Wednesday, June 17, 2015

13 sinister hacks that could turn your smartphone into your own worst enemy

It seems like only yesterday when cell phones were the size of briefcases and had an antenna that rolled out like a telescope. However, things have changed rather quickly, and phones are getting smarter with each new device that is released. Perhaps, too smart?

Your phone might be the perfect personal assistant, but it can also be the perfect spy should it get in the wrong person’s hands. So here are 13 sinister hacks that could turn your smartphone into your own worst enemy.

1. iPhone or iSpy?

MSpy is an app that anyone can install on your phone. All they need is physical access to it. Legally, surveillance apps require the owner to be informed that their smartphone is being tapped. That doesn’t stop mSpy from advertising itself as “100% undetectable”.

So what can mSpy do?

It can track all ingoing and outgoing calls with a duration and time stamp, snoop through texts, photos and emails, monitor internet use, and control apps and programs. But that’s not all; it can also track your GPS location at all times. Should a possessive partner tap into your phone, there’s no timeframe on how long they could keep an eye on you, even after the relationship has ended. The app has already caused uproar, with the media dubbing it as ‘the stalking app’.

Security tip: Use a strong password on your personal devices. Try to use 10 characters and a mix of numbers, special characters, and upper and lower case alphabets. Experts recommend using passwords like a toothbrush: don’t let anyone else use it, and change it every six months.

2.  The tilt sensor on your phone can hear you type

Wait, what?

A research team at the Georgia Institute of Technology discovered that any phone newer than the iPhone 4 has a sophisticated ‘accelerometer’.  In a layman’s term, the accelerometer refers to a tilt sensor. The sensor is so advanced that should you leave your cell phone on your desk, it can read the vibrations from your keyboard and detect what you are typing with 80% accuracyShould anyone hack your phone, they can essentially read anything you type including passwords, sensitive data and emails. Yikes!

Security Tip: Researchers discovered that the most effective range is three inches from your keyboard, so perhaps keep your cell phone stashed in your bag!

3. Your credit card can be stolen without leaving your wallet

Zip, payWaveexpressPay and PayPass, these are some of the names of ‘contactless’ cards, and if you own one, you should be extra vigilant. These cards are fitted with a Radio Frequency Identification Chip (RFID) and the idea was to simplify purchases. While retail transactions may be a little easier, so is stealing your money. Some modern smartphones are equipped with Near Field Communications (NFC) which means they can read and transmit RFID data easily.

With the right malware, a hacker can access your phone and scan your pocket for the RFID-enabled credit card. They can then take this data, and use a magnetising device to upload the stolen credit card data onto a blank card. Your credit card has just been cloned, without even leaving your pocket. A hacked smartphone can read an RFID chip through your pants or even a leather wallet.

Security Tip: There is a wide range of RFID blocking security wallets available on the market, keeping out any ‘would be’ digital pickpockets.

4. Home invasion, via your smartphone

Smart homes are becoming more common in the modern real estate market. For those out of the loop, smart home technology is also referred to as ‘the Internet of Things’ (IOT). Standard household items such as appliances, electricity, security systems and lighting can now be wired into the internet and controlled via our phones. In theory, we can program our home to save energy while we’re on vacation, or turn on the lights and make coffee when we wake up. Like any device connected to the internet, smart homes are vulnerable to attacks as well.

According to Gary Davis, Chief Consumer Security Evangelist for McAfee, it’s your mobile device that is the most vulnerable access point for a home invading hacker. Through your smartphone, they can potentially turn off the lights, disable the security system, and unlock the front door at any timeHome invasion has never been so scary.

Security Tip: Radek Tadajewski, CEO of Oort, a smart home tech start-up, recommends that you should use devices with 128 bit encryption or higher, making them less likely to be compromised by cyber thieves. Users should ensure all of their connected devices are also password protected.

5. Beware of juice jackers

Although juice jacking sounds like a weird Californian diet, it’s actually a hacking method that targets those running low on battery. Ever come across a free charging station? They’re popping up everywhere, from airports to shopping malls. However, these ‘free charging stations’ may not be the lifesaver you think they are. They can be Trojan horses for malware.

As soon as you plug in your phone, you essentially give a hacker open access to your smartphone and the freedom to infect your device. Researchers from BlackHat, a leading cyber security conference, estimates that your phone can be compromised within one minute of being plugged into a malicious charger.

Security Tip: Don’t use public charging stations. Invest in a portable battery, so if you should run out of juice, you won’t get jacked.

6. Smartphone piggybacking

Have you ever set up your cell phone as a personal Wi-Fi hotspot?

Watch out! Hackers (and essentially any one on this planet, unless you password-protect) can piggyback off an open Wi-Fi signal. Cyber criminals are always looking for an open network, so they can download and distribute illegal materials. When the cops trace the source of the illegal activity, they’ll come looking for you.

Security Tip: Whether on your phone or at home, always password-protect your Wi-Fi.

7. Flashlight apps torch your privacy

Have you downloaded a flashlight app?

Well, delete it now.

Researchers found that the top 10 flashlight apps on the Google Play store are all spying on their users. The application size of a flashlight app should be 72k, whereas these apps range from 1.2 to five megabytes. So why are these apps 10 to 50 times larger than they should be? That’s because they are spying on you.

If you haven’t read the privacy policy of the app you’ve downloaded (and let’s face it, most of us haven’t) you probably aren’t aware of what these free flashlight apps can do. For instance, it can read your contact lists, write programs, access photos, or snoop into your mobile banking information. In fact, these apps are so intrusive that leading cyber security firm SnoopWall considers all of them to be well crafted malware.

Security Tip: If you have downloaded one of these apps, delete them at once. Consider changing your banking passwords if you have used mobile banking along with the flashlight app.

8. Tech-savvy snoops can record your conversation without using your microphone

How does a hacker turn on your microphone?

The answer might not be what you expect.

Every smartphone is fitted with a gyroscope, a sensor used to monitor the smartphone’s orientation. This is how you can play games like Doodle Jump or Angry Birds.

Researchers from Stanford University have found a way to use the sensors of the gyroscope to detect sound waves, essentially turning it into a microphone.

Unlike malware apps which gain permission to switch on the microphone, hackers can access the gyroscope easily, and avoid detection altogether.

Security Tip: Google is aware of the research on gyroscope hacks and is working on countermeasures to protect users. In the meantime, minimise your chances of being hacked by ensuring that your Bluetooth is disabled, preventing roaming hackers from discovering you on their network. If you use an iPhone, don’t jailbreak it. It’s much easier for hackers to gain access to a jailbroken phone.

9. The third eye you don’t want

For hackers, accessing your camera and taking secret snaps is not difficult. Android security settings specify that a preview must be shown on screen after a photograph is taken. Hackers bypass this by making the preview size one pixel, all but invisible to the human eye. The hackers can then send the photograph anywhere in the world.

The recent phone hacking scandal involving celebrities such as Jennifer Lawrence and Kate Upton, showed that iCloud storage is an easy target for cyber snoops.

Security Tip: If somebody really wants to hack into your phone and has the resources to do so, they probably will. If you’re doing anything you don’t want the world to see, keep that phone in a drawer. Don’t store any sensitive images on the Cloud, or better yet, don’t take them in the first place.

10. Military malware can reconstruct your home or office in 3D

Remember the radar system Batman had at his disposal in The Dark Knight Rises? Turns out it is more fact than fiction. PlaceRaider is the name of the prototype app, and it works by covertly taking hundreds of photographs through your smartphone, simultaneously recording the time, location and orientation of the phone. Once it has enough images, it then allows for a malicious user to reconstruct the victim’s environment in 3D. This gives a hacker enough data to scan a private residence for items of value. They may also be able to locate hidden vaults and panic rooms.

Luckily, the app belongs to the military and won’t be in the Apple Store anytime soon.

Security Tip: The EyePatch was initially designed to protect your smartphone camera lens from scratches or nicks. However, should you be worried about anyone gaining control of your camera, simply cover the lens with this phone cover. Pretty simple, huh?

11. Think twice before hooking up your baby monitor to your smartphone

It might seem like a good idea to link your baby monitor to your smartphone. After all, two pairs of eyes are better than one, right? Well, kind of.

Nevertheless, these probably aren’t the eyes you were hoping for. Baby monitors have been in the news recently after a tech savvy individual successfully hacked it and verbally abused the terrified family through the baby monitorwhich is as creepy as the fact that hackers have the ability to spy on you and your family whenever they pleaseAs smartphones are perhaps most vulnerable to attacks, it’s another access point into your home.

Security Tip: As with all internet-connected devices, use heavy encryption and password-protect everything. Perhaps just avoid using your baby monitor through your smartphone altogether.

12. Zombie virus – via ‘free’ Wi-Fi

We’ve already discovered how hackers can piggyback off your Wi-Fi hotspot to transmit illegal data, but they can also set up their own Wi-Fi booby traps. A hacker can clone the name and characteristics of an innocent sounding public network, for example ‘Starbucks’. Once your phone automatically connects to the signal, your device is wide open to attacks. The hacker can gain control of your operating system, and spam everybody in your address book with malware. With one accidental click, the recipient is then in turn infected and their address book is targeted. This is how damaging viruses can spread very quickly.

Security Tip: Never connect to public Wi-Fi, unless you’re absolutely sure that it’s secure.

13. The future of hacking

Researchers at MIT hacked into a FitBit via an Android smartphone to explore its vulnerability. Should anyone be able to get inside your smartphone, it would be relatively easy for them to uncover your ‘live data’, such as your vital statistics, BMI or even whether you’re asleep or awake.

Um, no thanks!

But hacking into wearable devices could only be the beginning as technology continues to advance.

A new trend in body modification has been springing up in tattoo parlours across the nation. They call themselves biohackers, cyborgs and grinders – people who use computer chips as part of their body modification. It’s a niche market, but biohacking enthusiasts can insert magnetic chips into their bodies to connect to their smartphones.

The government is even working on a chip that when inserted into the human brain can potentially restore memory. It’s long been hypothesised about how easily a malicious hacker could find a way to hack into medical devices such as pacemakers and bionic limbs. As we continue to merge with new technology, there’s no telling what hackers of tomorrow might be able to do.

Security Tip: As new technology emerges, so will countersecurity measures. The best we can do is understand how easily we can be accessed through our connected devices, and take appropriate precautions.

The piece originally appeared here.


from The Express Tribune Blog http://ift.tt/1BmtVbw

No comments:

Post a Comment