Pages

Saturday 28 November 2015

7 ALARMING WAYS HACKERS CAN SCREW WITH YOUR SMARTPHONE


wps990A.tmp
7 Alarming Ways Hackers Can Screw with Your Smartphone
By Joel Lee,
Make Use Of, 27 November 2015.

For a lot of us, “compromised smartphone security” is basically synonymous with “time to run another malware scan,” and as such, we view security threats more as inconveniences rather than the dangers they really are.

Maybe the problem is that we aren’t fully aware of what hackers can really do with our smartphones. It’s one thing to learn about common smartphone security risks, but if that knowledge stays abstract, it does you no good.

So to get you thinking the right way, here are some real examples in which your smartphone can be hacked and used against you, and I promise you’ll start thinking of smartphone security as an everyday necessity rather than just for the paranoid.

1. Remotely Control Your Device

wps9588.tmp
Image credit: Tim Malabuyo/Flickr, CC BY-NC 2.0.

Not long ago, a researcher discovered a zero-day exploit in the (at the time) latest version of Chrome for Android - an exploit that granted the hacker full access to the smartphone’s root operating system and worked on every version of Android.

It has already been reported to Google (and yes, the researcher picked up a large security bounty payout for it) so it should be patched soon enough, but this just goes to show how much control a hacker can get. Full root access!

What’s most interesting is that this particular exploit didn’t come from a app-related malware infection. It was simply an overlooked vulnerability in the JavaScript V8 engine that Chrome uses. So no matter what you think you know about smartphone security, surprises are always waiting around the corner.

2. Remotely Eavesdrop on Calls

wpsCFE8.tmp
Image credit: Janitors/Wikimedia Commons

Around the same time that the above-mentioned Chrome exploit was publicized, another vulnerability came to light - but this particular issue only affected Samsung Galaxy S6, S6 Edge, and Note 4 devices. Still, lots of people use those phones, so millions were affected.

Long story short, by using a man-in-the-middle attack, hackers were able to connect the device to fake cellular base stations and thus intercept incoming and outgoing voice calls. After intercepting, hackers could potentially listen to, and even record, said calls.

The setup of the exploit is a bit too complicated for any regular hacker working on his own to set up, but the scary thing is that there’d be no way for the end user to know that something is amiss.

3. Spy on Your Every Move

wpsAD26.tmp
Image credit: Anthony Starks/Flickr, CC BY-NC 2.0.

Back in 2011 when the iPhone 4 was the phone to own, a computer scientist from Georgia Tech experimented with the built-in accelerometer and found that he could read computer keystrokes from nothing more than desk vibrations. In fact, his accuracy was just over 80 percent.

This particular issue is easily circumvented - all you have to do is keep your phone off your computer desk - but it goes to show how clever and innovative hackers can be.

Another example is PlaceRaider, which was a military app that secretly took snapshots of your surrounding (using the smartphone’s camera) and could use those images to rebuild your environment in virtual 3D.

How could this be abused? Imagine if a hacker managed to upload this kind of malware onto your phone, used it to replicate your home, and used that as a way to spot valuable objects worth stealing? But of course the real creepy factor here is the invasion of privacy.

4. Break Into Your Home

wpsB22.tmp
Image credit: Lockitron via YouTube

Speaking of home robberies, there are more angles to consider when thinking about the safety of your home in relation to your smartphone - especially if you’re invested in smart home products or the Internet of Things at home.

To be fair, smart home automation isn’t inherently insecure. With the right precautions, you can have a smart home that’s properly protected and impervious to most common threats. Don’t let the potential for hacking deter you from exploring the possibilities of a smart home.

But that being said, just as any Internet-connected device can be compromised, so too can smart home products - and your smartphone is the weakest link.

For example, if you have a smart home security system that’s controlled by your smartphone, imagine what could happen if a hacker gained remote control access to your device. They might be able to unlock doors, disable cameras, or worse.

5. Extort You For Money

wps5576.tmp
Image credit: Ervins Strauhmanis/Flickr, CC BY 2.0.

In 2013, a new kind of malware hit the Web. Essentially, this malicious scam would lock down your computer and force you to pay a fee to regain control of your system. It’s called ransomware and is one of the worst kinds of malware out there.

In 2014, ransomware hit Android in the form of an FBI warning that accused you of breaking the law (such as claiming you had child pornography on your device) and demanded a fine to avoid jail. As you might expect, plenty of people paid the fine out of sheer surprise and fear.

Removing ransomware is possible but also a pain. The key is to be wary of what ransomware looks like so you can identify it and keep yourself protected from it.

6. Steal Your Identity

wpsF86E.tmp
Image credit: Vodafone Medien/Flickr, CC BY-ND 2.0.

2014 was a bad year for customer data security. Companies like Target, AT&T, and eBay all suffered data breaches, resulting in a lot of stolen identities. And though it would be nice to say that these incidents are ramping down, that would just be a bold-faced lie.

The truth is, smartphones can lead to identity theft in a lot of ways these days, and one of the bigger risks lies in NFC technology (also called “bumping”). Essentially, hackers can bump your device without you realizing it, and by doing so, they can intercept sensitive data.

Worried that your identity might’ve been stolen? Stay up to date with these warning signs of digital identity theft and respond accordingly if you notice anything off or suspicious.

7. Use Your Device to Attack Others

wpsE59F.tmp
Image credit: Michael Coghlan/Flickr, CC BY-SA 2.0.

Sometimes hackers don’t really want the data on your device - instead, they just want to use your device as a minion for their own nefarious purposes. With the right malware installed, your smartphone could turn into a zombie.

In 2012, the NotCompatible Trojan for Android turned all infected devices into one massive botnet, making it easy for hackers to use those devices in sending out all kinds of spam. But in 2014, it evolved and became a little scarier with the potential to launch targeted attacks and bring down networks.

This kind of attack is called a distributed denial-of-service attack and botnets are famous for it. Your smartphone could be a zombie and you might not even realize it.

Smartphone Security Threats Are Real

Obviously, these exploits and vulnerabilities are way more than simple inconveniences. If something like these happens to you, it can be quite serious. That’s why it’s so important to stay vigilant and learn how to protect yourself.

At the very least, you should change your bad security habits right away - nothing will improve your safety more than that - but you should also internalize these common smartphone security mistakes.

Top image credit: Chs87/Wikimedia Commons.

[Source: Make Use Of. Edited. Images added.]

No comments:

Post a Comment

Please adhere to proper blog etiquette when posting your comments. This blog owner will exercise his absolution discretion in allowing or rejecting any comments that are deemed seditious, defamatory, libelous, racist, vulgar, insulting, and other remarks that exhibit similar characteristics. If you insist on using anonymous comments, please write your name or other IDs at the end of your message.