Flood of smartphone hacking attacks on the way: Internet Scambusters #769
Since most of us now use our cell phones as the most convenient way of getting online, it's hardly surprising that smartphone hacking is on the rise.
And what the hackers who take over your phone can do may surprise and alarm you.
We'll give you the details in this week's issue, along with 7 simple rules for making your phone safer.
Now, here we go...
7 Things You Must Do to Prevent Smartphone Hacking
While most of us pay serious attention to security risks on our PCs, we're not as vigilant about our portable devices and the risks of smartphone hacking.
Yet, according to Consumer Reports magazine, crooks may be planning a flood of hack attacks aimed at these portable devices, notably those using older versions of the Android operating system.
In fact, a type of malware discovered this past July is said to be posing a threat to hundreds of thousands of Android phones that haven't been updated to the latest versions of the operating system.
The malware, which is called SpyDealer, steals all kinds of information from victims' phones including contact details and call history.
Worse, it's also capable of recording audio and video without the user knowing and even of taking screen shots while the screen is displaying confidential information.
Investigations suggest that Android devices using versions 2.2 to 4.4 are vulnerable to the malware and that as many as 500,000 phones are still using these operating systems.
But how does the malware get onto the phone in the first place? Experts aren't that sure but they think it may have something to do with computer wi-fi networks that have already been hacked and which Android users then access.
In other words, they don't necessarily know their phones have been compromised. And even though security software should be able to protect them, the crooks behind the software keep changing and updating it. It may actually have been around for as long as two years.
The best way to protect yourself is to update the operating system on your phone if at all possible, although some Android devices can't be updated to the latest systems.
Then, make sure that your security software is set to automatically update.
Tip of an Iceberg?
Sadly, this latest discovery could be just the tip of an iceberg.
The Internet is teeming with guides on how to hack Android phones and new viruses are being discovered every day.
Latest malware includes LeakerLocker, a type of ransomware that can lock up phones but also threatens to send your entire collection of photos to all your contacts.
The malware has been getting onto phones through a couple of compromised apps that, at the time of writing, were available for download from Google Play.
The "trojan" claims to already have downloaded the photos onto a server, so, it says, resetting your phone or using a past backup won't protect you.
The ransom fee is between $50 and $65 but paying up won't necessarily protect you.
However, according to security software firm McAfee, there is no evidence so far that the malware has actually downloaded or copied any photos or other information from the phones. It could be just an idle threat!
In truth, it's virtually impossible to seal off your phone against hack attacks or data theft.
Man in the Middle
Even iPhones, which have the protection of Apple's intense app store security, can be vulnerable via interception of confidential information transmitted by some apps.
This isn't an Apple problem but a case of app developers needing to make their software more secure against these interceptions known as "man-in-the-middle" attacks.
However, there are certainly a number of things you can do to make your smartphone safer against the risk of malware or a hack attack.
7 Key Actions
Here are 7 important actions you should take:
- Make sure both your phone operating system and other software are kept up to date. Software producers constantly revise and improve their apps, including "patching" vulnerabilities.
- Before you install an app, check its terms and conditions to see what it proposes to do with your data. And when you install it, scrutinize the "permissions" it requests, such as accessing your camera, photos, microphone etc. If you feel uncomfortable, don't grant the permissions or uninstall the app.
- Keep your phone physically out of reach of others, and keep it screen-locked, so no one can view your data. Don't allow your lock-screen to display personal or confidential information.
- Avoid using your phone on insecure, "open" wi-fi networks. But if you do, don't access sites that require you to give usernames, passwords and other confidential information. Consider using a virtual private network (VPN) to conceal your identity.
See this article for more on VPNs: How — and Why — You Should Use a VPN Any Time you Hop on the Internet.
- Don't install apps from third party "stores." Use only the official app stores. With Androids, use only Google Play or the Amazon app store. With iPhones, you can only use the official App store -- unless your device is "jailbroken." Don't jailbreak!
- Don't reply to or click on links or text messages from sources you don't know. You may be opening your device to access from hackers.
- Be alert to software that doesn't behave normally during use -- for example, strange sounds during phone calls or apps that seem to open by themselves. Run a check using your security software or take your phone to a service provider store and have them run a diagnostic check.
Alert of the Week
The latest lottery/sweepstakes scam plays on our emotions by pretending you're in line for winnings from the Make A Wish Foundation.
To make their scam more realistic, the callers claim to be from the Federal Trade Commission (FTC) or another government agency in Washington DC.
The foundation says it doesn't actually organize any sweepstakes so if you get this call you know for sure it's a scam.
That's all for today -- we'll see you next week.