Hackers try to hide their activities and hope you won’t notice when they steal your identity and your data from your smartphone.
Here are the more frequent signs that you’re being hacked and how to minimize the risk or thwart the attack.
Wi-Fi in public places, such as cafes or stores, is often unsecured for patrons’ convenience. However, unsecured Wi-Fi lets malicious hackers easily intercept your data stream while you’re connected. Such intercepts are called man-in-the-middle attacks. In this attack, a hacker intercepts the data stream without anyone receiving any hint of the interception. The risk of such an attack is the same at nationally recognized brands, which may operate more security-consciously, and at local businesses.
An unsecured Wi-Fi network is indicated on an iPhone by the absence of the small black padlock symbol.
Some businesses create the appearance of security consciousness by using a secure Wi-Fi network and then publishing the password on a sign on the wall for all customers to see. Unfortunately, this configuration isn’t any better than providing an unsecured Wi-Fi connection. The password, which could be a private key for encryption, is now a public key available to hackers to decrypt all data streams.
A simple, low-risk alternative is to use your cellular network connection and pay for data if you must connect where you don’t have private credentials for a secure Wi-Fi network.
You can also protect yourself against these hackers using virtual private network (VPN) software and related service. With VPN, even if a hacker intercepts your Wi-Fi data stream, the data will be strongly encrypted and, therefore, useless to the hacker.
To protect yourself, avoid connecting to public Wi-Fi and compromising your personal data.
Unsecure web service
|How to reduce the risk of phishing attacks
|Ten top updates for Windows 10
|How to prevent ransomware attacks on your computer|
When you see this server identity dialogue box, one of your smartphone’s active tasks is trying to contact a website. However, it can’t verify the authenticity of that website’s certificate.
Before you click on Continue, think for a moment. Did you mistype the domain name you intended to type? Do you trust the domain name shown, and have you been there before?
If you answered no, someone is trying to lead you to a fake website masquerading as a major website you visit regularly. This can be a typosquatting or a DNS spoofing/poisoning attack. The hacker’s goal is to infect your iPhone with malware and likely breach your data.
For example, because calendar.google.com is a trusted domain name, a hacker has manipulated the domain name system (DNS) records on your iPhone or somewhere else along your DNS resolution chain unscrupulously.
Type domain names carefully and always click on Cancel to protect yourself and your data. If you’re technically inclined, you can verify the DNS IP addresses on your network adapter settings and your gateway’s DHCP settings.
Evil twin Wi-Fi
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate. It claims to be one of the Wi-Fi access points on the list of Wi-Fi access points that your iPhone is aware of and will connect to automatically when your iPhone is searching for a Wi-Fi connection.
The hacker aims to eavesdrop on wireless communications to steal user IDs and passwords or send malicious content back to you. The evil twin is the wireless network equivalent of a phishing scam.
The evil twin access point allows Internet traffic to pass through to the legitimate Wi-Fi access point while monitoring the victim’s data stream. This pass-through approach ensures the victim is oblivious to the hacker’s presence.
To protect yourself against an evil twin hacker, check the name of the Wi-Fi access point you’re connected to under Settings. If the name shown is for a Wi-Fi access point that you know is located somewhere else, such as your home, then you’ve become a victim of this scam. You should immediately turn off your Wi-Fi network. Then use your cellular network connection and pay for data if you must connect immediately.
Applications add helpful functionality to smartphones but also increase the risk of a data breach. This risk is significantly increased if you download apps from an untrusted website instead of an authorized app store. Hidden inside these malicious apps, even ones that perform the functionality you expect, could be malware that lets hackers steal your data.
A good example was the recent Pokémon Go craze. That phenomenon encouraged several unscrupulous hackers to offer malicious apps under the guise of providing improved features, access to supposedly secret commands or improved game performance.
To protect yourself from a data breach caused by malicious apps:
- Download apps only at the authorized app store for your brand of smartphone. Don’t download apps from an email or text message link. These sources are typically malicious spam from hackers.
- Read at least one review for an app you’re thinking of downloading. Reviews will alert you to potentially malicious apps.
- Ignore apps that claim they will enhance your game or smartphone performance in some way. Apps can’t actually perform this feat.
- Limit the number of apps you install to what you know you will actually use.
- Report iOS or Android malicious apps if you encounter one.
However, no risk mitigation practice is perfect. Recently even authorized app stores have been duped into distributing malicious software. The large number of apps submitted for certification every day overwhelms each app store’s employees validating apps.
Enticing you to click on a link in a text message or an email is a frequent avenue hackers use to steal your information or install malware on your smartphone. This action is called a phishing attack.
To fool us, hackers send messages that use strong, demanding language and appear to be from our bank or another trusted source, such as a merchant. However, your bank will never ask you to change your password and send you a link to do it. Similarly, the government doesn’t communicate personal tax information via email.
Glide over – don’t click the link in a text message or an email – to reveal precisely where the link will send you if you click on it. That’s an easy way to differentiate legitimate messages from hacker messages. Just reading the text of the link isn’t enough.
Say the hacker is impersonating Air Canada. By gliding over the prominent blue link, you will reveal the real uniform resource locator (URL) that the link refers to. Because the real URL is unrelated to Air Canada, this is a dangerous phishing message.
Delete text messages and emails from unknown senders. Some messages are intended to create panic by claiming your credit card has been charged. Other messages ask for your information. In any case, don’t click links in messages without investigation.
Cellular network spoofing
With some expensive equipment and a lot of technical know-how, hackers are beginning to learn how to spoof cellular networks to perform man-in-the-middle attacks.
Hackers pick crowded public places, such as museums or airports, because there are many active smartphones, and we are less alert because we expect reasonable security.
Say I’m not connected to Wi-Fi but the Verizon LTE cellular network. The hacker tries to lure me into clicking on the mislabelled website link to claim my fake Walmart prize award. If I click as suggested, I will cause malware to install itself on my iPhone.
To thwart this attack, the best action is to double tap the Home button to reveal all running apps in the multitasking manager. Then quickly swipe the Safari app up so it’s no longer running. You will also want to place your smartphone in Airplane Mode until you return to a safer location far from the initial intercept. This will prevent the hacker from intercepting your website credentials.
To protect yourself and your personal data, be careful when clicking on website links to avoid downloading malware that will gather personal information. Please note that the cellphone carrier isn’t involved in this attack. If you encounter the same problem at the same location a second time, you should contact the management and encourage them to call the police to investigate the hacker.
Strange smartphone behaviour
Your smartphone may have been hacked if you notice apps launching themselves. If the battery drains much faster than usual, the map, the camera, or a spy app are active without your knowledge. Unexpectedly large data charges on your cellular phone bill also indicate a problem. These events all indicate a hacker has taken control of your smartphone.
Your immediate action should be to turn off your smartphone. Then seek technical help to remove the malware from your smartphone.
Operating system flaws
Despite the best intentions of smartphone manufacturers, operating system flaws exist which can let hackers in. Some flaws allow hackers to steal your data and remotely access your smartphone and control it.
Smartphone manufacturers release operating system updates frequently to correct flaws and protect end-users. Your iPhone will indicate an update is available to be installed by displaying one on the Settings icon.
To protect yourself, install operating system updates as soon as they become available. This action is important because, once updates are released, your risk of being hacked actually goes up if you fail to install the update. This counter-intuitive situation arises because hackers will now know the technical details of the corrected flaws and use that knowledge to attempt breaches of out-of-date smartphones.
Despite the best intentions of smartphone app developers, software defects exist and will be discovered by end-users. Sometimes these defects can let hackers in to steal your identity and data.
Smartphone app developers release app updates to correct software defects and protect end-users. Your iPhone will indicate app updates are available to be installed by displaying a number on the App store icon.
To protect yourself, install app updates as soon as they become available.
Yogi Schulz has over 40 years of information technology experience in various industries. Yogi works extensively in the petroleum industry. He manages projects that arise from changes in business requirements, the need to leverage technology opportunities, and mergers. His specialties include IT strategy, web strategy and project management.
For interview requests, click here.
© Troy Media
Troy Media is an editorial content provider to media outlets and its own hosted community news outlets across Canada.