8 Common Phone Hacks and How to Protect Yourself

Feature image

Seriously, how do you keep your phone safe in today’s ultra-insecure world? It seems that nothing can secure your smartphone because of phone hacks from thieves, hackers, scammers, and other bad people.

But back up a moment.

We love our phones. We spend thousands of dollars on these devices. Then, we place all our personal information on them.

Just think about it.

Our phone knows where we go, when we sleep, what we browse, who we talk to, how much money we have, our kid’s names and where they go to school. It’s scary stuff!

So it’s no wonder that mobile phones are now the main target of criminals.

So ask yourself this: with so much of your life on your mobile phone, why wouldn’t you secure it?

How Vulnerable Is Your Phone?

Infographic detailing statistics of vulnerable and infected smartphones

Want to know a frightening secret? If you’re rocking an Android, then you’re extremely vulnerable to a hack. The fact of the matter is that Android, for all of its wonderful abilities, contains an open-source code that is available for anyone to use, including criminals.

That’s bad news.

You see, hackers can use that code to create malicious apps, to send viruses that exploit the system, or even just to hack in over Wifi.

On the other hand, Apple iOS is a closed system, and developers don’t have access to the source code. So while iPhones aren’t invulnerable to attacks, they’re a lot tougher to get in. This is why criminals focus most of their energy on the easy-to-crack Android market.

Ouch.

But you don’t need to be a criminal hacker to steal data from someone. Public charging points, outdated software, and even visible messages on the lock screen can be enough to give a snooper what they want.

Let’s take a closer look at some of the scary ways your phone can be hacked.

1. False notifications

Both Android and iOS are vulnerable to phishing attacks through false notifications. The most common way for criminals to get you to download malicious software, or find your location, is to send you a fake text message with a link. Anyone who clicks that link opens their phone up to attack.

And while Android has amazing notification management, it’s also vulnerable to other types of false notifications. These seemingly come out of nowhere. They may be from a malicious app you installed or a Wifi vulnerability, but you’ll see a notification pop up that you don’t recognize. If you click it, bad things start to happen.

For instance, a virus gets installed on your phone, or your device might even lock up. You can’t open it without paying money.

That’s not good.

How to avoid

This one is easy. Don’t click on links in messages unless it’s from someone you know and trust. And if you have an Android, don’t click on random notifications that you don’t recognize.

2. Wifi Exploits

Did you know that public Wifi represents one of the biggest security threats to your phone and laptop?

It’s true!

We’re talking about Wifi at your local Starbucks or the library. Criminals can use these open public networks to hack your device without you knowing about it.

But even if they can’t get in, they can see everything you’re doing while you’re using the Wifi. So if you log into your bank account to check your balance, they can see that. Sending messages to a loved one? They can see that too. Public wifi represents one of the biggest security threats to your phone

How to avoid

The best way to avoid getting hacked on public Wifi is to avoid using public Wifi. But if you don’t have the data available through your carrier, then the next best option is to use a VPN.

VPN’s work by creating a tunnel between the wifi connection and a private server. It’s like connecting to another computer that’s connected to the internet removing your personal device from the equations. Nobody can see what you’re doing and VPN servers are notoriously well guarded with high levels of security.

Some of the best for your phone include:

  • Private Internet Access
  • Express VPN
  • Goose VPN
  • Proton VPN

3. Malware

By now you’ve heard of malware and all the havoc it causes around the world. But what exactly is malware? Bluntly, it’s short for malicious software. Basically that’s any software designed to cause damage to your device.

And once there’s malware on your phone, it can be a real pain to get off. It can bury deep inside the operating system and take over your phone. It can send data back to its designers, watching everything you do. Or it can just start destroying everything, literally ruining your thousand-dollar smartphone.

Thankfully, there are steps you can take to avoid installing malware on your smartphone.

How to avoid

Malware has one major weakness. It needs to be installed by the user. That means don’t click on unknown or suspicious links. Also, don’t download unknown apps from insecure sources. Use only Google or Apple verified apps.

4. Phishing

Have you received strange emails from your bank informing you of changes to your account? Or perhaps you received a receipt from Netflix, even though it’s not your renewal day. Chances are these were phishing attempts.

Phishing is an attempt to steal money or data from you using malware disguised as something else. Most often it comes in an email in the form of a receipt or notification from somewhere that you trust.

The next step to this hack is asking you to go back to a site to confirm something. When you get to that site you’ll, of course, see a site that resembles your bank’s homepage to the t. So you log in as you would your own bank or NetFlix page. Once you “confirm your card details” the hack is complete and usually the page won’t load past that.

I have seen it firsthand a number of times. A face of terror, followed by a panicked ran to their desktop to change passwords (since its the same password for all of 500 different accounts) or grab their phone to cancel their card.

Judging by the emotions displayed, we should be careful.

How to avoid

Just like malware, phishing requires that you actually click on the link they send. You can tell if it’s a genuine email by the sender’s email address. Often it will be a long random bot-generated address, which is a give-away. Apple and Netflix and your bank have much simpler addresses.

If you receive weird emails or texts, check the sender’s address. If it doesn’t match up, don’t click on the links they’ve sent you.

Check the email address before clicking.

5. Operating System Vulnerabilities

You’re probably thinking that it’s easy to fend off cyberattacks by following a few simple rules. But what if your phone itself is vulnerable? For instance, your phone’s manufacturer may have missed a glitch to your software by mistake. Sometimes it’s intentional!

This is basically a backdoor into your phone. Kriptowire discovered 149 vulnerabilities in operating systems of Android phone brands.

That’s scary stuff!

Just check out some of the phones that had massive vulnerabilities, some put there on purpose by manufacturers:

  • Asus Zenphone
  • Samsung Galaxy S7
  • Samsung Galaxy S8
  • Samsung Galaxy S9
  • Huawei P20
  • Xiaomi Redmi Note 5
  • Oppo A3
  • Motorola Moto Z3
  • All LG phones running Android Oreo

Even worse…

Only 22-percent of Android users have up-to-date software, compared to 88-percent of iOS users. A large part of this problem for Android users is fragmentation. Google releases updates to the Android system, but then each device manufacturer chooses to push it out to their phones or not.

Samsung is notorious for delaying updates by up to a year, and lesser-known brands such as Xiaomi never update their software.

Another problem exists with the customization each android phone maker builds on top of the stock Android operating system. They can have their own weak points and entryways.

Meanwhile, because Apple controls its software, hardware, and cloud, they can push updates to every single device on the day the update releases. This is just one more feather in Apple’s cap for security.

If you have a phone with out-of-date software, you could be leaving your device wide open for a hack since the exploit may be known for a long time before the update patch is made available. So malware can be spying on you, and your personal data could already be in the hands of criminals somewhere overseas.

How to avoid

Ready for some good news? Many of the manufacturers are working on fixing the problem. For example, both LG and Samsung immediately devoted resources to fixing these security issues after the report came out. But some other devices have issues built right in on purpose. Allegedly, both Huawei and Xiaomi are guilty of this. If you own one of their devices, there’s not much you can do about it.

In most cases keeping up with regular updates is vital and we can’t stress this enough. I know its not fun to have your phone down or to buckle and accept the changes to a new iOs version. But these updates are constantly plugging in the holes in your phone’s software. It’s a constant cat and mouse game and will always be ongoing.

If your phone doesn’t receive updates in a timely fashion, consider ditching it for a device that does.

Get your updates as soon as they are out!

6. Public Charging Stations

Picture this: you’re at the mall, and your phone is quickly running out of juice. You spot a free public charging station with a dozen different charging wires available. Saved, right?

Not so fast.

The LA District Attorney’s Office discovered that criminals have started infecting charging stations with malware.

Because the charging plugs on all phones double as data transfer points, the malware then infects anyone’s phone that gets plugged into the station. And we already know how dangerous malware is.

How to avoid

This is a really easy threat to avoid. Don’t use public charging stations! If you’re packing a phone with poor battery life, get yourself a power pack or a new phone.

7. Weak PIN

Not all phone hacks require high-tech know-how. For instance, a weak PIN is fairly to figure out. If you use “1111” as your PIN, for example, chances are that anybody can get in.

According to Tarah Wheeler, who is a cybersecurity expert with Splunk, “26-percent of all phones are cracked with only a weak PIN.” (Maggie Tillman, These Are The 20 Most Common Phone PINS,  Pocket-Lint, June 2019)

The most common PINs people use are:

  • 1234
  • 1111
  • 0000
  • 1212
  • 7777

How to avoid

Just like getting into a phone with a weak PIN is simple, so too is avoiding a breach. Use a complicated PIN or pattern. Thankfully, as technology advances and security measures such as FaceID become the norm, we’ll see fewer and fewer PIN breaches. In the meantime, however, always use something hard to guess.

8. Outdated Apps

Finally, another common vulnerability is when people don’t update their phone’s software. As apps age, criminals learn how to exploit them. Developers at Apple, Microsoft, and Google constantly monitor the underworld for new exploits of their popular apps like Gmail, outlook and so on. Then they create security patches to counter them.

Banking, social media and other sensitive apps will get their updates via play store or app store. These apps and others you’ve downloaded are all subject to the same rule which is all software is imperfect.

Compounding this problem is that you won’t always get a notification or have any way to know an update is available until you visit the apps or play store to manually check for updates to your apps. Sometimes notifications get buried in your notifications or you swipe away only to forget.

This is why we might get dozens of updates to our apps and systems every year. You’ll notice sometimes the app never changes in its look or functionality, this might be a security patch update.

How to avoid

Always update your apps as soon as an update becomes available.

Make a habit of checking your play store and app store. Don’t wait on a notification to update, apps don’t always get them.

Other Steps You Can Take

Scared yet? The good news is that there are steps you can take to minimize your risk. And not every step is in direct response to a threat. Follow some simple guidelines for your phone behaviors and you’ll make yourself, and your family, a lot safer.

Use 2-factor authentication

Whenever possible, you should use 2-factor authentication. 2FA happens when you try to log into an app, and it sends you a code or request via text or a connected authenticator app that you need to approve before you can get in. This is a great way to protect your email and cloud storage from external hacks.

The team at gizmogrind uses Google authenticator whenever possible as a rule. Google Authenticator will generate a random code every 30 seconds so whenever we need to login to our accounts we need that code in addition to our password.

It’s all too easy to get hacked these days and two-step authentication makes it incredibly difficult for unauthorized access to your account.

Use a password manager

The single greatest way to avoid losing your personal data is to use a password manager. These programs are simple and inexpensive.

A password manager creates long strings of random characters as a password and saves it for you. All you need to do is remember a single password for the manager itself, and it will handle all your accounts. Your email, social media, and cloud storage will be much safer.

Some of the best password managers include

  • Dashlane
  • Lastpass
  • 1Password

Use Googles Security Checkup Tool

Get into your Google settings. From there you’ll have the option to review your security. Google takes unauthorized access incredibly serious and offers a comprehensive review of devices that have access to your account, previous login attempts, recommends password changes and much more.

Hide notifications on your lock screen

Another great way to keep safe is to hide notifications from your lock screen. You can set your phone so it shows only that you have a message, but doesn’t reveal what the contents of that message are.

Check email sender addresses

Finally, always check the address from an email sender, especially if the email comes from a company. Netflix, Apple, Microsoft, and most banks have been spoofed by hackers hoping to get you to click a link in the email. Check the email address and if unsure, don’t click.

Stay Safe Out There

It’s no fun getting hacked. If you have an Android phone you need to take extra precautions, but Apple users should also be wary. After all, criminals are looking for a way into every phone. So follow some safety guidelines, change some of your behaviors in regards to your smartphone, and you’ll minimize your risk.

Most importantly, stay safe and enjoy your phone.

Leave a Reply

Your email address will not be published. Required fields are marked *