Who is spying you with your smartphone?
Knowledge 17 February 2017 Krzysztof Sadecki
People nowadays are stuck to their smartphones all the time, night and day. Who needs computer while you can check email, chat with friends, use social media, read news, pay your bills, do shopping and meet the love of your life using only a smartphone? However, with this treat we can expect a trick.
We all love the newest devices and apps and enjoy using them. According to the Gallup report more than a half of smartphone users check their device more often than once an hour. At the same time 61% claims that comparing to the people around, they do it less often. We could wonder if it is a result of misperceive or people somehow feel it is not socially acceptable behaviour to stare at their phone too often, so try to excuse themselves with thinking that some people are doing it more often. However, leaving psychology and sociology for now, it is also worth to notice that, as research shows, the younger person is the more often they check and use their phone.
People are simply addicted to their smartphones, but the truth is, almost everything can be done with them. Thanks to technology development we moved countless areas of life onto internet and electronic devices, just because it could simplify our lives and save time. Nevertheless such development leads to the expansion of its downsides, which in here means extension of cybercrime.
This research of Gallup was conducted among Americans, but I believe most of nations can relate. People are simply addicted to their smartphones, but the truth is, almost everything can be done with them. Thanks to technology development we moved countless areas of life onto internet and electronic devices, just because it could simplify our lives and save time. Nevertheless such development leads to the expansion of its downsides, which in here means extension of cybercrime.
At least half of users are aware of some of the security risks associated with every day using smartphones for many purposes, like insecure Wi-Fi connection, improper social media logoff or disposal of phone, specialized malware or location tracking. Only few know about auto transmission, diallerware and spyware.
The biggest risk seems to appear with apps which smartphone users download to their devices. There are many ways such app can treat the user, which are for example: • installing helper apps to display unwanted adverts, • copy, send or expose data form device, including contact databases and browser history, without the user’s knowledge • send premium SMS to defraud consumers • attempt to jailbreak or root device without user’s knowledge • lead to phishing websites.
Malware can cause the data leak in many ways. Some of these apps are going through the API to get the data directly. However, last year McAfee report shows that cybercriminals are switching into using legitimate apps. Their malware is extracting data from device through other trusted apps, using their vulnerabilities. Such malware can appear in the clone app created on the base and pretending to be some popular app, like it happened to Flappy Bird or Balloon Pop. It is a very easy way to gain access to the device of unwary user.
Contrary the expectations, risky or malware apps are not only those from illegitimate resources and coming from publishers in Asia or Eastern Europe.
According to Marble Labs report about 30% of all free apps for Android available at Google Play are risky or malicious. What more the leader in developing and publishing such apps is the United States, where 42% of analyzed risky apps come from.
However, if we consider the general amount of apps from different countries, we will notice that Asian apps are more likely to be malicious. Likelihood that app from China is risky is almost 9%, from Taiwan 7% and Singapore 4%, while for US it’s a bit more than 1%.
The other way to spy any mobile user is Bluetooth. When one keeps Bluetooth on his mobile on, then any other device with Bluetooth can identify them. It is simple as that, just the way the Bluetooth works. Even if we use the option of staying invisible for other devices, the Bluetooth signal is still on, so that other device cannot connect directly to our phone and for example send a file, but it still can register that such device is in the area.
Who can spy you this way?
The answer is easy: anyone with Bluetooth device. Last days the airport in Dublin was accused of spying on the passengers , because they used Bluetooth and Wi-Fi signal to track passengers traffic around the airport. Dublin Airport’s monitors detect the unique number or MAC address of the device, so they can calculate queue times and dwell times in certain areas of the airport. They claim this system customer service and operating in at least 20 other airports around the world. They also said, they do not collect any personal data. But isn’t tracking one’s localization a personal data?
It is also reported as possible that someone could hijack a camera in the smartphone and use it to capture photos, video and audio without the knowledge of the phone owner. At the beginning it was known as NSA backdoor to iPhone devices, which also could intercept files, localization, messages, voicemail and contact list. The same is claimed as possible for Blackberry and Android devices. Video showing how to activate camera on Android was published in 2014 by a Pole, Szymon Sidor. Fortunately such hacking must be proceeded on particular target, so it is barely possible to become a random victim of such attack.
Unfortunately many incidents are caused by users themselves, because they are unaware or do not pay enough attention to risk possibility. Some entrust pirated apps or are not careful with downloading apps from official sources and allows the app to have an access to much more data than is needed. Too many people still are likely to sell their soul to the Satan if such point would be in the Licence Agreement only because they do not read it. According to MeasuringU, no more than 8% of users read Licence Agreement. The same happens with accepting access requirements of mobile apps. User wants the app, so would agree to everything, without a wonder why a simple sticky note app might need the access to the messages, account details or camera.
Another common thing among smartphone users is keeping in touch with family and friends via social media and apps and reporting their activities and localization. It is possible to check in somewhere intentionally using apps or Facebook, or to do it by an accident, because one did not disable localization saving on his device or app. However, while we share such information on the internet we must be aware that it turns public and anyone can see it, without any specialized malware.
It is a common knowledge for few years already that US and UK intelligence agencies can gain access to our devices. If there is anything hackers can do to somebody’s smartphone, why would not NSA be able to? That means they can, and it is claimed they do, for example remotely turn on mobile and apps, track device even if turned off or gain access to microphone to listen in on conversations.
Coming back to the top question: who is spying you with your mobile? The answer is easy: maybe nobody, but can be anyone. There are a lot of ways to gain access to data stored on the mobile device and to device itself. It can be done by fraudsters through the app to collect data and sell it or mislead the user to pay. I can be done directly, using Wi-Fi or Bluetooth, by the public services or intelligence agencies. It can be done by anyone who knows you, as there are many spying apps, which everyone could simply buy.