Mitnick told me that "it's much easier to hack a human than a computer because computers follow instructions, they don't vary -- humans go by emotion, by what's happening in their day... so it's not hard" to socially engineer someone -- "especially if they haven't been burned before."
Mitnick says that "people are lazy," and that's a huge advantage for hackers. Even at the RSA conference, he can simply watch security experts attending the show unlock their phones and he can tell that they're using the weaker four-digit unlock code for their phone, rather than a longer password. For starters, that's one way to identify a target -- anyone wanting to break into a phone will have a big advantage with a four-digit unlock code.
The best defense against phishing isn't anti-virus or firewall software per se, but training, education and awareness.
But Mitnick told me he uses a standard iPhone. It's secure because of his choices and behaviors, he says, which seem to be more important than the equipment.
For example, he uses an alphanumeric long passcode (rather than the 4 digit password most of us use). And if thinks he might be ordered to unlock his phone (such as when he returns to the United States from traveling abroad), he reboots the phone so touch ID stops working (only the passcode can unlock a phone immediately after a reboot). He pointed out that in the United States, "a court can force you to unlock your phone with your thumb, but they can't force you to reveal your code."
Mitnick prefers the iPhone because most mobile phone hack attacks go after Android phones. But he does say the iPhone is crackable and that no device is 100% secure.
Laptops and desktops
Mitnick told me how he secured his own mother's computer by taking advantage of Apple's code signing model for security.
He said his mother used to call him every week to fix her Windows PC because the machine was constantly getting infected. His mother would "fall hook, line and sinker... for social engineering attacks" and he had to re-install Windows every week.
So he bought her an iMac, installed an anti-virus utility. And then he locked down the device.
In the "Security & Privacy" settings in OS X, there's a "General" tab. At the bottom, there's a setting labeled "Allow apps downloaded from." The default setting is: "Mac App Store and identified developers." For his mother's Mac, Mitnick changed that setting to "Mac App Store," which means she can download only apps approved by Apple.
Sign up for CIO Asia eNewsletters.