At a conference in July, researchers from the Georgia Tech Information Security Center in the US demonstrated how an iPhone
can be hacked in less than a minute using a malicious charger. Though Apple
claims to have fixed the issue in iOS7, the popularity of smartphones makes them tempting targets.
“The vulnerability in a smartphone does not come from its system, which is an efficient and power-saving design,” says Sriram Raghavan,
digital security and forensics expert, Securecyberspace.org, a site that is also working on a security-related project with the Indian Institute of Technology, Delhi. “The vulnerable element comes from the market place, from the tempting third-party apps or widgets you install on your system.”
The Mobile Threats Report, released by networking equipment manufacturer Juniper Networks in June, makes similar observations. According to the report, mobile malware threats through malicious apps grew at a whopping 614% between March 2012 and March 2013. There are about 276,259 malicious apps out in the mobile marketplace with almost 92% of them on Google Play.
“A hacker will use any hole in your smartphone or in your lax behaviour to attack you and install a spyware on it,” says Rakshit Tandon, who is a cybersecurity expert and a security consultant with the Internet and Mobile Association of India (IMAI). Once the hacker gets inside a smartphone, he can change and create emails, texts, SMSs, videos, photos, notes and credit and debit card information.
Here are some ways in which hackers can try to get malicious software into your smartphone’s system:
Apps can ask for permission to access phone data. Ask why a note-taking app needs GPS access, before clicking “Accept”.
According to a 2012 study, Pausing Google Play, conducted by Bit9, a US-based mobile security firm, 72% of Android apps (they studied more than 290,000 apps) ask for permission for at least one thing that can prove high-risk for your mobile’s security.
Secure yourself: Always read the permissions list before you install an app and tie it back to the app’s features. Be especially wary of apps that ask for your permission to make phone calls, send SMSs, reveal your identity or location.
By installing a repackaged app
If you’re jailbreaking your phone to install paid apps for free, then you’re also making it vulnerable to fake and rogue apps. According to a 2012 study, the Android Malware Genome Project, by the State University of North Carolina, US, 86% of Android malware uses a repackaging technique wherein the hacker downloads a popular app, decompiles it, puts a malicious code into it and then puts it back on the Play Store as a free copy of a popular app.
Secure yourself: Don’t jailbreak your phone or install any unofficial apps, especially if they look like free copies of popular premium apps or have names like “Silly Birds” or “Fruits Ninja”.
Do you have a habit of keeping your Bluetooth on while you are on the go? Bluetooth hacking is easy with software like Super Bluetooth Hack or BlueScanner—these search for Bluetooth-enabled devices around them and try and extract contacts, email IDs and messages from unsecured phones.
Secure yourself: Keep the Bluetooth off at all times when not needed. It will save your battery as well as data. If on, keep it in non-discoverable mode.
By emailing/texting a malicious link
The old phishing trick on emails has come to the mobile phones through malicious links embedded in MMS and SMS. Think twice before clicking that link or opening attachments you weren’t expecting. Even though it might appear genuine, a SMS or MMS from a friend’s phone could be a malware.
Secure yourself: As a rule, do not click on any attachment on the phone. Use your laptop for clicking open attachments or links. Install security apps that can scan attachments and block a link if it looks suspicious.
By offering you a free wireless hot spot
A hacker might offer you a free hot spot in a public place and use the same network to hack into your phone while you browse and read everything you send across the network. Last month, two security experts hacked into a femtocell, a device that boosts wireless signals indoors, to prove that hacking of your smartphone through wireless is as easy as less than $300 (around Rs.18,200) and by using the right technique. “Getting inside a wireless network is surprisingly easy for the hacker,” says Dominic K., adviser, Jarviz Mobile Security, Delhi. “Once inside, the hacker can pick up the signal from phones in a 40-foot radius and capture all your data, including the passwords you type.”
Secure yourself: As a general rule, a 3G network is safer to use than a public Wi-Fi. And needless to say, avoid wireless boosters that do not belong to you.
Through a phone charger
Any random phone-charging kiosk in public spaces like airports, restaurants or parks can be converted into a hacking device by putting a system inside it.