Saturday, June 1, 2013

How I'd Hack Your Cell Phone: Oh yeah, be paranoid. Be VERY paranoid!

How I’d Hack Your Weak Cell Phone

September 24th 2012

And while you may think cell phones don’t need anti-virus, anti-malware and other security precautions – you couldn’t be more wrong. And that’s why I could easily ruin your life, using nothing more than your cell phone.
Literally a billion people are walking around the planet with cell phones, a large percentage of them smart phones, and do you know how many of them are secure? Virtually ZERO!

The Root of the Cell Phone Hacking Problem

The most important thing when it comes to taking over your world is knowing your passwords. So the majority of hacks are aimed at this one goal. Control the passwords, and you literally control the digital life.

Married to the password issue is gaining access to an email account. Primarily because if you control the email account, you can issue password resets on just about anything else. But not EVERYTHING else. Some service providers, like Banks, require customers to verify certain changes through, yep… you guessed it, a text message sent to your cell phone!

So if you think it sounds bad for a criminal to hack your passwords, just imagine what happens when they have your password and control your cell phone. It’s a recipe for absolute disaster.

Cell Phones Are A Security Nightmare

But smartphones have NONE of that security! What’s worse:
We all know what kinds of problems people have with computers at home and work. A virus can destroy everything, and malware can take you to the cleaners. And desktop machines and laptops have anti-virus, anti-malware, firewalls, and other security tools on them all the time.

  • All of your apps are logged in all the time, for convenience.
  • Your email is wide open. You know, so you can read it all day.
  • Your contacts are in plain sight so you can use them with your phone.
  • And of course, email is the gateway to everything else…

Why I’d Hack a Cell Phone

Hopefully by now, you’re seeing where we’re going with all of this. But let me spell it out for you very clearly. If I hack your cell phone:

  • I’ve got immediate access to your email account.
  • I can log in to all of your personal sites and request password resets, which will come to your email.
  • I then click on those links and reset every password you have, so YOU no longer have access to your accounts. EVERYTHING! Facebook, Twitter, Gmail, MSN, Foursquare.
  • In under 15 minutes I can own your profile on all of the top 20 services on the Internet. This renders you powerless, because you can’t control anything to prove you are who you are.
  • Best of all, with certain methods I can even respond to SMS (or Phone calls) for secondary verification! Because I’d own your phone.
  • Oh, never mind, that’s not the best part. I can find that text file where you keep your Social Security number, Drivers License number, addresses, Passwords, and answers to security questions! Because I know you’ve got that on your phone… it replaced the piece of paper you used to keep in your wallet.

In essence, your phone is my ticket to impersonating you.

HOW I’d Hack a Cell Phone

  • Steal / Find your phone. People walk away and leave them on a table in a restaurant, or at work. No one will even notice if I just pick one up and keep going.
  • Install a “great” app, with a trojan backdoor that captures everything you type and sends it to me silently in the background.
  • Email or text you a malicious link that takes you to a phishing site where I con you into giving me information.
  • Let you connect to my “free” unsecure hotspot, then intercept all of your traffic and read everything you send across the line.

Oh, you know how phones nowdays can supposedly tell you where they’ve gone and be remotely wiped clean? That doesn’t always work, and people like me know exactly how to prevent that.

Plus, by the time you’ve discovered your phone is missing, I already did all that stuff I just mentioned, and then threw it away before you ever even thought about remotely locating and clearing it. So, that didn’t really help did it…

How to Prevent All of This

  • Security companies like Norton (
    for Android), AVG (for Android) and Avast (on Android) are beginning to produce anti-malware apps for smartphones, so install one to stay ahead of the curve. Oh yeah, and be paranoid. Be VERY paranoid.Use tough passwords!!! And use a Password manager like 1Password to safeguard your secrets.
  • Use different passwords for different services – in case one is compromised, they don’t have them all.
  • Put a digital LOCK on your phone. Android and Apple devices have one built right in. By the way, 15% of iPhone users use one of these: 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998. So use something random and hard!
  • Don’t install untrusted apps. They could contain backdoors to your phone.

No comments:

Post a Comment