Sign in with
Sign up | Sign in

Why Hackers Target Your Smartphone

By - Source: Tom's Guide US | B 9 comments
Tags :

NEW YORK — Your smartphone is probably a much more tempting target for cybercriminals than your desktop computer, and unless you take proper precautions, it's easier to hack as well.

Think of it this way: Your computer might have sensitive work documents, banking information or personal records, but there are only a few ways people can access those files — in person, via a network or over the Internet.

Your smartphone is almost always on, connected to the Internet, logged into your email and social media, and likely has at least a username stored for your bank account. Your smartphone contains as much sensitive information as your wallet does — more, if you count the contact information for your family and friends.

A smartphone is a whole different beast, said Yuval Ben-Itzhak, the chief technology officer of AVG Technologies, an American subsidiary of the Czech security firm Grisoft. At an AVG event here on Sept.4, Ben-Itzhak explained that the average smartphone has several avenues of attack.

Smartphones can access the Internet, which puts them at risk for a variety of malware and compromising exploits, but malware can come via almost any phone function. Text messages are easily exploitable, especially since an average text-messaging app takes no security precautions. They open automatically and load as soon as your phone connects to a network; in effect, they can't be blocked.

At the Black Hat 2011 security conference in Las Vegas, researchers even demonstrated a proof-of-concept that infected iPhones with malware via charging stations. Although they did not distribute any harmful software, they showed that this behavior, called "juice jacking," could be a threat. If a malicious hacker ever implemented a scheme like this, he or she could conceivably infect hundreds of phones each day.

MORE: 10 Free Online Diagnostic Tools

Hackers also monetize these hacks in fairly subtle ways. Rather than stealing credit card information to buy themselves luxury yachts or scads of DVDs on Amazon, tangible goods that are extremely easy to track, they often subscribe users to premium texting services, which often cost as little as $3 per month.

These scams are much more common in Eastern Europe, where users get charged for premium texts on-the-spot rather than monthly.

Many (but not all) users will catch the extra charge on their phone bills, cancel the service and prevent the malefactors from ever getting their money. But an enterprising hacker can nickel-and-dime his or her way into relative richness.

Hackers do not represent the only mobile threat, either. Leaving your Wi-Fi and Bluetooth functionality activated when you don't need to do so represents a considerable privacy risk. Phones broadcast signals that reveal their model number and location information, and some malls are now leveraging this feature.

By tracking phones, malls can get a good idea of their shoppers' demographics (even though there's no way to identify users, phone preference varies by age, sex and race), which shops their patrons visit and how the two correspond. If users download retail-specific apps, stores can also track when users enter and leave their premises and communicate accordingly, but downloading an app at least allows the user to choose whether or not to participate.

Retailers are not the only entities interested in aggregating mobile data. Up until recently, recycling bins in London had the same functionality. The City of London wanted to gather data on cellphone usage without any apparent end goal in mind, and walking by a recycling bin while your cellphone's Wi-Fi is active would transmit your phone's build and location information directly to the British government.

Public outcry put an end to the invasive bins, but while the City of London — which represents only a small, somewhat separate financial hub in London, not the larger city — was the first government entity to try such a tactic, it probably will not be the last.

In order to keep your mobile information private and safe, keep Wi-Fi and Bluetooth turned off unless you need them, and install a mobile security suite on your phone. Ben-Itzhak also recommended disabling or uninstalling social media apps — the HTML versions of Facebook and Twitter are more secure, and much easier on a phone's battery life.

Follow Marshall Honorof @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Display all 9 comments.
This thread is closed for comments
  • 3 Hide
    milktea , September 5, 2013 10:58 AM
    why did the 'Hacker' cross the road?
  • 0 Hide
    Heironious , September 5, 2013 12:02 PM
    That look you get when you tell people "NO" after they tell you "just do your banking / bill payments on your phone"
  • 0 Hide
    house70 , September 5, 2013 12:07 PM
    "At the Black Hat 2011 security conference in Las Vegas, researchers even demonstrated a proof-of-concept that infected iPhones with malware via charging stations. "
    iPhoneys? NOOOOOOOO!! They're perfect!
    lol
  • 3 Hide
    none12345 , September 5, 2013 12:36 PM
    "Your smartphone is almost always on, connected to the Internet,"

    sure

    " logged into your email"

    never

    " and social media"

    i dont use that cesspool of filth

    ", and likely has at least a username stored for your bank account."

    nope, no bank data

    " Your smartphone contains as much sensitive information as your wallet does — more, if you count the contact information for your family and friends"

    only if you count contact information, then yes

    Personally i dont disseminate private information on the internet. nor allow it to be connected to the internet. Any banking data on any of my computers is only used in a private browser window so the history is wiped.

    If someone stole my phone all they could get is my contact list. Which granted is still a good bit of data. There is no credit card, email, or bank data on the phone.

    Im not paranoid, nor do i think criminals are after me(i have nothing worth stealing), im just not stupid.


    In order to keep your private information private, dont put it on the internet, or on an internet connected device. If you do have to access senstive data, for instance a bank account, do so in a private window, so at least its not in your history or cache. Pretty simple.
  • 0 Hide
    jl0329 , September 5, 2013 3:53 PM
    If you never check your email on your phone these days, 1) you don't have a job. 2) you are 90+ years old.
  • 0 Hide
    mman74 , September 5, 2013 6:13 PM
    If the motive of hackers is to get access to your money, the solution is really simple. If you have online banking, make sure your bank provides you with a dongle. The other thing you can do is to go to your bank and limit online transfers to designated accounts only. Problem solved.
  • -2 Hide
    ojas , September 6, 2013 5:54 AM
    Why Tom's News Is Lame.
  • -1 Hide
    _Cosmin_ , September 8, 2013 2:48 PM
    Well, these are not Hackers...just NSA; so your title is wrong!
  • 0 Hide
    woodscrews , September 9, 2013 9:03 AM
    talk about stating the obvious
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter