Why Hackers Target Your Smartphone

NEW YORK — Your smartphone is probably a much more tempting target for cybercriminals than your desktop computer, and unless you take proper precautions, it's easier to hack as well.

Think of it this way: Your computer might have sensitive work documents, banking information or personal records, but there are only a few ways people can access those files — in person, via a network or over the Internet.

Your smartphone is almost always on, connected to the Internet, logged into your email and social media, and likely has at least a username stored for your bank account. Your smartphone contains as much sensitive information as your wallet does — more, if you count the contact information for your family and friends.

A smartphone is a whole different beast, said Yuval Ben-Itzhak, the chief technology officer of AVG Technologies, an American subsidiary of the Czech security firm Grisoft. At an AVG event here on Sept.4, Ben-Itzhak explained that the average smartphone has several avenues of attack.

Smartphones can access the Internet, which puts them at risk for a variety of malware and compromising exploits, but malware can come via almost any phone function. Text messages are easily exploitable, especially since an average text-messaging app takes no security precautions. They open automatically and load as soon as your phone connects to a network; in effect, they can't be blocked.

At the Black Hat 2011 security conference in Las Vegas, researchers even demonstrated a proof-of-concept that infected iPhones with malware via charging stations. Although they did not distribute any harmful software, they showed that this behavior, called "juice jacking," could be a threat. If a malicious hacker ever implemented a scheme like this, he or she could conceivably infect hundreds of phones each day.

MORE: 10 Free Online Diagnostic Tools

Hackers also monetize these hacks in fairly subtle ways. Rather than stealing credit card information to buy themselves luxury yachts or scads of DVDs on Amazon, tangible goods that are extremely easy to track, they often subscribe users to premium texting services, which often cost as little as $3 per month.

These scams are much more common in Eastern Europe, where users get charged for premium texts on-the-spot rather than monthly.

Many (but not all) users will catch the extra charge on their phone bills, cancel the service and prevent the malefactors from ever getting their money. But an enterprising hacker can nickel-and-dime his or her way into relative richness.

Hackers do not represent the only mobile threat, either. Leaving your Wi-Fi and Bluetooth functionality activated when you don't need to do so represents a considerable privacy risk. Phones broadcast signals that reveal their model number and location information, and some malls are now leveraging this feature.

By tracking phones, malls can get a good idea of their shoppers' demographics (even though there's no way to identify users, phone preference varies by age, sex and race), which shops their patrons visit and how the two correspond. If users download retail-specific apps, stores can also track when users enter and leave their premises and communicate accordingly, but downloading an app at least allows the user to choose whether or not to participate.

Retailers are not the only entities interested in aggregating mobile data. Up until recently, recycling bins in London had the same functionality. The City of London wanted to gather data on cellphone usage without any apparent end goal in mind, and walking by a recycling bin while your cellphone's Wi-Fi is active would transmit your phone's build and location information directly to the British government.

Public outcry put an end to the invasive bins, but while the City of London — which represents only a small, somewhat separate financial hub in London, not the larger city — was the first government entity to try such a tactic, it probably will not be the last.

In order to keep your mobile information private and safe, keep Wi-Fi and Bluetooth turned off unless you need them, and install a mobile security suite on your phone. Ben-Itzhak also recommended disabling or uninstalling social media apps — the HTML versions of Facebook and Twitter are more secure, and much easier on a phone's battery life.

Follow Marshall Honorof @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

Free Antivirus Software: The Best of 2013
5 Free PC Security Programs Worth Downloading
2013 Compare The Best Antivirus Software Products

TOPICS

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.

More about online security

A laptop with the screen displaying both the logos for Norton antivirus and McAfee antivirus softwares.

I compared Norton vs McAfee’s antivirus software to see which one is best

A fake text message on a smartphone being held by both hands.

Toll road scams are worse than ever — what to look for and how to stay safe

NYT Connections today hints and answers — Sunday, March 2 (#630)

See more latest

9 Comments Comment from the forums

milktea

why did the 'Hacker' cross the road?
Reply
Heironious

That look you get when you tell people "NO" after they tell you "just do your banking / bill payments on your phone"
Reply
house70

"At the Black Hat 2011 security conference in Las Vegas, researchers even demonstrated a proof-of-concept that infected iPhones with malware via charging stations. "
iPhoneys? NOOOOOOOO!! They're perfect!
lol
Reply
none12345

"Your smartphone is almost always on, connected to the Internet,"

sure

" logged into your email"

never

" and social media"

i dont use that cesspool of filth

", and likely has at least a username stored for your bank account."

nope, no bank data

" Your smartphone contains as much sensitive information as your wallet does — more, if you count the contact information for your family and friends"

only if you count contact information, then yes

Personally i dont disseminate private information on the internet. nor allow it to be connected to the internet. Any banking data on any of my computers is only used in a private browser window so the history is wiped.

If someone stole my phone all they could get is my contact list. Which granted is still a good bit of data. There is no credit card, email, or bank data on the phone.

Im not paranoid, nor do i think criminals are after me(i have nothing worth stealing), im just not stupid.

In order to keep your private information private, dont put it on the internet, or on an internet connected device. If you do have to access senstive data, for instance a bank account, do so in a private window, so at least its not in your history or cache. Pretty simple.
Reply
jl0329

If you never check your email on your phone these days, 1) you don't have a job. 2) you are 90+ years old.
Reply
mman74

If the motive of hackers is to get access to your money, the solution is really simple. If you have online banking, make sure your bank provides you with a dongle. The other thing you can do is to go to your bank and limit online transfers to designated accounts only. Problem solved.
Reply
ojas

Why Tom's News Is Lame.
Reply
_Cosmin_

Well, these are not Hackers...just NSA; so your title is wrong!
Reply
woodscrews

talk about stating the obvious
Reply

Show more comments

Sign up to get the BEST of Tom's Guide direct to your inbox.