What started as a fun, convenient device for communication has turned into a vital everyday business tool. These days, everything you can imagine is linked to your smartphone. It is the nucleus of information for a global empire of devices and applications that make up your personal and working world like email, mobile banking, home security, telephone contacts, and calendars. It stores passwords, PIN codes, and credit card information, along with your photos and games, and your social media.
Most people don’t give a second thought to how valuable this information could be to a hacker until it is lost, corrupted, or stolen. With the rise of smart phones and tablets in the workplace, hackers now have the advantage of attacking enterprises through vulnerabilities in mobile devices. Thanks to the latest advancements in cybercriminal tools and tactics, not only can your mobile devices be hacked, it can be done very easily, and without your knowledge.
The greatest weakness in mobile security is human nature. We’re gullible. We download suspicious applications and we give up permissions and passwords every day. With malware being sent as attachments to open and download from a text or email, a hacker could easily spy on you using your own phone’s camera without you even knowing it. The screen won’t even light up! This enables the hacker to take control of your phone and steal all of the data on it, including passwords and bank account numbers.
Despite making good choices and securing your phone with PIN codes and passwords, hackers can still get into your phone by a known flaw in all cell phones called signaling system 7 – or SS7. This is a vital worldwide network which connects global cell phone carriers, and is used to exchange billing information. Every cell phone needs SS7 to place calls or send texts. Billions of calls and text messages travel through its’ arteries daily. It’s also the network that allows phones to roam. Once accessed, this flaw allows hackers to take control of your phone, track your location and calls, and record what is said.
If you’re like me, you don’t want to install the iOS update when the notification pops up because it takes too long. But not downloading it leaves you vulnerable to a hack. Today’s mobile devices have very good built in technology to warn you when you are going to make a poor security decision. Despite the best intentions of smartphone manufacturers, vulnerabilities are still found that can let hackers in. Pay attention, and make sure to install the operating system updates as soon as they are available. They’re more than just new features and tweaks; they’re there to protect you.
We all love to pick and choose which apps we like and want to download, but malicious applications are everywhere. To be safe, make sure you download apps from the App or Play Stores only and not from a website or message link. Malicious codes are often hidden in apps that let hackers steal your data, pictures, contacts, etc. Never install apps that request permissions to access your data in order to complete the download. Allowing permissions to unknown or unsecured apps is never a good idea. In your settings, disable the option to allow installation of third party apps. Having too many apps is also a danger, as malicious code that is hidden in many apps multiplies the chance of a hack every time another app is downloaded. Keep the amount of apps you install to a minimum, and pay attention to all warning messages.
A widespread security problem is accessing Wi-Fi in popular public places, such as cafes and airports. These networks can be unsecure, letting hackers view everything you do while connected. Spoofing is a common tactic, which uses a “ghost” page that hackers create to mimic the exact page you see when you want to connect to another Wi-Fi network. The page looks authentic, and once connected, you’ve just let a hacker into your device.
Do not share sensitive data when accessing public Wi-Fi, and pay attention to the messages your device is giving you. Its critical to data security. A warning like “The Server Identity Cannot be Verified” is a clear message that the Wi-Fi is not safe to access, but surprisingly 92% of people click continue on this screen!
60 Minutes recently aired a special called “Hacking Your Phone”, and completed a hacking experiment with one of the world’s best, a German hacker named Karsten Nohl. Karsten has a doctorate in computer engineering from the University of Virginia. He works in a security research lab with other international hackers that as a team, advise Fortune 500 companies on computer security. They try to find vulnerabilities in smart phones, USB sticks, and SIM Cards before the bad guys do.
An off the shelf iPhone was given to Congressman Ted Lieu of California to use, with his knowledge that a possible hack could happen. As a member of the House Committee that oversees information technology, he was interested in the outcome.
The only information the team was given was the phone number of the device that was given to the Congressman. Within seconds the hackers were able to locate the phone, and listen to and record both ends of the conversation. They did all of that with just a phone number. A hacker can track you, know where you go, who you call and who calls you, can record what you say over the phone, and read your texts. A malicious hacker could even attack the other phones that you called or received calls or texts from.
Currently, there is no policing for phone carriers. The CTIA is the Cell Telephone Industries Association which represents cell phone carriers and networks, and despite multiple breaches of US companies, they conclude that the current state of security for cell phones and usage in the US is adequate.
Many international cell phone carriers, as well as mobile phone manufacturers like Apple, Samsung, HTC, and Motorola are now paying hackers to test their technology in an effort to make future devices more secure.
So, how do we know what hackers do? Every year over 20,000 hackers meet to share secrets and test their skills at a hacking convention in Las Vegas, Nevada. John Hering, a professional hacker and cofounder of Look Out, a successful mobile security company, is one of these annual attendees. He states that “any system can be broken, it’s just knowing how to break it.” What most people don’t realize is that your phone is essentially a computer in your pocket. There is more technology in your mobile phone than there was in the spaceship that brought man to the moon.
In an effort to protect mobile data, John’s company Look Out has developed a free app that scans your Android or Apple iOS device for malware and alerts the user to an attack. John said “there are two kinds of people or businesses today; those who have been hacked and know it, and those that have been hacked and don’t know it.”