Hacking: How to deal with the menace6 min read . Updated: 13 Aug 2013, 07:05 PM IST
The ways in which people can get at your private data, and how you can prevent it
At a conference in July, researchers from the Georgia Tech Information Security Center in the US demonstrated how an iPhone can be hacked in less than a minute using a malicious charger. Though Apple claims to have fixed the issue in iOS7, the popularity of smartphones makes them tempting targets.
“The vulnerability in a smartphone does not come from its system, which is an efficient and power-saving design," says Sriram Raghavan, digital security and forensics expert, Securecyberspace.org, a site that is also working on a security-related project with the Indian Institute of Technology, Delhi. “The vulnerable element comes from the market place, from the tempting third-party apps or widgets you install on your system."
The Mobile Threats Report, released by networking equipment manufacturer Juniper Networks in June, makes similar observations. According to the report, mobile malware threats through malicious apps grew at a whopping 614% between March 2012 and March 2013. There are about 276,259 malicious apps out in the mobile marketplace with almost 92% of them on Google Play.
“A hacker will use any hole in your smartphone or in your lax behaviour to attack you and install a spyware on it," says Rakshit Tandon, who is a cybersecurity expert and a security consultant with the Internet and Mobile Association of India (IMAI). Once the hacker gets inside a smartphone, he can change and create emails, texts, SMSs, videos, photos, notes and credit and debit card information.
Here are some ways in which hackers can try to get malicious software into your smartphone’s system:
Apps can ask for permission to access phone data. Ask why a note-taking app needs GPS access, before clicking “Accept".
According to a 2012 study, Pausing Google Play, conducted by Bit9, a US-based mobile security firm, 72% of Android apps (they studied more than 290,000 apps) ask for permission for at least one thing that can prove high-risk for your mobile’s security.
Secure yourself: Always read the permissions list before you install an app and tie it back to the app’s features. Be especially wary of apps that ask for your permission to make phone calls, send SMSs, reveal your identity or location.
By installing a repackaged app
If you’re jailbreaking your phone to install paid apps for free, then you’re also making it vulnerable to fake and rogue apps. According to a 2012 study, the Android Malware Genome Project, by the State University of North Carolina, US, 86% of Android malware uses a repackaging technique wherein the hacker downloads a popular app, decompiles it, puts a malicious code into it and then puts it back on the Play Store as a free copy of a popular app.
Secure yourself: Don’t jailbreak your phone or install any unofficial apps, especially if they look like free copies of popular premium apps or have names like “Silly Birds" or “Fruits Ninja".
Do you have a habit of keeping your Bluetooth on while you are on the go? Bluetooth hacking is easy with software like Super Bluetooth Hack or BlueScanner—these search for Bluetooth-enabled devices around them and try and extract contacts, email IDs and messages from unsecured phones.
Secure yourself: Keep the Bluetooth off at all times when not needed. It will save your battery as well as data. If on, keep it in non-discoverable mode.
By emailing/texting a malicious link
The old phishing trick on emails has come to the mobile phones through malicious links embedded in MMS and SMS. Think twice before clicking that link or opening attachments you weren’t expecting. Even though it might appear genuine, a SMS or MMS from a friend’s phone could be a malware.
Secure yourself: As a rule, do not click on any attachment on the phone. Use your laptop for clicking open attachments or links. Install security apps that can scan attachments and block a link if it looks suspicious.
By offering you a free wireless hot spot
A hacker might offer you a free hot spot in a public place and use the same network to hack into your phone while you browse and read everything you send across the network. Last month, two security experts hacked into a femtocell, a device that boosts wireless signals indoors, to prove that hacking of your smartphone through wireless is as easy as less than $300 (around ₹ 18,200) and by using the right technique. “Getting inside a wireless network is surprisingly easy for the hacker," says Dominic K., adviser, Jarviz Mobile Security, Delhi. “Once inside, the hacker can pick up the signal from phones in a 40-foot radius and capture all your data, including the passwords you type."
Secure yourself: As a general rule, a 3G network is safer to use than a public Wi-Fi. And needless to say, avoid wireless boosters that do not belong to you.
Through a phone charger
Any random phone-charging kiosk in public spaces like airports, restaurants or parks can be converted into a hacking device by putting a system inside it. So when you connect your phone to juice it up, the system can steal your photos and data or write malware into the device.
Secure yourself: If a dying mobile phone gives you the heebie-jeebies, take your charger with you everywhere and use power plugs only. In case you don’t have one handy, the safest way to charge your device at a public space is to switch it off first.
By sending texts with odd characters
Getting SMSs with strange characters like a single square or just exclamations? It’s not tomfoolery but an attempt by a hacker to download a spyware or malware into your device by seeing if there are any loopholes it can get through. Though similar to malicious email viruses, these SMSs are more lethal as you don’t even have to click on a link to get the malware installed.
Secure yourself: Check with the contacts on your phone if they have received similar texts by you. If yes, notify them of a potential hack and restore your phone to factory settings.
■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
Five simple rules to keep your gadgets safe from hackers
There is no end-game with security, as you have to remain constantly aware and take steps to keep from being compromised. These five basic steps, at least, should never be skipped:
u Keep the security lock code of the phone enabled. Even if the phone is idle for 2 minutes, it should be in lock mode.
u Regularly track your apps manager to see which all apps are installed on your phone. If you find something that you have not installed or haven’t heard the name of, delete it.
u Don’t store sensitive information like passwords or credit cards details on your phone.
u Always install apps from authorized marketplaces of your phone.
u Keep all apps up-to-date at all times and install anti-virus apps. Believe us, you need that extra coating of protection.
■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
YOUR PHONE COULD BE HACKED IF...
Check for the following signs, because they could be a tip-off to hacking that you didn’t notice
u Unfamiliar charges appear on your phone bill or the credit card account which is connected to your phone account. It could be a call to Uruguay or a premium SMS for a contest in Afghanistan that you have no idea about. It could also be an in-app purchase on your credit card bill that is too insignificant but you don’t remember doing it.
u Your call history shows calls you don’t remember making.
u You experience ticking or other noises during your phone calls which weren’t there before. It is usually a sign that someone is trying to access your phone.
u Your phone’s performance goes sluggish. Internet browsing becomes slower and your battery life decreases. Or your email or text receipt becomes unexpectedly delayed. All of these point to a malicious program running in the background.