If you’re not worried about your Android or iPhone being hacked, you should be.
Cybercrime is the fastest-growing type of crime in the U.S., and mobile phones are increasingly vulnerable. The cybersecurity industry and law enforcement scramble to keep up with the bad guys. Phone-hacking methods and malware get more sophisticated all the time, and cyberthieves are increasingly savvy at avoiding detection.
- Why would anyone want to hack my phone?
- How are smartphones hacked?
- What are the symptoms of a hacked phone?
- How to check if your phone has been hacked
- What to do if you have been hacked
- How to protect yourself from mobile phone hacking
Why would anyone want to hack your phone?
In 2019, Symantec, now known as Norton LifeLock, reported that it blocked close to 10,600 malicious apps a day on average. One in 36 phones had high-risk apps installed.
What are the hackers after? You name it. Just think about the gold mine of sensitive information that’s stored on your phone.
Thieves want access to your banking, investing and credit card accounts. They can use personal information to steal your identity. If they can get their hands on your user IDs, passwords, or account numbers, they can exploit them for personal gain or sell them to other criminals on the darknet.
Photos, videos and even text messages have value for blackmailers. Some hackers look for anything that might be embarrassing or damaging to the victim’s career if made public. If they uncover sexy photos, for instance, they hold the phone or the data hostage until the victim ponies up.
Mobile crimes of extortion use ransomware. According to the Symantec report mentioned earlier, mobile ransomware infections increased 33 percent from 2017 to 2018.
Finally, someone may simply want to spy on you. There’s nothing in it for the hacker beyond watching you through the webcam, reading your text messages, eavesdropping on your calls, knowing your location, or monitoring your mobile phone activities.
That may be the creepiest motive of all for hacking, and cyberstalkers usually know their victims.
How are smartphones hacked?
By the time you finish reading this, there could be a new mobile hacking scheme. Technology evolves at breakneck speed, and hackers are never far behind.
These are some of the most common hacks.
SIM card swaps
This is a scam to obtain your mobile identity and wreak havoc.
SIM stands for subscriber identity module. Simply put, it’s a tiny memory chip that stores information about you as a cellphone user. The coding on it includes a unique user ID, the name of the system carrier, such as AT&T, and the country code of origin. Phone carriers use it to manage your account and produce your bill.
In a SIM swap, the thief has to have enough information about you to trick your phone service provider.
The first thing he needs is your phone number. Since you probably have it linked to your email, social media and bank accounts, access isn’t that difficult to come by. Some thieves even recruit phone store employees as accomplices.
Social media is a treasure trove for additional information like your date of birth or your dog’s name. The thief will try to piece together enough details to answer security questions that verify your identity.
He calls your provider, pretending to be you, and tells the customer service representative a sob story about losing or breaking a phone. If he’s convincing enough, your carrier will transfer your service to the SIM card in a spare device he owns and disconnect your phone.
Now, the scammer has access to all the data on your phone. He gets your calls, emails and texts. If you store user IDs, he can reset the passwords to your accounts. Mind you, text messages with one-time verification codes will go to him.
Armed with your SIM card, the thief might have a field day draining your accounts. In 2018, a cryptocurrency investor reportedly lost almost $24 million in tokens in a swap.
By now, most people have trained themselves to spot phishing emails on their computers. They’re not as cautious, however, on their mobile devices.
Clicking on links while reading text messages is much more reflexive than clicking on links in emails. Plus, because of the small screen size on phones, you can’t always see a link’s entire URL address.
In mobile phishing, you might get a text supposedly from your bank or credit card company alerting you to fraud. A text could even appear to be from a friend or relative: “Hey, remember this picture at the Mavs game?”
Clicking on the provided link will redirect you to a phony bank website or bogus Facebook login page. In a financial crime, say, you’ll be informed of suspicious activity and asked to reset your password. Any information you enter is up for grabs.
Apps containing malware
Some links in phishing messages download malicious apps containing malware.
One type is similar to keylogging malware, which records every keystroke on a computer. In this case, the technology captures taps, swipes, pinches and other movements on touch-sensitive screens.
Another type is spyware, which opens you up to identity theft. Spyware remotely monitors phone activity. It tracks the phone’s location, call history, text messages, contacts, internet browsing, photos, email and more.
If you’ve rooted your Android or jailbroken your iPhone, spyware can even record phone conversations and the noise around the phone’s current location.
Rooting an Android allows users to alter settings and apps or to run apps that require special permissions. People do it to get around manufacturers’ limitations.
Jailbreaking an iPhone is bypassing Apple’s restrictions by installing unapproved apps or modifying the operating system.
Rooted and jailbroken devices are more susceptible to hacking. Hacks involving malicious apps are much more prevalent on Android devices, but jailbroken iPhones are vulnerable too.
Unsecured Wi-Fi networks and rogue hotspots
Free public networks aren’t all they’re cracked up to be. A dishonest business owner or someone across the street, by exploiting security flaws, can monitor all the unencrypted traffic. As you browse, log into accounts or buy things, you expose your data to cybercriminals.
Rogue hot spots are another danger of using free public Wi-Fi.
Hackers set up look-alike networks within legitimate hot spots in airports, coffee shops and hospitals. When you search your phone for available hot spots, you’ll see two listings that are near identical. One might contain an underscore or capitalization difference.
If you choose the phony network, the hacker can access your data, redirect you to fake websites or inject malware into your device.
This hack mostly takes place in traveler-friendly locations like hotels and airports. Hackers load malware into public USB charging stations. Standard cables don’t just charge batteries; they also transfer data.
As you juice up your device, the malware might lock your phone or export your passwords and data to the thieves. Many hackers also know how to hijack the video-out feature on newer devices. That means they can monitor your strokes as you type in user information.
Hackers sometimes leave infected cables plugged in to lure victims.
Accessing a Google or iCloud account
Hackers who manage to get unauthorized access to these accounts hit the jackpot. Anything you back up from your smartphone is exposed. That might include saved passwords, call logs, contacts, pictures, messages and your current whereabouts. Nude photos command high ransoms, especially if you happen to be a celebrity or politician.
If you have a Google account and use Gmail, cyberthieves have access to all other accounts, like Facebook, that link to your email. The hacker doesn’t even need your phone number. All he needs is an email address.
What are the symptoms of a hacked phone?
By the time most victims of mobile attack discover what’s happened, the damage has already been done. It pays, then, to closely monitor your device and watch for certain signs of trouble, such as…
Regular use shortens your phone battery’s lifespan. Phones, just like people, slow down the older they get.
However, a sudden, significant plunge in battery power is a strong sign of hacking. It means your phone is having to work much harder for some reason.
Malware is usually the culprit. Extra coding, constant monitoring and transmission of data back to nefarious sources drains the battery.
Overly warm phone
This goes hand in hand with a fast-draining battery. Your Android or iPhone is overworked and therefore running hot.
Your phone may be infected if your apps are slow to load or aren’t working properly. Maybe your phone keeps freezing up or crashing even after restarts.
Again, a malware app might be overloading the device, slowing the network connection or clashing with your legitimate apps.
Updates to the operating system can also slow down performance immediately after the install. It could be that you’ve filled up your memory or installed a number of apps that hog bandwidth. In that case, a deep clean should improve functionality.
Everybody experiences a poor signal, a dropped call or background noise now and then. Even so, take these disruptions seriously if you’ve recently done something — such as click on a sketchy-looking ad — that you were unsure about.
Excessive pop-up alerts
Adware is yet another form of malware. It either disguises itself as legitimate software or piggybacks on another program.
Some pop-ups are real ads that generate pay-per-click revenue. What you’re looking for here is a frenetic flurry of pop-ups. Closing them is a little like playing whack-a-mole. They may contain phishing links that urge you to enter sensitive information or direct you to malicious websites.
Outgoing emails winding up in spam folders
This could mean that your configuration has been changed unbeknownst to you. Your emails are being relayed by an unauthorized server and potentially being read by cyberthieves.
What to do if you think you may have been hacked
The importance of acting quickly can’t be overstated. Here are three specific things to check for if you think you may have been hacked…
Look for unfamiliar apps
Sophisticated malware can exploit system vulnerabilities, especially on Android phones, and sneak in disguised as an app.
If you spot an app that you don’t remember installing, do a Google search to find out what it is. Manufacturers and phone service providers sometimes install apps without users’ knowledge, but this is usually a hack job.
Delete the app if you didn’t install it.
Check for increased data or text message use
If you can’t explain unusually high data or SMS usage, do an investigation. That might indicate that malware is transmitting data from your phone to criminals.
Scrutinize your phone bill for unfamiliar outgoing calls. Ask friends, family members and co-workers if they’ve received suspicious calls or texts from your number. Malware may be forcing your phone to route communications through premium-rate numbers. The hackers get a piece of the action.
Check usage by individual app. If one suddenly shows a dramatic spike in use, it might contain malware.
Watch for unusual activity on linked accounts
Watch for sudden changes, such as a request to reset your password, on social media accounts or apps you frequently use. Check your bank and credit card accounts for unfamiliar purchases. A verification email for a new account you didn’t apply for is another bad sign.
What to do if your phone has been hacked
Again, urgency is key. Follow these steps to minimize fallout after a hack:
- Immediately delete any suspicious or unfamiliar apps.
- Immediately change your passwords. Make them much longer, stronger and harder to guess.
- Run a security check on your phone. Spring for quality software that scans for, detects, uninstalls and deletes malware. It will also protect your phone from breaches in the future.
- Subscribe to a password management service like Lastpass or 1Password to find out if your passwords and personal information have turned up for sale on the darknet.
- Check for changes to your credit report with each of the major bureaus. Immediately dispute newly opened accounts or changes to your personal information that were not your doing. Even a slightly different spelling of your name or a transposed street address could indicate identity fraud.
- Inform your friends, family members and colleagues that you’ve been hacked. Tell them to ignore suspicious communications from you.
- If the hack has made your phone impossible to use, restore it to the original factory settings.
Consider that last tip a last resort. You’ll lose all your settings, contacts, messages and other data.
How to protect yourself and prevent your phone from being hacked?
No matter how careful you are, you’ll never be at zero risk for getting hacked. Still, you shouldn’t make it easy for cyberthieves. Here are some commonsense tips and suggestions worth considering:
- Install your updates. There’s more to those inconvenient updates than cosmetics. Many contain improved security software that makes it harder for thieves to hack your phone. When you’re notified of an update for your operating system or an app, install it right away.
- Run some mobile security software. You do this on your desktop or laptop PC right? Smartphones these days are fully fledged computers in our pockets and we should protect them in the same way.
- Don’t click on promotional links or attachments in emails. Log into the website on your own to verify that the offer’s legit.
- Avoid using public Wi-Fi. Even password-protected hot spots could have been set up by thieves. Shut off the Wi-Fi on your phone when you’re not using it.
- If you must use public Wi-Fi, use a VPN tool that routes communications through an encrypted channel. Never broadcast your hot spots.
- Yes, it’s a pain, but use two-factor authentication on important accounts. It’s a valuable extra layer of security if your password is hacked.
- Passwords should contain 16 to 20 random characters. Create a crazy mix of letters in uppercase and lowercase, numbers, and symbols. Using a secure password manager makes this much easier so you do not have to remember all those complex and secure passwords for every site. Personally I use Lastpass and I love it. It runs in my browser and on my phone so I can set super secure unique passwords for all my online accounts and never have to actually remember them.
- Third-party apps host 99 percent of mobile malware. Download apps only from official marketplaces like Google Play Store or Apple App Store. Read the fine print before you grant certain permissions. Scroll through your apps now and then, and delete any you don’t recognize.
- Put password protection on apps that contain sensitive information.
- Don’t offer up your life story on social media. Streamline your feed to eliminate your street address, work address and especially your mobile number. Take advantage of Facebook’s privacy tools to protect your photos and friend lists.
- Promtly report phone hacking to the FBI and your phone service provider.
Buying a smartphone is a significant investment these days. Do all you can to ensure that yours is protected for the long term, and stay safe out there.