Hacked phone? Go to jail

Unknown to you, hackers may be using your mobile for criminal purposes – and even framing you for crimes you didn’t commit. A ‘cyber-forensics investigator’ advises on security

Ali Dehghantanha
Wednesday 25 May 2016 15:23 BST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

If you’ve ever forgotten your phone or left it at home for the day, you will have realised just how much you use it. On average, we check our mobile phones about 110 times a day. Using them for just about everything, from summoning an Uber car and paying for our latest Amazon purchases, to receiving prescriptions and even tracking shares and trading on the stock market.

Unsecured mobile phones are among the top seven major causes of security breaches and your mobile number is all a hacker needs to start the attack. Using your number, hackers can send you a text message containing a malicious link, which when clicked allows them to read your texts, listen to your calls and even track your whereabouts.

Smartphones are valuable targets for hackers – more so than laptops or personal computers. This is because they can be used as a “pivot point” to attack heavily protected environments such as banks or critical national infrastructure. Hackers can redirect their malicious traffic through your phone and store collected data on it. This means that all forensics traces would point to you as the hacker rather than the real culprit.

On top of this, most phones are open to attack 24 hours a day, seven days a week, often with only limited security features in place. Combine this lack of security with the fact that most modern phones now contain more processing power than the computers that landed Apollo 11 on the moon, and it’s not hard to see why they are a hacker’s weapon of choice.

The worst case scenario? You could wake up one morning to the police kicking down your door, investigating a sophisticated cyberattack with all the evidence pointing to you. Regardless of how ridiculous it may seem, in the absence of any cyber-monitoring or cyber-defence solution you would have a very hard time proving that you were not guilty. And it is not just hackers you need to worry about, even the US National Security Agency and the UK’s GCHQ have secretly used innocent people’s devices to cover their malicious activities.

In my career as a cyber-forensics investigator, I have not only seen many of these cases but also scenarios where hackers have been hired by organisations to deliberately frame employees by planting material such as child pornography onto their work phones. The person in question is then accused, for example, of selling secret company information to competitors and when the legal team investigates their phone, they find the child pornography. It is a scary prospect.

Many people wrongly believe that their mobile service providers should deploy cyber-protection mechanisms for their users. But if you read the terms of service, you will clearly see that as the owner and user, it is solely your responsibility to protect yourself. Exactly in the same way that you protect your laptop when you surf the internet.

If you are reading this and you are yet to install at least an anti-virus application on your phone, stop reading immediately and install one – there are many good anti-virus applications that are completely free. You should also make sure to only install applications from well-known app markets such as Google Play or the Apple or Windows Stores. Never “jail break” or root your phone to install free apps unless you are a security expert and know what you are doing.

And it may sound like common sense, but do not click on the links you receive from unknown sources. It is also a good idea to have all your phone data encrypted and to install a logging or monitoring solution on your phone to have records of all activity. It could well turn out to be your “get out of jail free card” – just on the off chance anything were to happen.

This article was first published on The Conversation (theconversation.com). Ali Dehghantanha is Lecturer in Cyber Security and Forensics at the University of Salford

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in