Security Awareness – Smartphones

As part of the Office of Technology Systems Security Awareness initiative, this month, we want to focus our attention on smartphones. You hear about celebrity smartphones being hacked all the time and personal information being accessed. Recently, there have been new attacks emerging targeting everyone’s smartphones, seriously jeopardizing people’s identities.  Once a smartphone is infected by this new threat, hackers have full control of your smartphone. They are able to see from your smartphone camera, listen through your smartphone microphone, see when and where you are browsing on your computer screen in real-time, and have full access to your smartphone contacts, smartphone photos, and email accounts. All of this happens very quickly when users installs a malicious app on their smartphone disguised as a legitimate app or clicks on a link in a text message. While all smartphone operating systems are being targeted and hacked, the Android operating system is the most vulnerable due to its open-source nature. Usually a complete wipe of the device is required to remove the infected software.

Another recent attack, not as dangerous as the attack described above, circulating around the Internet is affecting iPhone and iPads. A specially crafted text message being sent between iPhones and iPads causes a perpetual reboot of the device. It started out as a prank between friends and ended up causing multiple phone failures. Factory resets are required in order to correct this issue.

How can you tell if your smartphone has been compromised?

1. Is your smartphone acting strange?  Is your phone taking forever to shut off, lighting up for no reason, suddenly getting much shorter battery life or running hot when you’re not using it?  All of these are signs that indicate hidden apps running in the background.

2. Check your bill for unusual charges.  Another way you can detect if you smartphone has been compromised is by looking for unfamiliar charges on your bill. Hackers can send text messages that cost you money while at the same time putting that money in their hands.

3. Your data usage skyrockets.  This could be because your smartphone is checking in with someone else, using GPS and sending them text messages or emails that communicate where you are and what you’re doing.

What you can do to help protect your smartphone (and tablets):

1. Keep the software on your device up to date. Malware writers design their malicious apps to take advantage of weaknesses in smart devices’ operating systems. By keeping the software on your phone (or tablet) current, you minimize your risk of being a victim of malware.

2. Do not use third-party app stores. In the case of mobile apps, it’s always best to shop the big name brands, and stick with the Google Play Store, Apple App Store, and the Amazon.com app store. If you want to minimize the risk of encountering malware, don’t download from random download sites that you do know. Hackers usually get their malware on your phone by disguising it as a game or as an update for an existing app. Once the app or update is installed, the malware is installed on your phone.

3. Be careful where you click. Some malware comes embedded in Website links or text messages that automatically download a malicious app to your device without your prior approval. Once the link is clicked, the malware is installed on your phone.