“Although some of the samples are oriented towards profit, by sending text messages or phoning to premium-rate numbers, the wide majority [are] focused on extracting personal information from the device, such as contacts, text messages, browser history and GPS location.”
Here are the top 10 terrible threats that smartphone owners should be aware of.
A short text-messaging variation on phishing attacks, smishing uses text messages to trick victims into calling a fake bank or credit card company and divulging his or her account number and password, under the pretext of needing to confirm a purchase or update security settings. When the customer calls the texted number, a voicemail system set up by the cybercrook records the account number and password.
First demonstrated on connected car systems, such as GM’s OnStar, that allow owners to remotely unlock or start their vehicles, war texting is a hacking technique that sniffs out the codes used to communicate between a smartphone and a car. Once the codes have been uncovered, the hacker can unlock and start the vehicle without a key. In some cases, the criminal may also be able to track the car if someone else is driving it.
Everyone wants a free ride, so some hackers set up free Wi-Fi hotspots in public places such as parks, cafes and airports. Unsuspecting users who log onto the hot spot are then monitored for passwords, credit card numbers and account information.
Open Hot Spot
Conversely, many smartphone owners use their own phones to create an instant hot spot so that their laptops can get online. That’s fine, as long as one creates a strong password requirement (letters and numbers) to sign into the hot spot. Otherwise, hackers may be able to gain instant access to your connection and your communications.
A sophisticated method of intercepting cellular calls, baseband hacking exploits vulnerabilities in the chips and firmware used in both iPhones and Android-based smartphones. Such attacks use the phone’s baseband processor to turn it into a listening device that allows the intruder to eavesdrop on conversations. However, it requires knowledge of the firmware in these phones, as well as setting up a temporary cellular node (essentially, a fake cellular tower).
Bluetooth device-pairing default passcodes for smartphones are usually “0000” or “1234.” For convenience’s sake, many users never change the defaults; that’s a mistake that can give an attacker access to all your messages and contacts. Additional Bluetooth attacks have also been demonstrated — so-called “fuzzing” attacks — that overwhelm and crash a device using Bluetooth signals.
Text messages, Facebook postings and Twitter tweets are rife with shortened URLs , thanks to services such as Bit.ly. Unfortunately, shortened URLs are being used to hide malicious sites and software, leading surfers astray to porn sites, spam pages and worse.
A Few Bad Apps
Back in March, a major malware infection occurred on many Android phones. Hackers used a Trojan known as Droiddream and hid in it as many as 50 different rogue apps. The applications looked legitimate because the program piggybacked on real apps which were available in the official Android Market.
The One-Minute Attack
The problem with smartphones is that they are always on, which means that a smart hacker can attack quickly and get out before the victim is aware anything is wrong. That’s the idea behind Android.Spyware.GoneSixty.Gen , recently discovered by Bitdefender. Once installed on a phone, it sends all messages, recent calls, browsing history and other information to a remote location — and then uninstalls itself. All this takes place in less than 60 seconds.
Simple, but effective, this is how a Florida man allegedly got hold of those compromising pictures of Scarlett Johansson . A weak password — one based on, say, a pet’s name or a childhood address — enabled him to hack into the Hollywood star’s email account and then set it to automatically forward all incoming and outgoing emails to him. Researchers say hackers are now focusing on using the same technique to hack into smartphones in order to extract important corporate data and industrial secrets.