How to prevent smartphone hacking
Lately, hackers have become very fond of smartphones – they have become the most attacked objects. How to prevent hacking, what to do if your phone is still hacked – about this and many other things will tell the expert, working in the field of mobile application security research of the Positive Technologies company, Nikolay Anisenya.
The most common methods of hacking
Getting access to a smartphone is easier than to a computer, and there are many methods used. There are several types of attacks:
- The phone is lost. In this case, the attacker gets physical access to the smartphone, respectively, to the data.
- Remote access – a connection to public Wi-Fi is enough, let’s say, to check emails. Yes, the free Internet available to everyone is not so harmless. Neither are Bluetooth, VPNs or anonymizers.
- Virus. It can be caught by downloading an app even in the official market, in the same Google Play or AppStore.
Well, unverified stores are just a breeding ground for malicious apps. And when downloading a free copy of a paid application, you should think carefully, the security issue is a serious one.
What data is at risk?
In fact, all data is at risk if physical access is gained to the phone. In this case, it’s easy to read unencrypted data. Correspondence, photos, videos, banking data, personal data… ‘
The criminal gets everything. And if you also read text messages, without unlocking the phone, it gives the hacker even more opportunities. Volunteer helpers in the hack become Siri and “Ok, Google”, which can also work without unlocking if you need to call or send a message.
If an older version of Android is installed on the smartphone, full access to the data can be obtained by connecting the phone to a computer via a USB cable. And it’s always possible to find “holes” in the old firmware.
But even without physical access to the device, there are quite a few opportunities to get data, through the communication channel. At risk are plastic card data, accounts. In some cases, the response of the bank server is faked, and the user makes a transfer of a large amount of money without suspecting anything.
Well, if an application with a virus is installed, everything becomes even simpler. Recording data from the camera, microphone, transmitting location data, banking applications, messengers… Sometimes even complete control over the device – all depends on the specifics of the virus. And if the phone is connected to a corporate Wi-Fi network, it may well leak company, government data and so on.
As statistics from Positive Technologies shows, banking applications for iOS are safer than those for Android.
How to detect a hack
If the intruder wanted physical access to the phone (for example, you left it unattended for a few minutes), it’s not hard to spot an attempt to enter a pin code, if one is used. If other methods are used to unlock it, this too is easily detected, as the appropriate notifications come in.
If the phone has been stolen or lost, it is possible to track activity or receive notifications of attempts to unlock through a special program to remotely control the device.
In some cases, hacking can be tracked by activity in the applications you use.
What to do if the phone has been hacked in this way?
Naturally, immediately change all passwords, and if the phone is lost – lock it.
And how to detect an attempt of access through the channel? First of all, you should not accept unwanted files via bluetooth, or, connect to those wireless devices that are suspicious. Many applications have protection against this kind of attack, but not all. In the case of an attack, the application stops downloading data from the network in use – this is the most important sign.
If you have installed a spyware application, a sign of its activity is that it turns on its geo-positioning, and then you don’t really need it. On the other hand, an attack of the tapjacking type is indicated by the inadequate behavior of the applications in use (they start to “glitch”).
An application getting administrative access is indicated by the installation of any programs without your knowledge. By the way, a screen that periodically lights up spontaneously can also indicate suspicious activity, although not in all cases.
How are such programs installed? Most often, the user downloads an application from the Market, and after opening it, another one is installed, already malicious, under a quite innocent interface.
What to do if the smartphone is hacked
First, all the critical data should not be stored on the smartphone. Second, you need a remote control program so that you can lock your device if it is stolen or lost. Third, you need to use a strong screen lock, preferably a graphical or symbolic password.
If your smartphone has already been hacked, you should do the following:
- Disable mobile banking.
- Disable all current sessions.
- Change passwords in all accounts.
- Choose a new device to generate one-time passwords, if the smartphone was used for this purpose.
- Follow all the manufacturer’s recommendations for such cases.
- If the attack is carried out through the network, you need to disconnect from it immediately. And it’s best to leave the cafe or establishment where this network operates.
- If you use an anonymizer or similar service, you need to disconnect from it.
- If you have downloaded a malicious application, you need to remove it. Although sometimes this will require a factory reset of all settings.
For Android 6 and newer versions, you can try to take away the critical permissions of the app (if you need the app, but you are not sure of its reliability).