Mobile hacking – device security tips for users

With scammers abound, device security tips are mighty handy to avoid mobile hacking. We review the latest advice for users.
6 April 2023

Mobile hacking: bad actors are keen to get their hands on your digital details. Image credit: Shutterstock Generate.

Smartphones have changed our lives for the better. From checking messages to navigating to an in-person meeting to joining a conference call to ordering lunch or an evening meal, mobile devices are versatile business tools. But, sadly, not every interaction is a force for good. Malicious actors with expertise in mobile hacking are only too happy to trick users into revealing sensitive digital details, hoping to use that information for criminal activities.

“The thing is that our phones are like little treasure chests,” writes McAfee on its security blog. “They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves.” Fortunately, forewarned is forearmed, and there’s plenty that smartphone users can do to make life harder for adversaries.

To avoid falling victim to mobile hacking, it’s useful to consider common attack methods and exploits used by smartphone scammers, such as the use of keylogging and trojans. Keyloggers will steal information as you type, which could include capturing audio and video. One example of such a malicious keylogger (there can be legitimate uses for recording key strokes such as device troubleshooting, but in many cases tools are harmful) is TangleBot, which was discovered in 2021 by Cloudmark threat analysts and targeted users of Android devices.

Security experts dubbed the malware TangleBot given the multiple layers of obfuscation used by its developers. Victims are lured towards downloading the keylogger through an SMS message. Bad actors will typically pick themes that could be relevant to large numbers of users, such as parcel delivery, or warning of local power outages. Clicking on the rogue link in the text message takes device users to a fake webpage indicating that software on the smartphone needs to be updated.

Misleading dialogue boxes

Hitting ‘ok’ on the subsequent dialogue boxes both installs the malware and grants privileges to access and control a wide range of functionality on the smartphone, including use of the device’s camera, microphone, and GPS. The software is able to fool the victim by overlaying screen images on top of legitimate apps, which confuses users into changing the settings on their phone and issuing other unintended instructions.

Mobile hacking malware such as TangleBot and other keyloggers highlight the risks of clicking links in unsolicited messages. And users can protect themselves by being vigilant for suspicious SMS correspondence. Also, if you notice messages that don’t look right, forward the text to 7726 (chosen as the combination spells ‘SPAM’ on alphanumeric mobile keypads), which will help authorities to investigate undesirable activities.

Keyloggers, which store user-entered data in a file that’s accessible by attackers, can lead directly to the loss of valuable personal identifiable information (PII) such as passwords and credit card details. But information may be used in other ways too. “By using a keylogger, cybercriminals can understand more about their victim to help guide a sophisticated attack,” write Crowdstrike security experts. “Social engineering strategies are more successful when cybercriminals use personal and business information to gain the victim’s trust.”

Modern mobile phones are powerful computing devices that can run multiple programs in parallel, but you may still notice warning signs that a keylogger is being used. For example, if the malware locks up a large amount of processing resources on the smartphone, browsers and other apps could be slow to respond, or there may be jumps in screen rendering.

Telltale signs

Setting up multi-factor authentication will frustrate attempts by adversaries to access accounts using stolen information. If a bad actor can see what you see, then, unfortunately, they’ll be wise to the SMS codes received. But at least you’ll have a clue that something is amiss if two-factor authentication messages arrive unexpectedly.

Another warning sign that malware of some description could be running on a device is having to charge the smartphone more frequently than usual. Opening the device settings and navigating to the battery page will often show historical data that can quickly highlight a change in device performance. Also, if you have to charge your phone, it’s good practice to avoid public USB charging ports.

What may appear to be an innocent USB socket could potentially be under the command of a bad actor, who may use the connection as an avenue for mobile hacking. Ways of avoiding this threat – dubbed ‘juice jacking’ – include carrying a portable battery pack, which avoids the need to use public charging stations. Alternatively, simply use a plug-in mains charger rather than connecting directly to a USB socket. Another option is to purchase a power-only USB cable, or make your own.

Charge-only USB cables have data connections omitted and, as a result, thwart juice-jacking attempts made by bad actors. And this is another example of how device users can step up their defenses against mobile hacking.