Hacking: How to deal with the menace
The ways in which people can get at your private data, and how you can prevent it
At a conference in July, researchers from the Georgia Tech Information Security Center in the US demonstrated how an iPhone can be hacked in less than a minute using a malicious charger. Though Apple claims to have fixed the issue in iOS7, the popularity of smartphones makes them tempting targets.
“The vulnerability in a smartphone does not come from its
system, which is an efficient and power-saving design,” says Sriram
Raghavan, digital security and forensics
expert, Securecyberspace.org, a site that is also working on a
security-related project with the Indian Institute of
Technology, Delhi. “The vulnerable element comes from the
market place, from the tempting third-party apps or widgets
you install on your system.”
The Mobile Threats Report, released by
networking equipment manufacturer Juniper Networks in June,
makes similar observations. According to the report, mobile
malware threats through malicious apps grew at a whopping 614%
between March 2012 and March 2013. There are about 276,259
malicious apps out in the mobile marketplace with almost 92%
of them on Google Play.
“A hacker will use any hole in your smartphone or in
your lax behaviour to attack you and install a spyware on it,”
says Rakshit Tandon, who is a cybersecurity expert and a
security consultant with the Internet and Mobile Association
of India (IMAI). Once the hacker gets inside a smartphone, he
can change and create emails, texts, SMSs, videos, photos,
notes and credit and debit card information.
Here are some ways in which hackers can try to get
malicious software into your smartphone’s system:
By asking
Apps can ask for permission to access phone
data. Ask why a note-taking app needs GPS access, before
clicking “Accept”.
According to a 2012 study, Pausing Google Play,
conducted by Bit9, a US-based mobile security firm, 72% of
Android apps (they studied more than 290,000 apps) ask for
permission for at least one thing that can prove high-risk for
your mobile’s security.
Secure yourself: Always read the
permissions list before you install an app and tie it back to
the app’s features. Be especially wary of apps that ask for
your permission to make phone calls, send SMSs, reveal your
identity or location.
By installing a repackaged app
If you’re jailbreaking your phone to
install paid apps for free, then you’re also making it
vulnerable to fake and rogue apps. According to a 2012 study,
the Android Malware Genome Project, by the State
University of North Carolina, US, 86% of Android malware uses
a repackaging technique wherein the hacker downloads a popular
app, decompiles it, puts a malicious code into it and then
puts it back on the Play Store as a free copy of a popular
app.
Secure yourself: Don’t jailbreak
your phone or install any unofficial apps, especially if they
look like free copies of popular premium apps or have names
like “Silly Birds” or “Fruits Ninja”.
Through Bluetooth
Do you have a
habit of keeping your Bluetooth on while you are on the go?
Bluetooth hacking is easy with software like Super Bluetooth
Hack or BlueScanner—these search for Bluetooth-enabled devices
around them and try and extract contacts, email IDs and
messages from unsecured phones.
Secure yourself: Keep the Bluetooth
off at all times when not needed. It will save your battery as
well as data. If on, keep it in non-discoverable mode.
By emailing/texting a malicious link
The old phishing trick on emails has come
to the mobile phones through malicious links embedded in MMS
and SMS. Think twice before clicking that link or opening
attachments you weren’t expecting. Even though it might appear
genuine, a SMS or MMS from a friend’s phone could be a
malware.
Secure yourself: As a rule, do not
click on any attachment on the phone. Use your laptop for
clicking open attachments or links. Install security apps that
can scan attachments and block a link if it looks suspicious.
By offering you a free wireless hot spot
A hacker might offer you a free hot
spot in a public place and use the same network to hack into
your phone while you browse and read everything you send
across the network. Last month, two security experts hacked
into a femtocell, a device that boosts wireless signals
indoors, to prove that hacking of your smartphone through
wireless is as easy as less than $300 (around Rs.18,200)
and by using the right technique. “Getting inside a wireless
network is surprisingly easy for the hacker,” says Dominic K.,
adviser, Jarviz Mobile Security, Delhi. “Once inside, the
hacker can pick up the signal from phones in a 40-foot radius
and capture all your data, including the passwords you type.”
Secure yourself: As a general rule,
a 3G network is safer to use than a public Wi-Fi. And needless
to say, avoid wireless boosters that do not belong to you.
Through a phone charger
Any random phone-charging kiosk in public
spaces like airports, restaurants or parks can be converted
into a hacking device by putting a system inside it. So when
you connect your phone to juice it up, the system can steal
your photos and data or write malware into the device.
Secure yourself: If a dying mobile
phone gives you the heebie-jeebies, take your charger with you
everywhere and use power plugs only. In case you don’t have
one handy, the safest way to charge your device at a public
space is to switch it off first.
By sending texts with odd characters
Getting SMSs with strange characters like a
single square or just exclamations? It’s not tomfoolery but an
attempt by a hacker to download a spyware or malware into your
device by seeing if there are any loopholes it can get
through. Though similar to malicious email viruses, these SMSs
are more lethal as you don’t even have to click on a link to
get the malware installed.
Secure yourself: Check with the
contacts on your phone if they have received similar texts by
you. If yes, notify them of a potential hack and restore your
phone to factory settings.
■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
PROTECT YOURSELF
Five simple
rules to keep your gadgets safe from hackers
There is no
end-game with security, as you have to remain constantly aware
and take steps to keep from being compromised. These five
basic steps, at least, should never be skipped:
u Keep the security
lock code of the phone enabled. Even if the phone is idle for
2 minutes, it should be in lock mode.
u Regularly track your
apps manager to see which all apps are installed on your
phone. If you find something that you have not installed or
haven’t heard the name of, delete it.
u Don’t store
sensitive information like passwords or credit cards details
on your phone.
u Always install apps
from authorized marketplaces of your phone.
u Keep all apps
up-to-date at all times and install anti-virus apps. Believe
us, you need that extra coating of protection.
■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
YOUR PHONE COULD BE HACKED IF...
Check for the
following signs, because they could be a tip-off to hacking
that you didn’t notice
u Unfamiliar charges
appear on your phone bill or the credit card account which is
connected to your phone account. It could be a call to Uruguay
or a premium SMS for a contest in Afghanistan that you have no
idea about. It could also be an in-app purchase on your credit
card bill that is too insignificant but you don’t remember
doing it.
u Your call history
shows calls you don’t remember making.
u You experience
ticking or other noises during your phone calls which weren’t
there before. It is usually a sign that someone is trying to
access your phone.
u Your phone’s
performance goes sluggish. Internet browsing becomes slower
and your battery life decreases. Or your email or text receipt
becomes unexpectedly delayed. All of these point to a
malicious program running in the background.
No comments:
Post a Comment