Smartphones are typically for applications like games and messaging, but for cybersecurity experts, your actual phone is the latest area where security companies and hackers are facing off.
Analysts are increasingly worried about malware that can take over your smartphone’s microphone or camera. These concerns, which came up in criticism of incidents like President Donald Trump potentially continuing to use his old Android smartphone and White House officials at Mar-a-Lago pointing smartphone camera lights at documents, aren’t just theoretical either: security researchers recently found that hackers could remotely use the camera and microphone on the smartphones of more than 100 Israeli Defense Force soldiers.
“If you were this engineer who wanted to create the perfect spying device — imagine you wanted to be able to have something that could track somebody wherever they go, listen in on their conversations, see what they’re doing — you want to create this piece of technology? Well, it already exists: it’s the cell phone,” Kevin Haley, director at Symantec Security Response, told International Business Times. “And the added advantage is you don’t have to hide it. People are carrying these things willingly, so they’re very attractive to be used as devices to spy on people.”
According to Haley, the process behind this type of exploit works the same as most malware. For a target, you’ll be sent a prompt to download a seemingly legitimate app or you’ll go to a secondary webpage. These links can often be vague and attempt to gain your trust by appearing to be tied to major businesses or financial benefits. Once installed, these programs attempt to take over your smartphone’s functions through various security holes.
Oftentimes, these vulnerabilities are just as much caused by old software as they are by old hardware. For a lot of older smartphones, it costs manufacturers more than it’s worth to push security updates out. As a result, these old models quickly become obsolete and full of unpatched issues.
The effects of this cycle can be illustrated with President Trump’s smartphone habits. While Trump was issued a new Secret Service-approved smartphone, it remains unclear if he regularly uses it. In the past, Trump has used his Android smartphone, which is believed to be a Samsung Galaxy S3, for applications like Twitter and current tweets continue to come from Twitter’s Android app. For users of older phones like the Samsung Galaxy S3, they’re especially vulnerable to hackers thanks to gaping security holes. The Galaxy S3 hasn’t seen an update since 2015 and as Lawfare notes, the smartphone “does not meet the security requirements of the average teenager, let alone the purported leader of the free world.”
Most consumers won’t be as big of a target for these type of hacking attacks, but general online best practices still apply if you want keep your smartphone’s camera or microphone safe. Haley recommends keeping your phone’s software and hardware regularly updated, using several passwords among your online accounts and avoiding downloading apps or attachments from unverified third-party sources.
“You have to have some general security awareness of not clicking on links and attachments, especially when it’s from somebody they don’t know where something seems wrong about it, even if it looks like it’s a company that you do business with or might do business with,” Haley said. “If they’re trying to get you to click on that attachment, that’s very suspicious and you should probably delete it.”