THE age of smart tech has made our lives remarkably more efficient. With a left swipe of a thumb we can send emails to friends on the other side of the planet. We can pay for that hefty grocery haul without even pulling out our wallets. We can even video chat with friends and loved ones for free. And all of these divine little perks come stacked in our smart phones.
But just as strong on design tech as they may be, every smartphone is equally vulnerable to security flaws. We’ve seen this recently with Wikileaks’ damning revelation that the CIA has been able to hack into our smart devices and spy on us. Edward Snowden alluded to just as much in a number of interviews.
And all of those dreamy perks bottled up in our Samsung’s and Huawei’s can be just as beneficial to some dodgy stranger on the other side of the continent. And Apple’s ever growing constellation of iPhones are just as susceptible to attack as any of the Android platform. Now that hackers have become increasingly more adept at breaking through iOS and Android security flaws we no longer need to ask Is your smartphone hackable? In a one word simple answer: Yes.
That doesn’t mean go boxing up your devices, training messenger pigeons and getting reaquainted with rotary phones. It means time to exercise some serious vigilance over how you use your phone. And it also means implementing a number of steps to beef up your smartphone against the threat of a hacking attack.
What Should You Do When Your Smartphone Has Been Hacked?
Security breaches and virus attacks can leave virtually no footprint, go undetected and make no noise about their presence. Or they can do everything from bring the normally fleet functionality of your phone down to a lumbering slog. Perhaps you’ve been redirected to unwanted sites too many times. Popups pepper your screen. Emails you were unaware of are suddenly spamming everyone in your contact listfrom your own outbox. Maybe even your camera phone has been spying on you. Where does it end?
Well if you are an iOS user, this typically isn’t a problem. But it can quickly become one when your phone has been jailbroken. This is the case when the stalwart security that Apple installs to keep users from disabling the iOS user interface or changing its factory settings and platform is in fact deliberately disabled.
Similarly for Android users, unlocked phones that have come through dodgy specialist boutiques may be rife with malware and spyware, tracking apps and all forms of unwanted tech that may be after your personal details. For example that Android smartphone you took into a small time shop that unlocks phones from the original phone carrier may just be planting viruses on your phone. Why? So you end up coming back to have the phone “repaired.” Or perhaps it’s much more malicious than that. Maybe they’re after all of your personal info that you happen to store on the phone: photos, credit card information, contacts, etc.
Android users, here’s the solution. If your goal is to break your contract with the phone carrier, discuss with the carrier or authorized dealer what is involved in safely unlocking the phone once the contract is dissolved. That way you can take your business elsewhere to another carrier without fear of your phone being compromised.
And for iOS owners maybe you aren’t the culprit. Maybe your iPhone was jailbroken without your knowledge. If that’s the case you may have already been hacked. But fear not, Apple even has an app to tell you if your phone has been jailbroken. Apple’s System and Security Info app is adept at getting to the heart of the issue and helping you restore the phone back to its former glory. Download the app to check for security threats.
Imagine that you are a jealous boyfriend and your iPhone is your suspiciously behaving girlfriend. Chances are you are wondering what she has been up to when you weren’t looking. “Checking the receipts” as it were in the case of iOS users would be seeing if there are any candlelit dinners that didn’t involve you, any unaccounted for purchases, or calls that went under the radar. For example remember when AT&T and Apple came under fire for late night unauthorized data usage? For many iPhone owners that excessive data usage ultimately rang up surcharges to their carrier’s data plan. If history is repeating itself, avail yourself of Apple’s customer service to find out what is rightly or wrongly happening. And then follow the receipts to the carrier as well to make sure nothing untowards is happening.
But if your iPhone has up and walked out of your life and into the hands of a thief or all around hacker, lo and behold there’s a setting for that too. Go into your iOS settings and activate the “Find my iPhone” option. Why? If it gets stolen or even briefly falls into the hands of some unauthorized user, you’ll want to have some safeguards in place. You can go online in the case that it has been stolen and remotely blitz all the personal data stored on your iPhone. You’ll also be able to trace its steps along the way. Here you’ll be able to “Find” your phone and take it out of service.
And for Android users similarly cuckolded by some secret affair between your phone and a hacker, fortunately there is a light at the end of the tunnel. Android makes it very easy to track your smartphone’s performance and behavior. What does your data usage add up to? Here’s the first telling signature of malware or a malicious hack. If your data usage shows unusual expenditures more than likely something is amiss.
Time to put on your sleuthing hat. Go into your settings and check your data usage. Here you’ll be able to see how much each application you have is eating up data. For instance an application you touch every blue moon shouldn’t be racking up a fat 50 MB charge. And the ones that you are intimately aware of shouldn’t be skimping behind your back either.
Pay careful attention to those “harmless” free apps that you downloaded (especially from third party sources) like translator, dictionary or agenda apps that somehow rack up crazy amounts of usage. In other words, check the receipts. If there is some suspicious activity there, nix the guilty apps immediately. Similarly if you are an iOS user, third party apps would only come by way of a jailbroken phone. Apple gets a gold star for vetting apps that will appear in its official store.
Try to keep your downloads to reliable stores like Google Play, Apple Store and Samsung Apps. Never download from any third party that prompts you to do so after receiving an sms. That sms is that awkward invitation you unwittingly gave to a hacker to infiltrate your phone. And above all else, regularly backup your phone to a hard drive.
How do you bring it back to life? Run a battery of virus scans. Make sure your antivirus protection is up to date and activated. If not there are a plethora of antivirus programs that you can install that will help resuscitate a waning phone. And once again do an extensive audit of the apps and software that you have currently installed on your device.
Thanks to the dark web or even the meddling hands of ne’er do wells who’ve physically come into contact with your phone, getting access to your PIN and other security data that are the DNA and unique thumbprint of your phone is getting easier and easier. Such search engines like Shodan have unfortunately been twisted by hackers seeking out IP addresses, passwords and other searchable information that only people who don’t regularly change their pins and passwords, lock their phones, and don’t keep their phones synchronized to a bare minimum of other vulnerable devices possess. You might as well hand over the keys to your house and car. While you’re at it, throw in the credit cards for good measure.
Three words: lock your phone. Never leave it unattended. iOS users take advantage of such options of using your fingerprint to lock and unlock your phone. Android users can benefit from facial recognition apps as well. And for both platforms always type in your PIN manually.
Be wary of syncing your device to other devices. Connecting to unfamiliar devices can be the conduit through which some devilish spyware will tunnel and ultimately leach onto your smart phone.
Take for instance the office computer. More than likely the office computer is the frontline to attack. Any number of suspicious characters could be uploading malware to the computer. Or something as simple as an out of date antivirus program has allowed way too many viruses to slip through the cracks. Just how often has the office computer or even your home computer been through a check up of its own?
Rethink pairing every smart connected home device you possess (the smart lighting, thermometer, television, kitchen appliances and above all home security) to a one touch solution from the comfort of your smartphone. If it only takes a few careless or even lazy approaches to how you secure your phone to leave it wide open for attack, what will that mean for anything you’ve paired to the phone?
Your Apple Pay or mobile paying apps that allow you to pay with simple contact of the phone, your security system to your house, your smart TV and any other collection of such connected apps immediately become vulnerable once you decide to go the route of one stop for all with a click of your phone. Instead keep these things separated. Don’t use one single password for everything. And change the passwords regularly.
But one critical bit of advice for iOS users…Consider taking Siri offline. Despite the forward thinking tech involved in rendering something as genius as Siri, the program is susceptible to leaking personal data. How do you remedy it? Go into settings. Choose the “Touch ID & passcode” option. Then set “allow access when locked” on Siri to off.
When travelling for instance, there will come those moments that you connect to the hotel wifi. Chances are the hotel services two different portals, the in-suite wifi that is only for guests and runs on a secure password protected platform. But jaunt down to the lobby, more than likely that 4 star hotel has a public wifi that anyone can latch onto. And that lobby has probably seen its share of hackers milling about. They’ve been waiting for unsuspecting tourists like you or me to wander through, check your itinerary, mobile pay for this guided tour or that restaurant reservation, and essentially leave your fingerprints from your credit card and mobile pay information on mobile sites that can just as easily be keylogged or screen captured from your camera phone.
Skycure founder Adi Sharabani says that unsecure wifi is like walking into a minefield. “Someone is trying to gain access to your email, to your password. They are trying to gain access to all of your contacts, who you meet with, where and when. Do you approve? So me, as a security expert, I always click cancel.”
Sometimes roaming charges are a necessary evil. If you have to do secure transactions, make sure every step of the process is in fact secure, from the wifi server to the site itself. And think about where you handle these transactions carefully.
Another scary sentiment is that those public charging stations for your iPhone can potentially hack into your phone. USB chargers at the charging station may secretly be connected to a hidden computer that will ultimately try and download malware to your iPhone. Instead avoid those public charging stations and bring your own charger.
Need more incentive to rethink those wifi habits in the hotel? Consider the experiment that mobile security expert John Hering ran in a Las Vegas hotel where he wrangled a group of hackers to hack phones. 60 Minutes was on hand and the results were telling. The hackers were able to hack the phones even in people’s pockets.
Those one click options on your phone may seem like a godsend. Surely you’ve been to a site that asks you to create a login and password. Google then prompts you to save your password. The same can be said for those aforementioned secure pay transaction sites. You might get a prompt asking to save your credit card information. Never allow your phone to autofill passwords, store your credit card data, social security information and any other hardcore data that could essentially be the deathknell for you if in the hands of a hacker.
Hackers salivate at the mouth when they stumble upon smartphone owners who leave their entire personal history open like a book. If they can breach your phone by way of a simple sms or a malware program, it will only take them a matter of time to rummage through your device to get to the critical information they need. This is why it is called identity theft. You’ve left your shoes and socks by the front door for them to enter and walk in them comfortably. Take these options off the table and remove any autofill settings from the device.
The tricky thing about malware is that it is slickly hidden right before your eyes. And malware that’s taken hold of an android device for instance is hard to identify. Pin on a standard green generic Android icon, dress it up under the guise of some update that is regularly communicating through Google Services and it’s easy to see how it can so readily slip through the cracks undetected.
Most smartphone owners are likely to approve all updates and installations when they come down the line through notifications. When prompted to approve, we just let it fly automatically. And that grocery list of applications and software updates that need to be updated can all be updated in one fell swoop…if we allow them. But this is where we should be vigilant. When you receive update notifications, always scrutinize the list to be sure that nothing is hiding in plain sight. And always have the authority to approve or deny each update. Sometimes the last line of defense is just an approval setting for an update.
iOS users are not invulnerable to this line of attack either. The Trident attack comes guised as a security update. It prompts owners to click on a link that in turn opens in Safari. What happens next is the attack has breached the security core of your iPhone. A brutal bit of spyware called Pegasus then goes into attack mode. The best bits of advice in the case that Pegasus or some next generation spyware has hit your phone: update to the latest software update.
Nowadays something as seemingly harmless as a text message can be the silver bullet for your smartphone. Hackers with the wherewithal to infiltrate your phone can send an sms with strange characters, images, or in particular a download link. And at first glance the automatic response seems to be to simply delete the text. No downloading done. Trouble averted? Right? Wrong. Just by virtue of the fact that you received the text, the hacker is assessing your security and trying to infect and infiltrate your phone.
How might they have your information to begin with is the first question. Likely someone in your contacts or in your circle of friends is hacked. And the next step for the hacker is to attack those contacts in your friend’s address book. And the sms, be it an image, a GIF, or any other innocent appearing message has already taken on the task of dropping some dangerous virus or hack onto your device.
Edward Snowden, former CIA employee and whistleblower, told the Independent in an interview that something as simple as a text message is all is takes to gain control of a phone. “That’s a specially crafted message that’s texted to your number like any other text message but when it arrives at your phone it’s hidden from you,” Snowden said. “It doesn’t display. You paid for it [the phone] but whoever controls the software owns the phone.”
Follow your instincts. If the texts seem out of the ordinary, follow the breadcrumbs back to the sender. If it’s a contact, find out if they themselves sent it or if there is some ominous hack at the helm of their device.
If this is a case of more than a virus and your phone is under the remote control of a hacker, chances are you might never readily spot it until it costs you dearly in the piggy bank. A hacker worth his salt in breaking encrypted codes and stealing identities will certainly know how to remove any visible trace of his presence on your device. Perhaps he’s gained control of sending texts, making calls, using your camera, infecting your contacts, stealing your personal data, using your mobile pay options, or even breaching your home security system.
Checking your call logs and device activity from the infected or hacked device will be pointless at this stage. It essentially has a smokescreen running to keep you from noticing any huge discrepancies. Do your due diligence and regularly check your activity with your service provider. There you’ll have an unfettered global view of everything your device is up to, warranted or unwarranted.
And should you see that your device has been hacked and controlled remotely, the service provider will also be the best bet to help put the kibosh on that criminal activity. Your service provider is like your local GP or physician. Maybe you’ve run a battery of tests on your phone on your own. But if the device has fallen prey to more than just a Trojan or some dodgy software updates it will be hard to detect.
Give your device the benefit of a strong diagnostic test at your service provider boutique. If anything is hiding under the hood, they’ll be best equipped to catch it.