LULU GARCIA-NAVARRO, HOST:
This week, we learned that Amazon founder Jeff Bezos allegedly had his phone hacked by the crown prince of Saudi Arabia. Malicious code was supposedly hidden inside a message sent to Bezos from the prince's WhatsApp account. Now, we should say we don't yet know for sure how Bezos' phone got hacked. And Saudi Arabia denies it. But all of this got us thinking, if Jeff Bezos can't keep his phone safe, can the rest of us? We're joined now by NPR's Chris Arnold to answer that question. Hi.
CHRIS ARNOLD, BYLINE: Hey, Lulu.
GARCIA-NAVARRO: All right. You and I presumably don't have security as good as Jeff Bezos. What can we do?
ARNOLD: Right. There are good things, I'm sure, about being Jeff Bezos.
ARNOLD: A bad thing about being Jeff Bezos, though, is that people with a lot of money and resources are trying to hack his phone. But the good news is the rest of us - we probably do not have to worry about a super sophisticated, expensive, targeted hack.
GARCIA-NAVARRO: Something tells me there's some not-so-good news for us who are not Jeff Bezos world.
ARNOLD: Yeah. The hackers are using more generic, low-cost malware against us. The good thing about that, though, is that, even if some of that gets into your phone, phone security is getting better. And it's very unlikely that that's going to let the hackers, like, open up all your apps and, like - ooh. Here, I'll open the banking app and get the account number - all this stuff. And here's why. I talked to Matthew Green, a computer science professor at Johns Hopkins.
MATTHEW GREEN: Every single app you have runs in what's called a sandbox. Basically, it's isolated from all the other apps on the phone. So even if there's a bug in one app - yes, it's possible that that could lead to something bad, some malware being installed that affects that app. But generally speaking, it won't spread throughout your phone. And so that's kind of the protection that phones have added to make these hacks much more difficult.
GARCIA-NAVARRO: So that sandbox sounds good, right? But don't hackers always find some new vulnerability that they're going to exploit?
ARNOLD: Yeah. That's always possible. And here's also a big and important safety tip from Green, so you don't make that too easy for them. He says some people do what's called jailbreaking their phones. And you could do that to, like, install games that you can't get at the regular App Store. And if you jailbreak your phone, a lot of these good protections disappear. And so it's, like, you're taking off your digital armor and leaving yourself wide open to attack.
GARCIA-NAVARRO: So do not jailbreak your phone is what you're saying here.
ARNOLD: Don't do it.
GARCIA-NAVARRO: Don't do it.
ARNOLD: Don't jailbreak your phone.
GARCIA-NAVARRO: (Laughter). All right. Let's talk about this thing called SIM swapping. It sounds scary. What is that?
ARNOLD: All right. The short version of that is the bad guys trick the phone company to transfer your phone number from your phone to a phone that they have. And then once they get that, they can get your passwords reset by getting that little six-digit thing - gets zapped to their phone. And then they're like, oh, here we go. Reset the password. And pretty soon, they're in all your bank accounts and everything. They steal a lot of money. We spoke to Samy Tarazi. He's an investigator with the Santa Clara County District Attorney's Office. Here's what he said.
GREEN: So we highly recommend that people not use their cellphone number as a form of verification of identity. And then there's alternative two-factor authentication methods that are free.
ARNOLD: Or you can use the security questions. But this is interesting. He says make up fictional answers that you'll remember so that people can't research the answers to those questions. Well, the bottom line in all this is, you know, whether it's a phone hack or something else, our personal data can get stolen in all kinds of ways. We have to be vigilant. And Tarazi says, look. You put a credit freeze to block anybody from opening new credit cards, new accounts in your name. That's always a good idea.
GARCIA-NAVARRO: Indeed. All right. That's NPR's Chris Arnold breaking it down. Thank you so much.
ARNOLD: You're welcome.
(SOUNDBITE OF KELIS SONG, "TRILOGY")
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.