From email to banking, our Smartphones are the mainstay of our online lives. Not surprisingly, smartphones compete with smartphones as a common goal for internet hackers. And despite efforts by Google and Apple, mobile malware continues to infiltrate the app's official stores - and these malicious applications are becoming increasingly ridiculous. According to the McAfee 2020 Mobile Threat Report, more than half of mobile malware applications “hide” on the device, without the home screen icon, hijack the device to deliver unwanted ads, send illegal updates, or steal information that can be sold or used to save victims.
And while iPhones can be hacked, most malware identifies Android devices. In its 2020 State of Malware report, Malwarebytes reported an increase in violent adware and installed malware on Android devices designed to steal data - or simply ignore victims.
Don't Miss: How to Hack Bluetooth
Malware can also install spyware that monitors device content, programs that bind the device's internet bandwidth to be used in botnet to send spam, or screens to steal sensitive information that steals user login when installed on a legitimate, legitimate app.
It is often downloaded from illegal sources, including criminal links to steal sensitive information sent via email or message, as well as malicious websites. (While security experts recommend frequent downloads from official app stores - such as the Apple App Store or Google Play - some countries may not have access to certain apps from these sources, for example, to protect messaging apps that may allow people to communicate privately.)
Then there are commercial spy apps that require physical access to download on the phone - which is usually done by the most notorious non-hunters, such as a partner or parent - and who can monitor everything that happens on the device.
Not sure if it's possible to get into a crime? We spoke to Josh Galindo, training director at BreakiFix, about how to tell a smartphone that may have been damaged. Also, we explore twelve ways to access your phone and steps you can take to protect yourself.
6 Signs Your phone's may have been compromised / Hacked
1. Significant decrease in battery life
While phone battery life is inevitably reduced over time, a smartphone that has been disrupted by malware may start to show significantly reduced life expectancy. This is because malware - or spy - may use the phone resources to scan the device and transfer data back to the criminal server.
(That is, simple daily use can equally reduce phone time. See if this is true by using these steps to improve your Android or iPhone battery life.)
2. Lazy performance
Do you find your phone is often freezing, or are some programs disabled? This may be due to malware that overloads phone services or conflicts with other applications.
You may also experience continuous application performance despite attempts to shut it down, or even break the phone itself and / or restart repeatedly.
(Like slowing down battery life, many things can affect the slow-moving phone - in fact, its daily use, so first try to thoroughly clean your Android or iPhone.)
3. High data usage
Another sign of a phone that jeopardizes an unusual data bill at the end of the month, which may come from malware or spy apps running in the background, sending information to its server.
4. Outgoing calls or texts you didn't sent
If you see a list of calls or text numbers that you do not know, beware - these could be premium-level numbers that malware forces your phone to contact; the money earned by the land in the cyber-crime's fund. In this case, check your phone payment for any expenses you do not see.
5. Mysterious Pop-Ups
While not all criminals claim that your phone has been hacked, continuous pop-up alerts could indicate that your phone is infected with adware, a type of malware that forces devices to view certain pages that make money with a click. Even though pop-up is not the result of a compromised phone, most may be links to identity theft that try to get users to type sensitive information - or download more malware.
6. Unusual activity on any accounts connected to the device
If a criminal can access your phone, they can also have access to their accounts - from social media to email in various ways of life or productivity. This may present itself at work on your accounts, such as resetting your password, sending emails, marking unread emails that you don't remember to read, or signing up for new verification email accounts that reach your inbox.
Don't Miss: Hack any Windows with an Image
In this case, you may be at risk of identity theft, in which criminals open new accounts or credit lines on your behalf, using information taken from your compromised accounts. It is a good idea to change your passwords - without resetting them on your phone - before starting security on your own phone.
What to do if your phone is hacked
If you have encountered any of these signs of a broken smartphone, the best first step is to download the mobile security app.
For Android, we love Avast, which not only scans malware but also provides call blocker, firewall, VPN, and PIN request feature every time apps are used - to prevent malware from opening sensitive apps like your online bank.
iPhone can be greatly reduced in hacks, but they are not completely secure. Look for iOS flagship apps that are malicious, Wi-Fi networks can be dangerous, and if the iPhone is locked (which increases the risk of hacking). It's free, there is a $ 2.99 / month patent protection, including disclosure sign-in alerts.
Who can hack your phone?
At the moment, government surveys are a common way in which we may no longer be interested in the idea that the NSA is cracking down on our phones or that the FBI can hack into our computers whenever they want. However, there are other technological means - and motives - for hackers, criminals and even people we know, such as a partner or employer, to get into our phones and attack our privacy. And unless you are a highly targeted person - a journalist, a politician, a political dissident, a business manager, a criminal - that requires a special interest, there is a greater chance of being someone close to you than a government agency that spies.
12 ways to access your phone
From targeted breaches and vendetta smuggling to seizing an opportunistic world with suspicious information, here are twelve ways one can check your cell phone - and what you can do about it.
1. Spy Apps
There are plenty of phone monitoring apps designed to secretly track someone's location and affect their communication. Most are advertised by suspicious partners or unscrupulous employers, but some are marketed as a legal tool for parents involved in security to keep tabs on their children. Such applications can be used to remotely view text messages, emails, internet history and photos; log calls and GPS locations; others may even hijack a microphone to record personal conversations. Basically, almost anything a criminal would want to do with your phone, these apps will let you.
And this is not just empty talk. When we read the mobile spy apps back in 2013, we found that they could do everything they promised. What’s worse is that it was so easy for anyone to install, and the person being tested wouldn’t be wise to have everything being done to follow.
"There aren't too many clues to hidden spy software - you could see too much traffic on your bill, or your battery life might be shorter than usual because the app reports third parties," said Chester Wisniewski, a senior scientist at security company Sophos.
Opportunities
Spy apps are available on Google Play, as well as illegal app stores for iOS and Android apps, making it much easier for anyone with access to your phone (and purpose) to download it.
How to protect yourself
- Since installing spy apps requires physical access to your device, setting a pass code on your phone greatly reduces the chances of someone having access to your phone in the first place. And since spy apps are often installed by someone close to you (think your spouse or significant other), choose a code that can't be guessed by someone else.
- Navigate to your list of apps for strangers.
- Don't jailbreak your iPhone. "If the device is not broken in jail, all applications will appear," Wisniewski said. "If the jail is broken, spyware apps are able to hide deep in this device, and whether the security software can detect it depends on the specifics of the spy application [because security software scans known malware]."
- On iPhones, making sure your phone isn't broken in jail and prevents anyone from downloading the spy app on your phone, because such software - which interferes with program-level functions - does not make it accessible to the App Store.
- Download the mobile security app. For Android, we love McAfee or Bitdefender and iOS, we recommend looking at iOS.
2. Phishing scams
Whether text from a coronavirus tracer, or a friend encouraging you to check out your photo last night, SMS texts containing deceptive links aimed at tampering with sensitive information (also known as identity theft or "hitting") continue to make rounds. .
And with people frequently checking their email apps throughout the day, phishing emails are a huge advantage to attackers.
Times like the tax season often attract a lump of hate-mongering messages, contributing to public concerns about tax returns, while the coronavirus-related government payoffs this year have led to the emergence of so-called criminal emails from the IRS.
Android phones can also fall into the trap of downloading links to download malicious apps (The same scam is not common on iPhones, which is usually unrestricted and therefore cannot download apps anywhere outside the App Store.). Android will warn you, however, when you try to download an illegal app and ask your permission to install it - disregard this warning.
Such malicious applications may display the user's phone data, or contain a hack to steal sensitive information designed to steal login information from targeted applications - for example, a user's bank or email application.
Opportunities
It is very possible. While people have learned to question the emails asking them to "click to see this funny video!", Kaspersky's security lab notes that they tend to monitor their phones.
How to protect yourself
- Remember how you usually verify your identity with various accounts - for example, your bank will never ask you to enter your full password or PIN.
- Check out the IRS's sensitive identity theft section to familiarize yourself with how the tax agency communicates with people, and verify any communications you receive.
- Avoid clicking links from unknown numbers, or from unintelligible messages from friends, especially if you can't see the full URL.
- If you click on a link and try to download an illegal app, your Android phone should notify you before installing it. If you disregard the warning or the app has in some way overrun Android security, uninstall the app and / or apply a mobile security scan.
3. Unauthorized access to iCloud or Google Account
Hacked iCloud and Google accounts provide access to amazing data backed up from your smartphone - photos, phonebooks, current location, messages, call logs and in the case of iCloud Keychain, stored passwords for sending accounts emails, browsers and other applications. And there are spyware sellers out there who sell their products directly against this threat.
Cybercriminals may not be able to find a large amount of photos of ordinary people - unlike nude photos that are immediately displayed - but they know that photo owners do it, Wisniewski said, which could lead to their accounts and content being held digitally without the victims paying ransom.
Additionally, a cracked Google account means cracked Gmail, the main email for most users.
Receiving primary email can lead to domino-effect hacking in all of the email accounts you are linked to - from your Facebook account to your mobile network account, opening the way for deep identity theft that could jeopardize your credit.
Don't Miss: Hack any Android with IP Address
Likelihood
“This is very dangerous. All the attacker needs is an email address; not getting a call, or a phone number, ”said Wisniewski. If you were to use your name on your email address, your primary email address to sign up for iCloud / Google, and a weak password containing personal information, it would not be difficult for a hacker to easily pick up that information from social networks or search engines.
How to protect yourself
- Create a strong password for these important accounts (and as usual, your email).
- Enable sign-in notifications so you can sign in from new computers or locations.
- Enable two-factor authentication so that even if someone receives your password, they can still access your account without access to your phone.
- To prevent someone from resetting your password, lie when you ask password security questions. You may be surprised at how many security questions you can rely on for information that is readily available on the Internet or that is well-known to your family and friends.
4. Bluetooth hacking
Any wireless connection could be compromised by cyber-snoops - and earlier this year, security researchers found the vulnerability on Android 9 and older devices that could allow hackers to secretly connect via Bluetooth, and erase data on the device. (On Android 10 devices, the attack would have disrupted Bluetooth, making communication impossible.)
While the risk has been marked in recent security updates, attackers may hack your Bluetooth connection with another threat - or trick you into pairing your device by giving it another name (such as 'AirPods' or another universal name). And if you are connected, your personal information may be compromised.
Opportunities
Dmitry Galov, a Kaspersky security researcher, says: "It's rather low, unless it's a target attack. Even so, there are a lot of things that need to come together in order for it to happen."
How to protect yourself
- Only turn on your Bluetooth if you actually use it
- Do not pair the device publicly to avoid falling into malicious pairing requests.
- Always download security updates to catch risks as soon as they become available
5. SIM Swapping
Another reason to be firm in what you post online: cyber criminals can call mobile carriers to pretend to be legitimate locked customers in their accounts. By providing stolen personal information, they are able to retrieve phone numbers that are stored on their device and use them to ultimately manage online personal accounts. In the Instagram space, you can steal, for example, hackers using well-known passwords to request password changes and to retrieve multi-authentication credentials sent to a stolen phone number. The purpose? To catch victims with fines or, if there are high-value names, sell in underground markets. Some people were also hijacked and cryptocurrency accounts removed.
In addition, the researchers found that there were representatives from all five confirmed management users who provided incorrect information (such as billing address or zip code), by requesting the last three digits of the last dialed numbers. Investigators were able to provide this information first by sending a text instructing users to call a specific number, which played voicemail telling them to call a second number.
Opportunities
"Currently, SIM Swapping is very popular in Africa and Latin America," Galov said. "But we know about modern cases from different countries around the world."
How to protect yourself
- Do not use predictable numbers for your network PIN such as your birthday or family birthdays, all of which can be found on social media.
- Choose authentication app like Author or Google Authenticator instead of 2FA SMS. "This measure will protect you in most cases," Galov said.
- Use strong passwords and authentication for all of your online accounts to reduce the risk of hacking that could expose personal information used to hijack your SIM.
6. Hacked Phone Camera
As video calls become increasingly common at work and with family contacts, it highlights the importance of getting computer webcams from hackers - but that front-facing camera can also be at risk. A still-fixed glitch on the Android onboard Camera app, for example, would allow attackers to record video, steal photos and photo data, while malicious applications with access to your camera app (see below) could also allow cyber makers to hijack your camera.
Opportunities
It's a little more popular than web hacks.
How to protect yourself
- Always download security updates for all your apps and device.
7. Apps that require more permissions
While many applications request more permissions for the purpose of data harvesting, some may be more dangerous - especially if downloaded from illegal stores - requesting access to anything from your local data to your camera roll.
According to Kaspersky research, many malicious applications by 2020 are taking advantage of access to Accessibility Service, a mode aimed at simplifying the use of Smartphones for people with disabilities. "With the permission to use this, the malicious application has almost unlimited possibilities to interact with the interface of the app," Galov said. Some stalker ware applications, for example, use this permission.
Free VPN applications can also be the cause of further request permissions. In 2019, researchers found that two-thirds of the 150 most downloaded free apps on Android made sensitive data applications as user locations.
Opportunities
Excessive solicitation permits are common, Galov said.
How to protect yourself
- Read app permissions and avoid downloading apps that ask for more access than they should use.
- Although the app permissions seem to match their function, check for reviews online.
- For Android, download an antivirus app like McAfee or Bitdefender that will scan apps before downloading, as well as flagging suspicious activity on existing apps.
8. Snooping over open Wi-Fi networks
The next time you happen to have a password-free Wi-Fi network, it's best not to go online. Eavesdroppers on an unprotected Wi-Fi network can view all its unwritten traffic. And malicious social media sites can redirect you to sites that look like banks or emails designed to enter your username and password. And it’s not the flexible institution manager you usually get. For example, someone crossing the street from a coffee shop can open a log-in Wi-Fi network named after coffee, hoping to find useful login information that will be sold or stolen.
Opportunities
Any tech-savvy person can download the required software to disconnect and analyze Wi-Fi traffic.
How to protect yourself
- Only use Wi-Fi public networks that are password protected and WPA2 / 3 enabled (you will see this on the login screen requesting a password), where traffic is automatically encrypted during transfer.
- Download the VPN app to encrypt your smartphone traffic. NordVPN (Android / iOS from $ 3.49 / month) is a great all-around solution that offers protection for many devices, for example on your tablet and laptop.
- If you have to connect to a social network and do not have a VPN application, avoid entering login details on banking sites or email. If you can't avoid it, make sure the URL in your browser's address bar is correct. And never enter private information unless you have a secure connection elsewhere (look for “https” at the URL and green lock icon in the address bar).
- Turning on two-factor authentication for online accounts will also help protect your privacy on public Wi-Fi.
9. Apps with weak encryption
Malicious applications can also leave your mobile device vulnerable. According to InfoSec Institute, applications that use weak encryption technologies may leak your data to anyone you want. Alternatively, those with hard-to-use operating systems can create additional hacks behind hackers to use them, allowing you to access all your personal data on your phone.
Opportunities
"There is a risk, but a smaller threat than others such as unsafe Wi-Fi or identity theft," Galov said.
How to protect yourself
Check for app reviews online before downloading - not only in the app stores (which are usually under spam reviews), but in Google searches, for the unscrupulous behavior that other users may have reported.
If possible, download only applications from reputable developers - for example, who go to Google for better reviews and feedback, or for user review sites like Trustpilot. According to Kaspersky, "the task is on engineers and organizations to enforce encryption standards before installing applications."
10. The vulnerability of the SS7 global Phone network
The global mobile network communication protocol, Signaling System No 7 (SS7), has a feature that allows hackers to spy on text messages, calls and locations, only armed with a personal phone number.
Security issues have been known for years, and hackers have been exploiting the hack to get verification (2FA) codes sent via SMS from banks, cyber makers in Germany have hacked victims' bank accounts. Metro Bank of the UK was the victim of a similar attack.
This method can also be used to hack other online accounts, from email to social media, to cause financial and social damage.
According to security researcher Karsten Nohl, law enforcement and intelligence agencies are using the practice to block cellular data, which is why there is little incentive to detect it.
Opportunities
The chances are growing, as the few necessary resources to use this risk have made it available to low-profile cyber criminals who want to steal the codes of 2FA online accounts - rather than touching the calls of political leaders, CEOs or other people communication underground.
How to protect yourself
- Choose an email or (currently secure) verification application as your 2FA method, instead of SMS.
- Use an encrypted end-to-end messaging service (thus violating the SS7 protocol), Wisniewski said. WhatsApp (free, iOS / Android), Signal (free, iOS / Android) and Wickr Me (free, iOS / Android) all encrypted messages and calls, blocking anyone not to access or interfere with your communication.
- Note that when you are in a group that can be identified your phone conversations can be viewed and acted upon accordingly.
11. Malicious charging stations
While tourism and tourism may not be around at any time soon, last year the Los Angeles County Regional Attorney's Office issued a safety warning about the danger of hijacking USB public charging stations in places such as airports and hotels.
Dangerous charging stations - including malware-loaded computers - have taken advantage of the fact that standard USB cables transmit data and charge the battery. Older Android phones can automatically insert the hard drive when connected to any computer, exposing its information to an unreliable owner.
Security investigators have also indicated that they may have hijacked a video-out feature so that when connected to a malicious criminal hub, the criminal could monitor all key keys, including passwords and sensitive data.
Opportunities
Down. There are no known cases of stolen charging points, while new Android phones ask permission to load their hard drive when connected to a new computer; IPhones request a PIN. However, new discoveries can be made.
How to protect yourself
Do not install on unknown devices; bring a wall charger. You may want to invest in a USB charging cable only like PortaPow ($ 9.99 per two packets on Amazon)
If a public computer is your only way to recharge a dead battery, select the "Charge only" (Android phones) option if you get an auto-connection when you connect, or refuse access from another computer (iPhone).
12. Fake cellular towers, such as the FBI Stingray
The FBI, IRS, ICE, DEA, U.S. The National Guard, Army and Navy are among the government agencies known for using eponymous StingRays that mimic bona fide network towers.
StingRays, along with fake wireless network towers, is forcing nearby cell phones to disconnect their existing connections to connect StingRay instead, allowing device operators to monitor calls and texts made by these phones, their movements, and sender numbers and dial.
With StingRays a distance of about 1km, an attempt to monitor the suspect's phone in the center of a crowded city center could cost tens of thousands of calls.
Until the end of 2015, permits were not required for tracking a StingRay-enabled mobile phone. The American Civil Liberties Union has found more than 75 government agencies in more than 27 countries claiming to be StingRays, but notes that this number is likely to be underestimated. Although some argue that the use of audio technology is not allowed unless a criminal investigation is conducted, many agencies do not obtain permits to use it.
Opportunities
While the average citizen is not a victim of StingRay operations, it is impossible to know what is being done with external information taken from the unintended, due to strong state agencies.
How to protect yourself
- Use encrypted messages and voice calling apps, especially if you are filing a case that could be of interest to the government, such as a protest. Signal (free, iOS / Android) and Wickr Me (free, iOS / Android) are both encrypted messages and calls, preventing anyone from blocking or interrupting your communication. Most encryption used today does not break, Wisniewski said, and a single call will take 10-15 years to clear encryption.
0 Comments