Phone Hacking
Phones are vulnerable to many kinds of hacking methods, and this can be especially problematic for your organization if your employees use their phones to access sensitive organizational information. There are many types of phone hacks to be aware of.
Phishing. The phishing method involves cyberattackers impersonating a trusted individual or company in order to gain confidential information. This is often achieved by sending email or text messages using official-looking messages and images. When an unsuspecting individual clicks on the malicious link, the URLs can hack your phone, infecting the phone with a virus or software that can take your personal information.
Software. Hacking software for Android devices is freely available online. Cyberattackers can physically install hacking software on a device using other methods such as keylogging. Keylogging involves downloading spyware to a phone in order to extract data from the phone before encryption. Cyberattackers can also use virtual methods such Trojan malware, where they use phishing methods to install Trojan malware on a device, and they can then extract personal information such as personal identifiers and credit card numbers.
Phone number hacking. This is a more advanced method of hacking where cyberattackers can hack a phone using only a phone number. If cyberattackers can access the SS7 signaling system that is used to connect cell phone networks to one another, they could access the phone line and features such as call recording, call forwarding, messages, and location information1.
Bluetooth. If a cyberattacker is in range of a phone (often in a populated area), they can use software to search for vulnerable devices operating Bluetooth connections. Once connected, cyberattackers have access to whatever information is available and can download that data while to phone is in range.
SIM card swapping. The SIM card swapping hacking method involves a cyberattacker contacting a phone provider, pretending to be the phone owner, and requesting a replacement SIM card. Once the cyberattacker receives the new SIM card, the old SIM card is deactivated and the cyberattacker now has control of the phone number. Along with the phone number, the cyberattacker also has control of the phone number’s calls and messages.
Here are some red flags that may indicate that your phone has been hacked:
- Your phone loses charge quickly
- Your phone is running unusually slow
- You notice unusual activity on other online accounts
- You notice unfamiliar calls or messages
Some tips to prevent this from happening to you or to people in your organization:
- Always keep your phone in your possession
- Encrypt your phone
- Set up SIM card lock
- Turn off Wifi and Bluetooth
- Use security software
Understand that cyberattackers are both opportunistic and creative. If you leave openings for them, they will enter. Keep your phone tightly controlled and be aware of new security threats to your mobile devices.
1 McAfee, 2021, “How do hackers hack phones and how can I prevent it?”