Smartphones are an inseparable part of our lives. If our phone is taken away from us for even a day, for most of us it’s like being deprived of a basic need. We store all kinds of data in our phone – contacts, photos, videos, personal data, documents; we use numerous apps for making our lives easy – banking, insurance, online shopping, stocks, real estate; we rely on our phones for communication and socialising – chatting and video calling, social media, emails, professional groups; the list is endless with what phones can be used for.
Needless to say, if one loses their phone or it gets stolen, all that data and information is at risk. If there was no screen lock on the phone, the person who has or finds the phone can do serious damage if they want to. For instance:
- Access photos and videos and use them unethically.
- Access the contacts in the phone and harass them by crank calling, or sending unethical or threatening messages, or worse.
- We log in to apps and never log out. On some apps like those of online shopping or food delivery, we save our card details. This can be used by the person to order stuff for themselves at our expense.
- In the worst case, the phone could be used in devastating and terrible public situations that can land one in serious trouble with the law.
HACKERS AND PHONES
Today, it is also possible for such damage and more to be done using our phone without a miscreant physically having it. These are hackers, cyberpunks, cyber terrorists that do such criminal acts for extorting money, controlling lives, or damaging a person’s reputation. They can do this if they are able to hack into our phones and they are constantly on the hunt of searching and exploiting vulnerable phones. Mobile data, WiFi, websites, and mobile apps – stuff that we absolutely need – have made it possible and easier for hackers to try and get access to our phones.
Below are some of the methods hackers use to gain access to phones:
Phishing
Hackers send email or text messages containing a link or image asking that you click on it to get something or do an action. They impersonate a company, usually one that a person may have a professional relationship with, and the email or text message bears a likeness to any email or message sent genuinely by the company. However, the content they send has a virus or malware that, if clicked on, will get access to all information on your phone or remotely control your phone.
Spam
This attack is similar to phishing, however, with spamming you are likely to receive multiple emails or messages in a short duration of time. The sender is not a physical person but from software or “bot” used for the sole purpose of generating thousands of messages at a time and targeting multiple phone numbers. In spam attacks, a hacker hopes that a person may at least mistakenly click open an email or message and the content within, which will then download the virus or hacking software to the phone.
Hackers use alluring messages like you have won a ton of money, or a freebie, or been shortlisted for vacation, etc. to make it attractive for their targets to act on such emails and messages.
SIM card swapping
A hacker calls up your network provider, pretends to be you, spins a story like a phone is lost, and asks for a replacement SIM. If they are successful in convincing the provider they are you, they get the replacement SIM card, and your original SIM gets deactivated. So now effectively, the hacker gets access to your emails, contacts, messages, content on drives, etc.
Bluetooth hacking or hacking over WiFi
If a hacker is within range of your phone and the Bluetooth on your phone is activated, the hacker can then connect to your phone and access all data within. Hackers usually try this attack in crowded areas. A similar goes for hacking attempts on phones connected to free public WiFi.
SMARTPHONE SECURITY AND SAFEGUARDING
So, what should each individual person do to help keep their smartphone or other mobile devices secure? What are some of the common and effective precautions that mobile phone users should adopt that can go a long way in keeping their phones, and consequently themselves, safe?
We all know the below precautionary measures that are common knowledge and mostly everyone follows them.
-
-
- Securing phone with a password. Use a numeric or pattern passkey, or the more enhanced fingerprint or facial recognition.
- Enable auto-lock. Your phone is at great risk if auto-lock is not enabled, especially if you keep it unattended in presence of other people.
- Download apps from authentic sources like Google Play Store or Apple App Store. Do not download via any links sent to you or from third-party app stores. Read reviews of apps before you download them to check if there are multiple complaints regarding security. Statistics show that apps are hotspots for hackers to insert malware into.
- Be wary of calls from unknown persons asking for your personal details like date of birth, email address, residential address, passport number, etc. Question the caller who they are, where they are calling from, and why they need this information.
- Do not click on links sent via email or text message as mentioned above they can be phishing or spam. Do not do this even if the message is from persons you know – a family member or friend – as they may have forwarded without knowing themselves or their phone could be hacked.
- Browse authentic and secure websites.
- Refrain from using free public WiFi, or activating Bluetooth in public places, for reasons mentioned above where your phone could be at risk of hackers connecting to it.
-
To quote from a personal experience…Not long ago I lost my bank debit/ATM card. I immediately blocked it once I found out. Later that day I received a call from an unknown landline number, and the person calling said they were from my bank and wanted to verify my details – date of birth and address. Before revealing anything, I asked them why they need this data and they said it was in relation to a bank card reported to the local police station as lost that morning. With a little more back and forth questions, I finally accepted the caller was authentic and only then proceeded to give my details. [And was really lucky to get my card back!]
We should also consider some other safeguarding measures that are quite important, but we do not really know about them or do not adopt them.
Update your phone OS regularly
Install the updates released by your smartphone company and/or operating system provider. They often contain the latest security patches released to protect against new threats. Do not keep postponing the updates only because they take up memory and need time to install.
Install anti-virus software on your phone
We all download countless apps for personal/professional needs and entertainment, but how many of us consciously install an anti-virus? Your phone deserves similar protection as your laptop or computer. Several good and reliable anti-virus apps for smartphones are available.
Refrain from jailbreaking (iPhone) and rooting (Android phones)
Trying to bypass your phone’s standard configuration, results in the loss of the majority of the security settings that come built into the phone. These activities place your phone at undue risk, especially from certain malware that specifically tries to get root access. Jailbreaking/rooting also further prevents your phone from getting the regular OS updates rolled out by the providers.
Set up remote wipe
This feature allows you to wipe all data from your phone remotely if in case it gets stolen or lost.
Report a lost/stolen phone immediately
Let your network provider know so they can block your phone and stop anyone else from using it. Retrieve your phone’s IMEI number and file a report with the local police station. These couple of steps are extremely important to safeguard yourself as, firstly, you do not continue paying for services (calls, messages, etc.) that you are not using; and secondly, you are not responsible in case your phone has been used for harmful and malicious activities after it was stolen.
CONCLUSION
A smartphone contains a wealth of data and information. If it falls into the wrong hands or a hacker is successful in hacking it, there is no limit to the damage they can cause. We cannot be casual with smartphones anymore; we need to be always mindful about where our phone is, especially when outdoors. It is critical to change our outlook towards the security of smartphones and adopting as many precautions as possible for safeguarding ourselves.
For ensuring your mobile apps have the necessary security features, contact us at Secure Triad to learn more about mobile application penetration testing.