Installing repackaged APP
If you're regularly installing apps for free, then you're also making your phone vulnerable to fake and rogue apps. Experts say many hackers download a popular app, put a malicious code into it and then put it back on the Android Play Store as a free copy of a popular app.
The most rampant way to compromise data on a mobile phone is downloading free applications, says Altaf Halde, managing director of Kapersky Lab (South Asia).
The most rampant way to compromise data on a mobile phone is downloading free applications, says Altaf Halde, managing director of Kapersky Lab (South Asia).
What should you do? Try not to install any unofficial apps, especially if these look like free copies of popular premium apps. Do not click on advertisements shown on the bottom of your phone screen and do not subscribe to sites. When you download games, ensure you have read the reviews posted online that the game is malware-free.
Ways of Hacking
Vishing: Phishing (typically an attempt to get personal information via e-mails) through the telephone
Smishing: Send SMS with a link, clicking on which installs a trojan horse on the mobile, compromising your details
SMS spoofing: Send messages using another number. If successful, a lot of transactions can be carried out pretending to be you
Pranking for profit: Infect smartphones, send premium texts from the device to a site that withdraws money from a bank or credit account
Bluesnarfing: Access information to copy contents of a mobile via bluetooth like calendar, contact list, e-mails, texts, pictures and private videos
Madware: Sneaks in to a device when an app is downloaded; sends pop-up alerts to the notification bar, adds icons, changes browser settings, and gathers personal information
Snoopware: Accesses smartphones to activate the microphone and listen to private conversations or confidential corporate meetings. Also views a calendar and contacts on a handheld device
APPs ask for permission
Any app will ask for your permission to access phone data before you click on 'accept' for installing the app.
Experts say over 70 per cent of Android apps ask for permission for something that can prove risky for your mobile security. Says Halde of Kapersky Lab (South Asia), "Many of these malware applications look very genuine and people fall for it without reading the 'terms and conditions', which need to be checked before allowing the app to be downloaded to your handset."
Experts say over 70 per cent of Android apps ask for permission for something that can prove risky for your mobile security. Says Halde of Kapersky Lab (South Asia), "Many of these malware applications look very genuine and people fall for it without reading the 'terms and conditions', which need to be checked before allowing the app to be downloaded to your handset."
When you read the 'terms and conditions', you will notice terms like 'permission to make phone calls' or 'permission to send information by using internet' and 'send SMSes', Halde of Kaspersky Lab adds.
Explains Kartik Shahni, regional director of RSA Security (India & SAARC), trojans come attached when you download music or a wallpaper for free. Different trojans are programmed differently.
"For instance, some trojans that are called Key Loggers are programmed to record all the keys you punch in. Therefore, when you punch in your username and password in to mobile banking app, Key Logger records it. Thus, compromising your crucial information," he says.
"For instance, some trojans that are called Key Loggers are programmed to record all the keys you punch in. Therefore, when you punch in your username and password in to mobile banking app, Key Logger records it. Thus, compromising your crucial information," he says.
The information recorded might or might not be used to transact using the same mobile. It can be used from a different instrument. For, a mobile banking username and password are mostly the same as the one for your internet banking.
Androids are most prone to being hacked, followed by Windows phones and iPhones. Reason: There are more number of Androids than Windows phones and iPhones. Hence, trojans have a bigger Android user base to attack.
Also, Android is not a regulated operating system. It is an open source. In comparison, Windows and iOS are regulated.
This means there is a code in these phones, owned only by the manufacturing companies, like 7.0 or 7.01. So, the permission to play around with the operating system also lies with only the company.
Thus, though banks' mobile apps are pretty secure, a hacker always thinks two steps ahead. Thus, making it ineffective once a mobile phone has been hacked.
This means there is a code in these phones, owned only by the manufacturing companies, like 7.0 or 7.01. So, the permission to play around with the operating system also lies with only the company.
Thus, though banks' mobile apps are pretty secure, a hacker always thinks two steps ahead. Thus, making it ineffective once a mobile phone has been hacked.
What should you do? Read the terms and conditions before installing an app.
Duplicating SIM Cards
Mobile phones can also be hacked through your SIM card, explains Halde of Kaspersky Lab.
The fraudster makes a false identity proof, say a driver's licence, using details such as date of birth, mobile number and photograph, often found on social networking sites these days.
Using this fake identity proof, the fraudster approaches the telecom company and says he has lost the SIM card and asks for a duplicate one.
The fraudster makes a false identity proof, say a driver's licence, using details such as date of birth, mobile number and photograph, often found on social networking sites these days.
Using this fake identity proof, the fraudster approaches the telecom company and says he has lost the SIM card and asks for a duplicate one.
While that is being issued, the original card stops working for a brief while. In this time, the fraudster, who has already obtained details such as the bank account number and user ID, will also receive the one-time PIN (OTP) from the bank and transfer funds from the bank account.
What should you do? Do not reveal personal details on social networking websites. If you find that your phone is not working for some time, check with your operator if there is a problem with the network.
If not, check if someone has requested for a duplicate SIM. If you have two phones, it is better to register with the bank the SIM card that is not frequently used.
Through Free Wi-Fi
On public places like airport lounges and coffee shops, hacker(s) might provide you free wi-fi. And, then, use the same network to hack your phone. When you browse online, you give out crucial information.
The other very common way of entering your mobile phones is when you use a mobile and have access to a corporate network through Virtual Private Network. Then, the malware can travel and affect the network.
"Say you have a business and some crucial business information is in your handset. You use free or unsecure wi-fi. Then your mobile can be hacked into and details can be collected like some people are used to keeping a back-up of passwords (or credit card number, CVV number, PIN) on the handset, such informations can be compromised on," explains Shahni of RSA Security.
The other very common way of entering your mobile phones is when you use a mobile and have access to a corporate network through Virtual Private Network. Then, the malware can travel and affect the network.
"Say you have a business and some crucial business information is in your handset. You use free or unsecure wi-fi. Then your mobile can be hacked into and details can be collected like some people are used to keeping a back-up of passwords (or credit card number, CVV number, PIN) on the handset, such informations can be compromised on," explains Shahni of RSA Security.
What should you do? A mobile network is safer to use than a public wi-fi. Avoid wireless boosters that belong to a third party.
Through Bluetooth
Many have the habit of keeping their phone's Bluetooth on while on the go. There are many Bluetooth-hacking softwares.
These search for Bluetooth-enabled devices, try and extract crucial information such as contacts, email addresses and text messages.
These search for Bluetooth-enabled devices, try and extract crucial information such as contacts, email addresses and text messages.
What should you do? Keep the Bluetooth off until needed; also saves your phone's battery. Even if you want it on, keep it in invisible mode.
Through Text Messages
Remember the old phishing trick on emails? These can now be true for mobile phones, too, through infected embedded links on SMSes.
These could also come with messages from a friend's number. Sometimes you can receive SMSs that can't be decoded, like a square or a triangle and so on. The minute you open such messages, you download a malware into your device.
These could also come with messages from a friend's number. Sometimes you can receive SMSs that can't be decoded, like a square or a triangle and so on. The minute you open such messages, you download a malware into your device.
There is also something called a Ransomware. It is a class of malware which restricts access to the computer or mobile that it infects, and demands a ransom be paid to the creator of the malware if you want your data (like contact details and pictures) back.
If you don't pay, you lose all the data or it will simply be lying in your phone in an encrypted form.
If you don't pay, you lose all the data or it will simply be lying in your phone in an encrypted form.
What should you do? Never click on any attachment on the phone. Install anti-virus security to scan malicious attachments and block these.
Through mobile chargers
Phone-charging kiosks in public places such as airports, restaurants or coffee shops can be a potential hacking device.
A hacker only needs to install a malicious system into it. On connecting your phone, the infected system steals your photos and data or writes malware into the device.
What should you do? Always carry a charger. Use power plugs only or use a portable charger when on the go.
-----
If you feel that your phone has been hacked, please call us for support on 18002001240 or login a call through our online interface www.bigfix.in
Comments
Post a Comment