Are you sure the mobile device you use is absolutely safe so that even all the financial transactions can be conducted via this?
Sure, the technology that supports mobile communication has evolved a great deal and the security level associated with this also has matured accordingly. Anyhow the mobile devices have become indispensible in today’s world but this also raises some issues and questions, prominent being the unauthorized access of your mobile data. Here we discuss some possibilities.
From brute-force to other systematic attacks that were aimed at your good old PC is now being reformulated to target your mobile devices as well.
Some possible modes and channels are…
Many manufacturers embed device management tools to remotely configure and update their mobile devices and for these manufacturers, production of many of these applications in-house poses many headaches. Moreover, outsourcing also reduces overheads.
This scenario opens up many possibilities to add holes in the software system which hackers capitalize.
This happens when a new software application gets installed into the system. Among the ways are duping the user, which results in user knowingly installs it but, without knowing the consequences. Many a times malwares piggyback on other applications and games also. Malware attacks on mobile devices are on a steady raise.
A story that trickled out some time back is the hacking of the accounts of then CIA director John Brennan and many other top end intelligence officials by a teenage hacker group.
Yes, we are talking about military grade espionage, and you know, in comparison, to breach into a simple mobile device is by and large a simple affair. Many malwares have the ability to redirect or forward messages, photos, contact details etc.
In the yester age of laptop mailing, SSL and TLS offered excellent security for the common but sophisticated key loggers were able to circumvent these in-transit security layers by tapping into the system at the data entry stage itself.
In the mobile device scenario also there is reason for apprehension as these circumvention strategies evolve. Apart from key loggers, it’s also possible to mislead the victim to allow a draw over and take screenshots every other second. This means neither personal nor highly confidential information are no longer safe, whatever message application victim use. It’s not a big deal to bundle these screenshot files as a video or a gif and sent to any destination. This file could still be much smaller than many of the common videos we share via chat apps.
Some Nigerian and Russian hacker groups, it is heard, have even started reselling this as a service. It is unfortunate many of the devices out there are already compromised due to system vulnerabilities itself, let alone additional malwares. A move by the Government of India to curtail the sales of some Chinese brands of mobile phones should be seen in this light. There are reasons to doubt the inclusion of intentional black hat coding in these phones’s OS system itself.
Only recently Google banned more than five hundred apps from play store and many of them are also very popular, because of the possibilities for unethical behavior pattern these apps are embedded with. Again, unfortunately, many of the mobile phones already carry apps of this class. This banned five hundred is just a meager number considering there are literally many thousands of these apps floating around in and out of play store.
This involves using baits to make the mobile user initiate certain actions like clicking links, filling masqueraded forms etc. This could be presented as exceptional offers from well known organizations were the users are invited to follow in and sometimes, fill in certain details. Victims usually end up divulging personal information.
The users are also invited to follow links as a part of apparently fun filled games or to try out trial software that could contain malware. This can compromise user’s phone or other devices.
For rapid re-access and reuse of data, systems store these in a temporary storage area. When an application push in more data to this area than it is intended to hold, results in buffer overflow and could overlap and overwrite adjacent memory. Many a times this is a program error but can result in data snooping and security attacks. Data transfer quantity via mobiles are on the rise, the data transfer speed via networks are also increasing dramatically. So, chances for buffer overflows and possibilities for data corruption have also increased many fold and so has the security risks associated with that.
Eavesdropping! Yes, as simple as that!
You now enter into the dark domain of Stingrays. Have you heard of these before?
This system masquerade somewhat as a mobile phone tower and nearby mobile phones gets connected to it. This device can grab all the necessary metadata. Some versions can read your SMS and more.
Many law enforcement agencies use these or similar systems to eavesdrop especially during VVIP visits, at terrorist hideouts etc. It is also known, creative backyard engineers building and using these to pipe out valuable information.
Talks about bluebugging have been on the scene for quite some time now. Victim’s Bluetooth signals are intercepted and hacked into. This gives hackers access to the texts, contacts, call history, photos… well, almost everything on your phone.
Sharing files can make the infection more widespread.
Among other uses, scammers can use these hacked phones to make long distance calls, which generally have better voice quality than calls via chat apps over internet.
Having said all these possibilities, unless you are such high profile stuff, it is very unlikely for you to be under the scanner of a competent hacker!