Thanks to detente: how criminals can hack your phone and whether you can protect yourself

[Father]

Now criminals don't have to hold it in their hands to hack someone else's phone. There are many ways to do this remotely, including using malicious apps. Moreover, they appear in smartphones already in factories. According to experts from Trend Micro, we are talking about millions of infected Android devices.

What other techniques and methods do attackers use to hack your phone today? For what purpose do they commit a crime? And how to protect your gadget from hacking? Expert opinions and recommendations can be found in this article.

What do criminals want​

Most often, phone hacking is done by cybercriminals. Usually, their goals are personal data or funds of the victim. Although now they almost always need both.

Alexey Sizov
Head of the Anti-Fraud Department of Jet Infosystems

Cases of phone hacking should not be divided exclusively into such categories as "data theft" and "theft of funds". First of all, because more than 50% of data theft later leads to theft of funds. And very often, malicious software is aimed at stealing information that can be used both to commit financial fraud and for other actions.

Phone hacking to further steal money is a current practice. This is confirmed by statistics. According to bank, in 2023, the number of phone fraud attempts increased to 8.6 million events per day. A year ago, there were about 5 million of them per day.

Ivan the King
Anwork Software Developer

In 2022, according to analysts, 80% of smartphone hacks were aimed at stealing personal data (bank details, personal information, etc.), including phishing and similar attacks. Another 15% of cases are related to surveillance of the victim.

As a rule, according to the expert, phone hacking is used to spy on family members, business partners and competitors. Much less often, such stories are related to foreign intelligence.

Another reason to hack your phone is extortion. In this case, attackers block access to the device or encrypt the data. To unlock the phone, the victim has to pay a ransom.

Sergey Belov
Head of the Banking Systems Security Research Group, Positive Technologies

Some attackers hack phones to install software to use the mobile device as a proxy server (to work with the network from the IP address of the user's device), conduct DDoS attacks (a way to block the operation of a network node, for example, a website, by sending a large number of requests from many devices exceeding the network bandwidth or computing power of the node).

How to hack someone else's phone: methods and techniques​

According to official statistics for 2022, Russian residents use 304 million registered mobile devices. Citizens in the country, we recall, are half as many – 147 million. And each of them can suffer from phone hacking.

There are many ways to gain access to the victim's device. One of the most urgent is to exploit a vulnerability in the software.

Sergey Polunin
Head of the Infrastructure IT Protection Group at Gazinformservis

Usually, hacking occurs due to the presence of any vulnerabilities in the software. It is not the smartphone itself that is being hacked, but some part of its internal infrastructure. For example, you can use a phishing email to force the victim to download malicious software that will track the user under the guise of a legitimate application. Or, for example, a vulnerability in the firmware of the phone itself allows you to access the smartphone via Bluetooth.

Vulnerabilities, exploits, and phishing aren't all the tools of an attacker. You can also hack a victim's phone by using pre-obtained information about the victim and the gift of persuasion.

Vladislav Luzhnikov
Analyst of cyber fraud technologies (Deception) at R-Vision

Social engineering remains a popular method, where attackers use psychological tricks to persuade users to download, open, or run a malicious file.

For example, this happened after official banking clients were removed from the Google and Apple app stores. Attackers under various pretexts actively persuaded users to download their "official" application. Thus, they gained access to confidential financial information and personal data.

In addition, according to him, criminals can use programs such as "child control". These apps are installed on the victim's phone and transmit information about all actions to the server. At the same time, attackers can use original messengers, cloud drives, Google services, and other software, but change settings and duplicate information to other devices.

Sergey Belov
Head of the Banking Systems Security Research Group, Positive Technologies

Attackers often use password matching. They may try to find a password for your Google account, Apple ID, or Flyme Account, which can lock your device and steal data (usually backups) stored in the cloud.

The expert adds: we must not forget about the threat of physical access to the smartphone. If the device is unlocked or there is no protection in the form of a strong code or biometric authentication, then the criminal can easily steal the necessary information and install unwanted software.

No reception against hacking?​

You won't be able to fully protect your smartphone from unauthorized access. However, you can minimize the risks. To do this, Cyber Media's interlocutors advise you to update the software on your device more often.

Vladimir Krivov
Head of ROSTSITE Company

Manufacturers release updates that address vulnerabilities and improve security. Their installation is important to protect against new hacking methods.

However, you only need to install official and reliable software from trusted sources, such as official app stores. Avoid downloading and installing apps from untrusted sources, as they may contain malware.

To protect yourself from phone hacking, experts also recommend:

• avoid public wireless networks and charging stations;
• set up a smartphone lock using a fingerprint or other method;
• use antivirus software;
• create strong and unique passwords for all accounts, and enable two-factor authentication;
• do not open links or download files from unverified sources;
• monitor phone discharge and mobile traffic consumption – abnormally high load and data transfer activity may indicate that the device has been hacked;
• avoid situational installation of applications (when they say that you need to do something urgently and for this you need to download something, click on a link, etc.);
• check which accesses are requested by the installed software and how necessary it is for its functionality.

Finally, experts advise you to keep an eye on your phone. It is better not to give it into the hands of unfamiliar or questionable individuals.

Conclusions​

There are a lot of guides on how to hack someone else's phone on the Web. It is enough to Google the topic – search engines issue several instructions at once. Anyone can use them.

However, this is not a reason to change your smartphone to a push-button device. It's much easier to stick to the safety rules and stay alert at all times. Even when you just want to scroll through the feed or chat with friends in social networks.