tech2 news staffJuly 20, 2021 15:27:00 IST
Last weekend, an international consortium of media organizations released a study of a leaked list of 50,000 phone numbers around the world called Pegasus project. The leaked list is known to contain items of control for authoritarian governments around the world Pegasus spyware (developed by the Israeli NSO Group) to break into the smartphones of critics, journalists, activists, politicians and business leaders.
However, sophisticated spyware such as Pegasus is not the only way someone’s personal device can be hacked. From malicious links to hijacking a public Wi-Fi network, to hacking a user’s smartphone, there are some fairly easy and complex tools and techniques:
Hacker level: Easy
- 1 Hacker level: Easy
- 2 Hacker level: Moderate
- 3 Hack level: Difficult
- 4 How to prevent your smartphone from being hacked
One of the most common hacking tools is a fake application. The Google Play Store and Apple App Store regularly remove hundreds of apps that may be fake or malicious.
Hackers usually create fake applications that mimic a popular application and embed it in spyware or other malicious software. Most of these apps can be found in third-party app stores, social media, pop-up ads on the Internet, or sometimes hackers target users with messages and website links.
Malicious links are another popular way to hack a smartphone, and can sometimes even be a precursor to lead the user to fake applications.
These malicious links or attachments are usually sent via email, text messages, or third-party chat applications. All these user needs are by clicking / tapping the link. Once this is done, the link injects viruses / malware into the user’s device, giving the hacker control of the device’s (part or all of) data.
Phishing is a method used by hackers to impersonate a company or trusted person to obtain confidential information.
Here, hackers often use official-looking communications, usually distributed via email or text messages, which usually lead to a service login page that show legal but is in fact counterfeit. When you follow phishing links on a login page and enter your information – for example, into your bank account – your personal information is stolen. This applies to banks, social media accounts, or other services that require a login and password.
Bluetooth file transfers
It is likely that you have experienced this at least once before: random Bluetooth file transfer from an unknown person. This is typically a virus infection from another infected phone that is trying to drop its payload on your device. Never accept unwanted Bluetooth file transfers.
Hacker level: Moderate
Via public Wi-Fi connection
All networks, including public WiFi, can be sniffed. Unencrypted traffic can be stolen trivially. Your Facebook login? Your bank details? All free game for motivated hackers.
It’s simple; whenever it is absolutely necessary, always avoid a public Wi-Fi connection. And if you’re doing financial transactions on your smartphone, it’s best to give it a hold. Also turn off Wi-Fi when not in use.
Using a smartphone / tablet / laptop on a public Wi-Fi network makes the device vulnerable to hacking.
SIM card replacement
SIM card replacement or SIM hijacking is not quite the easiest way to hack smartphone data, but it is becoming more and more popular. This method can allow a hacker to trick a mobile operator into assigning a number to them, which could result in the user losing control between their social media account, banking applications, and other sensitive login information and information. Basically, any service that uses OTP for authentication can be compromised by this method, making it very dangerous. Remember: Your Aadhar authentication is also done through OTP.
Hack level: Difficult
Bluetooth hacking, also called bluebugging, steals data from another Bluetooth-enabled device without permission. For this hacking technique, a cyber attacker uses specialized software that automatically detects nearby Bluetooth-enabled devices. Bluebugging allows hackers to track the user in real time and even control their device.
Hacking through phone numbers
Another hacking method is a phone number. For this to work, hackers need to know the technical details of phone hacking.
SS7 signaling is used to hack phone numbers – a set of protocols used to make and disconnect calls.
This allows a hacker to record calls, transfer calls, read messages, and search for locations on a specific device.
0 day exploits
These are vulnerabilities in your device or software that are not even known to your phone or software manufacturer. Such exploits are highly valued by criminal organizations and governments because they allow unnoticed use of equipment indefinitely or until the vulnerability is fixed. Exploitation can be something to prevent – like clicking a link in a message or, as Pegasus has used in the past, a zero-click vulnerability in Apple’s iMessage app on iPhone. WhatsApp has been used in the past as an attack vector, Pegasus by infecting target devices simply by making a WhatsApp call. The user did not even have to respond to the infection. WhatsApp previously sued the NSO group for this.
Unfortunately, the nature of the 0-day exploits is that they are not known, so it is almost impossible to protect yourself from them.
How to prevent your smartphone from being hacked
Although it is a sophisticated spyware such as PegasusThe user often can’t do much to prevent hacking, but in most cases, small things can dramatically reduce your chances of hacking.
When it comes to your smartphone, No sharing is caring
The easiest way a hacker can steal your information is if they gain access to your smartphone. Use six character codes (not your birthday) or intricate patterns. Also protect all applications with additional application locks if they may contain sensitive information.
SIM card lock
Setting a password on your SIM card can protect it from hacking.
Go on iPhone Settings> Mobile Phone> SIM PIN. Enter the current PIN code to enable the lock.
Go on your Android device Settings> Lock screen and security> Other security settings> Set up SIM card lock. Enable the option to lock the SIM card here.
Keep Wi-Fi and Bluetooth turned off when not in use
It is possible to hack your smartphone using a Wi-Fi or Bluetooth connection. So whenever you don’t use it, and especially when you’re in public, turn off Wi-Fi and Bluetooth.
Take a safety-conscious position
We’re used to things that “just work” on the Internet and with smartphones. However, any technology can be circumvented or exploited. Here are some things you can do online to protect yourself:
- Make sure that all WiFi networks you connect use WPA2 security and not an older WEP connection, and be sure not to connect to open networks without security
- Do not blindly accept Bluetooth file transfers
- Do not click on links in messages or emails unless you are sure of the sender
- Be careful with the links and addresses you receive – check the sender’s email address carefully to make sure it matches what you know. Check the link URL to make sure it matches what you normally type in your browser to go to the site. Phishing / Malicious Link Detector Tokens – a legal domain prefix with something else attached, such as ICICIBANK.SIGNIN.URLXYZABCFOO.CO, Note end of link; it’s probably not your bank.
- Read the notifications and prompts thrown by the device; don’t blindly click “OK”
- Enable 2-Step Authentication (OTP / Authenticator) for all your online accounts
- Do not scan random QR codes, especially for payments. These can lead to malicious links or, at worst, empty your bank account
- Avoid unlocking Android phones. It is known to be less secure than iOS devices
- When telemarketers call you, pay attention if you plan to stay on the call. Ask questions. What credit card company do they call from? What do they offer? What are they asking you? Phishing is on the rise and there is little recourse if you steal successfully
- Use a VPN to encrypt your communications. It may make things a little slower, but the added security is worth it. You should definitely use VPN on public or hotel WiFi networks