The modern cellular phone has little in common with the plastic bricks of the 1980s. Smartphones are essentially mini computers people can use to check email, transfer bank funds, update Facebook, buy music and on and on. As a result of this dependence on handheld devices, the risk of these devices being hacked has grown along with the amount of personal and financial information stored therein. In this article, we’ll look at some methods hackers are using to try and get at your data – and what you can do to stop them in their tracks. (Hackers aren't all bad. Read 5 Reasons You Should Be Thankful for Hackers.)
Giving Your Phone the Blues
Bluetooth is a wonderful technology. It allows you to connect to headsets, sync up with cars or computers, and much more. However, Bluetooth is also one of the main security gaps by which hackers can get at your phone. There are three basic types of Bluetooth-based attacks:
- Bluejacking
Bluejacking is a relatively harmless attack in which a hacker sends unsolicited messages to discoverable devices within the area. The attack is carried out by exploiting Bluetooth's electronic business card feature as a message carrier. The hacker cannot access any information or intercept messages. You can protect yourself from these unsolicited spam messages by putting your phone into "invisible" or "non-discoverable" mode. - Bluesnarfing
Bluesnarfing is much worse than bluejacking because it allows a hacker to get at some of your private info. In this type of attack, a hacker uses special software to request information from a device via the Bluetooth OBEX push profile. This attack can be carried out against devices in invisible mode, but this is less likely due to the time needed to figure out the device's name through guessing. - Bluebugging
When your phone is in discoverable mode, a hacker can use the same entry point as bluejacking and bluesnarfing to try and take over your phone. Most phones are not vulnerable to bluebugging, but some early models with outdated firmware could be hacked this way. The electronic business card transfer process can be used to add the hacker's device as a trusted device without the user’s knowledge. This trusted status can then be used to take control of the phone and the data within.
Bluetooth: Far From High-Risk
Despite the fact that Bluetooth is an entry point for some hackers, it is not a very serious security flaw. Updates to the phone's firmware and new security measures have made carrying out these attacks very difficult for hackers. Most hacking requires expensive software and hardware, making it unlikely that the average person’s device will be the target of an attack. (Learn about Bluetooth 4.0 in From Bluetooth to New Tooth: A Look At Bluetooth 4.0.)
Hands-On Hacks
While remote hacking poses a relatively remote risk, hackers can do a lot of damage if they get their hands on your phone. For one, they can manually set up a back door that will allow them to bluebug your device. Or, if they’ve had some time with the phone and have prepared ahead of time, they can attempt to clone your phone card and use your account on another phone – although this hasn’t really been proven to work and would require the phone's owner to be very gullible. So, while leaving your phone unattended is never a good idea, chances are that it will be stolen rather than hacked.
Old Dogs Learn New Tricks
Some of the most obvious cell phone security threats are the ones that have been adapted from computer hacking. Of these, two stand out as real problems for cell phones:
- Phishing
Phishing may be actually more effective on a mobile internet browser because the smaller address bar makes it less likely that a user will carefully check the address before entering information. The best way to protect yourself from phishing is to enter important addresses – those for sites where you will be entering private information – from scratch. - Malware Apps
Just as malware downloaded from the internet can crack open your computer, malware apps can leave your phone exposed. The major app stores usually try to prevent malware apps from getting spread through their platforms, but malware apps do get through and can even be distributed through web pages as a download. Common sense is a fair barrier against malware. Right now, the true extent of malware app penetration is unknown and may be exaggerated. (To learn more, check out The 5 Scariest Threats In Tech.)
Low-Tech Hacking
Not all phone hacks involve software, equipment or technical expertise. One of the most common phone hacks is to take advantage the voicemail of a user who hasn't bothered to set a unique PIN. Phone networks often assign a default PIN in these cases, which allows the hacker to access the voicemail using a person’s phone number and a default PIN picked up off the web. Even if a PIN is set, a hacker can reset your account by learning some key personal details and calling customer service. The best way to protect yourself is to change your PIN regularly and avoid using numbers related to your publicly available info (birthday, anniversary and so on).
The Takeaway
Mobile security is an ongoing concern as users increasingly access personal information from handheld devices. For hackers, the large amount of data stored on smartphones makes them an irresistible target, but regular updates from smartphone manufacturers also make these devices difficult targets. The best way to protect yourself is to be aware of the risks and take the appropriate steps to safeguard your phone, including updating firmware, choosing secure PINs and using extreme caution when transmitting or accessing personal information on a mobile device.