How Hackers Break into Your Phone

How Hackers Break into Your Phone

In 2019, Twitter CEO Jack Dorsey’s Twitter account was hacked. An anonymous hacker group took over his Twitter account for 20 minutes and fired off nearly two dozen tweets and retweets.

After a thorough investigation, Twitter discovered that the @jack account was “compromised due to a security oversight by the mobile provider.

Our smartphones can be the go-to device for checking email, paying bills, or posting to social media. It is important to have solid cybersecurity practices when using your phone. In this blog, we will discuss some tricks hackers like to use to take control of phones, and we will give you some tools on how to defend yourself from those tricks.

Phishing

Smishing is a type of phishing attack conducted using SMS messages on smartphones. Hackers will text instructions that are perceived as urgent. They will also include a link to try to persuade people to install an app or security software, that will end up being malware if opened.

When it comes to smishing techniques, you should always be mindful of the sender. Check to see how the text or email is written – does it include any grammatical or spelling errors? Smishing texts usually do not include personal details such as first and last names. Sometimes these texts will address others as Mr. and Mrs./Miss or just start as “Hello”.

Vishing, or voice phishing, is a type of attack that is also conducted by phone but usually targets people who use Voice over IP services like Zoom, Microsoft Teams, or Skype. As always, the goal is to get sensitive information.

If someone were to call this number and get a voicemail, it will include instructions to give away information to the automated service. It is common for people to fall for this because automated phone systems have become a normal part of life.

The caller will almost always claim to represent the IRS, Medicare, the Social Security Administration, or some other large agency. Unless you have requested contact with these organizations directly, none of these federal agencies will ever initiate contact with you by email, text messages, or social media to request personal information. Be skeptical of anyone who calls with an offer.

Third-Party Apps

Apps are another way that hackers can infect your phone. Malicious code can be inserted into free versions of popular apps.

Be cautious about installing apps from unknown sources, especially free versions of popular apps. Only download apps from the App Store, Google Play, or other official sources. Companies like Apple and Google constantly screen and remove suspicious apps.

While many apps over-request permissions to collect your data, some third-party apps will request access to anything from your location to your camera rolls.

Even apps that are not intended to be malicious can leave your smartphone vulnerable. Apps that use weak encryption algorithms can leak your data to cybercriminals. Sometimes, if the app is improperly developed, hackers can find back doors in the code to exploit, allowing access to personal data.

A good practice to protect yourself from these types of apps is to read what permissions the app is asking for. Often, it can be natural to click “accept” when downloading apps because of the urge to use the app as soon as possible. Even if an app’s permissions seem to line up with its function, check to see the extent of those permissions. Usually, other users who download these apps will post reviews explaining how intrusive the app is.

SIM Card Swapping

Let’s say that your smartphone suddenly stops working: no data, no text messages, no phone calls. Then, you get a random notification from your cellular provider that your SIM card has been activated on a new device. This could be a sign that a hacker has pulled a SIM card swap to hijack your cell phone number.

Scammers may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone they purchased. If the scammer can convince customer support that they are you, the scammer will access all your text messages, calls, and data on the new phone.

Equipped with your log-in credentials, the scammer could log in to your bank account and steal your money or take over your email or social media accounts. And they could change the passwords and lock you out of your accounts.

The scammer could open new cellular accounts in your name or buy new phones using your credentials. If your phone uses text messages as a form of multi-factor authentication, they can use these codes to log in to your accounts because they will start receiving the messages.

To protect yourself from these attacks, be mindful of some of the same strategies we discussed with phishing. Do not directly reply to any calls, emails, or text messages that request personal information. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.

Be sure to limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. If you are using multi-factor authentication, opt for app-based forms. Apps like Google Authenticator or Authy are great alternatives.

Google Authenticator, Authy, or Windows Authenticator are great alternatives to text-based 2FA.

Wrapping Up

Since we are always on the move, it can become easy for us to overlook cybersecurity on our phones. We are inundated with texts, emails, and notifications daily, but it is important to be mindful of phishing attempts. Hackers are banking on you quickly clicking an email or text due to the busyness of the day or for your mind to be focused on something else while scrolling through your phone.

“There’s an app for that.” Developers have created applications that have made our daily lives simpler and more convenient. Unfortunately, this has made it easier for cybercriminals to take advantage. Developers may release an all-inclusive app, but it is filled with intrusive features like location information or access to contacts. Or, to keep the app as simple as possible, developers do not make their apps secure enough, giving hackers easy access to exploit users.

Check all details of an app before downloading it; reach out to the developers if you have any questions about security. You can also find answers to these questions from other users by looking at the reviews in the app store.

If you believe you may be the target of a SIM card swap, contact your cell service provider instantly. You can regain access to your phone number; and when you do, change your account passwords first. Scammers are usually looking to target phones for access to banking information, so be sure to check your financial accounts for unauthorized charges or changes. If you see any, report them immediately.

Back to blog