe from your phone, no banking from your phone no matter what, etc, and no saved password function (doesn't matter if you don't do banking from the phone if google shares settings and autocompletes passwords). Perhaps some of this has been solved now by banks requiring two-factor authentication from a separate device. I don't know.

Many older people (and younger) store a file with sites and logins and passwords, as well as digital records on their phones and PCs. They're sitting ducks. Once a scammer gets on a device or PC of yours, they sell your name/phone/IP address, etc as an easy target.

 

[Padster]

@Amateur I think the question is how 'tech savvy' are you.

Without being disrespectful (which means I run the risk of doing exactly that) by asking the questions you are I would suggest it could be dangerous to use a mobile device, with apps without either knowing what you are doing or having a 'savvy' family member or partner/friend you absolutely would trust with your life assist/help manage the device with/for you, or educate you on the use.

Choice of mobile (and this is like talking about sharpening) is very emotive dumbing it down there are two main options:
Apple: this is viewed as more expensive but generally a 'closed shop and proprietary system' this gives some benefits and some people may argue makes Apple more secure (you can break the system by 'jailbreaking' but lets not go there!).
Android: all other phones made by brands like Samsung, Google, Sony, Nokia, LG & many more the operating system is based on an open standard this allows for more of a general market place with less standardisation and what some view as an easier to hack system

If you decide you aren't tech savvy enough or don't wish to get a 'smart' phone (one of the two options above), but want a mobile you can still get some 'dumb' phones that don't support apps and are far more affordable, and as such don't need software upgrades or as much support.

You could spend hours on this topic - but hopefully this little summary may help a little.

Regards

Padster

 

[Amateur]

think the question is how 'tech savvy' are you.

I think the question should be how tech savvy do you need to be?
Considering the number of people using these devices, when I ask, there are very few who both understand how to fully work their phones or about safety protocols. Even within the teenage groups.
Indeed it's never mentioned at point of sale.
It's a similar thing with the computerisation of cars. God knows the number of times I've had to haul out the huge owners manual to check how to reset something.
Remembering how to do things only comes when your doing it constantly and if your not one of the phone buffs mentioned above as phone zombies what chance have you got?


In my opinion the responsibility for technical safety using banking apps or any other apps should be placed firmly on the shoulders of the manufacturers.

 

[selectortone]

If you receive a text or an email or a Whatsapp message or whatever, that contains a malicious link, and you click on it and then go on to divulge things like bank account login details, then it doesn't matter how up to date your phone software is.

These phishing scams account for the vast majority of mobile phone fraud.

There are huge lists of email addresses and phone numbers in the hands of scammers with automated programs that send out millions of phishing emails and texts globally 24 hours a day. If you ever gave your email or phone number to Currys, or had a BT internet email address (just two examples of the many companies whose databases have been stolen) then you're on those lists.

Just this week I've had two texts, one purporting to be from the Post Office saying I need to pay an admin fee for a (non-existent) parcel and one from Lloyds bank saying my account has been compromised (I haven't had a Lloyds bank account for 15 years)

That counts for computers and tablets as well as phones.

 

[Bod]

On the subject of computer/phone security, a visit to Bletchley Park, to see just how the German wartime codes were broken, particularly the very early work by the Polish code breakers.
Done with pencil and paper. With modern computers, no security coding is safe. As soon as the information goes wirelessly, anyone who can read it, could decode it.
This was the German military weakness, because the phone lines were destroyed, they had to use radio communications, which spread out far enough to be picked up in England, and read, decoded, and used.

Bod

 

[Terry - Somerset]

I find myself making more use of smart phone capabilities despite having little or no interest in social media, watching films etc. Definitely not a phone junkie!

My modest data allowance which does get used for (eg) NHS test and trace, Google for checking prices, maps, occassional checks on emails, general when does it open/close/arrive, etc etc.

I have made a point of never doing online banking from my phone, and do not have Google remember the passwords. But for most other sites I use a default or suggested password.

Banking is done on laptop - should be less at risk as kept at home normally. Even then I will tend to go to the bank sites first after l switch on to reduce the risk that the current session has been corrupted by a virus.

 

[Padster]

I have worked in/with technology for over 30yrs and am by no means an expert but....

If you put some basic rules in place it will be as safe as you can get.

• Keep software up to date (although N-1 is a good option to not get bitten by bugs - but check release notes and do a google search for issues).
• Never click on a link you don't know on your phone - if you are suspicious wait until you can use a computer and check the link (hover over and check it matches where it purports to go) - be especially careful of spellings.
• Don't load any software you do not know the origins of
• Never give out your passwords
• If there is an option for TFA (Two factor authentication) enable it!

There are probably more I need to add but the very simple over riding rule if in any doubt.... do not click, accept, or follow anything you are not 100% certain about.

HTH

Padster

 

[Amateur]

The big problem I see is regardless of all the good advice here, Banks for instance who hand out these banking apps never query how old your phone is and if its secure and has safety updates or is supported.?
Like it or not banking apps will eventually be part of our lives, if they arent already. And not everyone adheres to the wise words posted here.....and who can blame them?
I sat infront of my Bank employee in charge of overseeing customer problems, help, and guidance as the apps were introduced.
When the question of safety was bought up the stock answer was," It cant be hacked, its not on your phone". Full stop. The end.