All the reasons why cybercriminals want to hack your phone
Credit to Author: Kayla Matthews| Date: Tue, 18 Dec 2018 16:00:00 +0000
When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone.
1. To infect it with malware
Many smartphone users assume they can stay safe from malware and other threats by installing antivirus apps on their phones and being extra careful about the websites they visit. They typically don’t expect their phones to have malware out of the box. However, researchers showed that’s what happened with more than three dozen Android models, typically from lesser-known brands.
The phones had Trojan malware installed on them before they reached users, and the culprit appeared to be a software vendor in Shanghai that was a shared reseller for a brand of antivirus software. Although it’s not clear what the hackers wanted to do after infecting the phones, the malware was particularly hard to remove. Often, it involved fully reinstalling the operating system.
2. To eavesdrop on calls
People use their phones to speak to loved ones, discuss business plans, talk about their travels—all manner of personal, intimate content. So, it’s not surprising that criminals would want to break in and listen, whether to case a target or simply for voyeuristic pleasure. But how do they do it?
There’s a flaw in US cellular exchange, the vulnerability known as SS7, which allows hackers to listen to calls, read texts, and see users’ locations after learning their phone numbers. Even though US agencies know about the issue, they haven’t taken decisive action to fix it, leaving Americans’ phone privacy at risk.
3. To steal money
Ransomware attacks cause headaches for computer users by making the affected machines lock up or holding files hostage until people pay the ransom to restore access. Even then, paying doesn’t guarantee a return to proper functionality. Ransomware doesn’t only affect computers, though. There’s a recent trend of mobile ransomware, which often originates from malicious, third-party apps.
In one example, a third-party app promised to optimize the Android system but actually tricked people into transferring $1,000 from their PayPal accounts. The login process was legitimate, so it wasn’t a phishing attempt. However, once people logged in, a Trojan automated the PayPal transfer.
4. To blackmail people
The crime of blackmail isn’t new, but threat actors recognize that the small computer in people’s pockets and purses likely has more personal information stored in it than a desktop or laptop. And they are able to first cut people off from accessing their phones before then threatening to leak the information they find.
Criminals may start the hack after obtaining some personal information from a victim that available on the black market due to a previous, unrelated breach. They then use that information to contact the victim’s phone company and pose as the user, saying that they want to transfer the number to a new phone. Phone companies often provide such services and can automatically transfer information, including phone numbers, to a new device. The trouble is that in this case, the old phone still works but it’s useless to the person who owns it.
After hackers take over a phone in this way, the stage is set for more serious crimes—blackmail among them. If a person had essential numbers in their phone not backed up elsewhere, they could easily feel pressured to cave into hackers’ demands to avoid worse consequences.
5. To damage your phone
Hackers feel they’ve accomplished a goal by causing chaos for victims. One way to do that is to make the phone overheat and ultimately ruin it. Security researchers warned that hackers could break into a phone’s processor and use it for mining cryptocurrency. In addition to making the phone slow down, it can also cause the phone to get too hot or even blow up!
There are many reliable cooling devices used in cell phones for temperature management, even “intelligent” temperature management solutions that heat up your phone’s battery when it’s too cool and cool it down when it’s too hot. However, if hackers have their way, even those normally sufficient internal components could fail to keep the device cool enough.
One type of the cryptomining malware called Loapi is often hidden in apps that appear as downloadable games. Security researchers ran a test and found it actually made a phone battery bulge due to excessive heat after only two days.
6. To threaten national security
Countless analysts have chimed in to say that President Trump’s alleged use of insecure mobile devices could help foreign adversaries glean information about the United States that could threaten the nation or at least give information about the president’s intended actions.
In 2018, Billy Long, a Republican congressman, had his mobile phone and Twitter account hacked. Cybercriminals know that one of the primary ways politicians interact with followers is through social media.
Besides threatening national security more directly, these hackers could erode the trust politicians have built with their audiences, especially with fake posts that seem to come from the genuine account owners.
Cybercriminals know that by hacking the mobile phones and social media accounts of politicians, they are contributing to the overall public opinion that politicians cannot be trusted. Instead of looking to the source for information, users might instead look for news via sources that are even less reliable or strategically crafted to spread fake news.
7. For fun or notoriety
Some hackers get a thrill by successfully pulling off their attacks. Hacking is a source of entertainment for them, as well as an ego boost. If money isn’t the primary motivator for cybercriminals, then notoriety is might be a close second. Hackers may get into phones because it’s a newer challenge that might require more cutting-edge malware development techniques. Ultimately, many cybercriminals want approval from others in the industry and desire their respect.
8. To get payment information
E-wallets, which store payment information inside smartphone apps so people don’t have to carry real credit or debit cards, are convenient. However, their rising popularity has given hackers another reason to target phones.
Often, cybercriminals entice people to download fake mobile payment apps (of course believing they are real). Then, once people enter their payment information, hackers have the information needed to charge transactions to the cards.
9. Because so many people use it
Since hackers want their attacks to have significant payoffs, they know they can up their chances of having a major impact by targeting smartphones. Information published by the Pew Research Center shows 95 percent of Americans own smartphones. To put that in perspective, only 35 percent of the population did in 2011, when the organization first conducted a survey on smartphone ownership.
Also, different research from another organization reveals that mobile Internet usage is overtaking desktop time. People are becoming increasingly comfortable with using their smartphones to go online, browse, and even shop. As such, no matter what kind of hack cybercriminals orchestrate, they can find plenty of victims by focusing on smartphone users.
10. Because it’s an easy target
Research shows that mobile apps have rampant security problems. This gives criminals ample opportunity to infiltrate insecure apps rather than the phones themselves.
In one case, about 40 of the top 50 shopping apps had at least a few high-level security vulnerabilities that allowed hackers to see personal information or deceive users by luring them to dangerous apps that were copies of the originals.
Further research about problematic dating apps found that many of them give third parties access to unencrypted data through vulnerable software development kits (SDKs). Hackers know some apps achieve hundreds of thousands, or even millions. of downloads. If they can break into them, they’ll get fast access to the phones that have those apps installed and the people who use them.
How to stay protected
These examples show that hackers have a myriad of reasons to hack phones and even more ways to make it happen. One easy way to protect against attacks is to avoid third-party app stores and only download content from the phone’s legitimate app stores, such as Google Play or iTunes. However, threat actors can penetrate those platforms, too, and many an infected or rogue app has made its way through.
It’s also smart to keep tabs on phone statistics, such as battery life and the number of running apps. If those deviate too much from the norm, that’s a sign hackers may be up to no good in the background.
Running a mobile antivirus scan at least monthly, or installing an always-on cybersecurity program is another good strategy, but only if the application comes from a trustworthy source, such as the vendor’s official site.
Instead of being overeager to download new apps, people should ideally exercise caution and only do so if numerous sources of feedback indicate they are free from major security flaws. Some app development companies are in such a hurry to get to the market with their latest offerings that they do not make security a priority.
Besides these more specific tips, it’s essential for people to be highly aware of how they interact with their phones. For example, strange pop-ups or redirects in a phone’s browser, or random icons appearing without having downloaded a new app could indicate problems, and individuals should not assume that everything’s okay. When in doubt, it’s best to stop using the phone and get some answers—before hackers learn all they need to know about you.
The post All the reasons why cybercriminals want to hack your phone appeared first on Malwarebytes Labs.