Did you know your mobile phone and wearables are just as appealing to hackers as your online bank account? No one is impervious to increasingly sophisticated mobile device hacking. Case in point, James Clapper, the U.S. director of national intelligence (DNI), had his phone hacked last month with calls rerouted to the Free Palestine Movement. And in October 2015, CIA director John Brennan's mobile device fell victim to the activity of a group of "pot-smoking teenagers." Bottom line? Not even next-gen hardware is completely safe.
So long as support enforces two-factor authentication and staff doesn't access free Wi-Fi hotspots (especially when handling business data), a mobile phone should be safe, right? Nope. As noted by Dialed In and Wired, determined hackers do a lot more with your mobile and wearable technology than you may realize.
Mobile Phones: Hackers' Best Friend
Any iPhone newer than the 4 comes with a high-quality accelerometer, or "tilt sensor." If hackers access this sensor and you leave the phone on your desk, it is possible for them to both detect and analyze the vibration of your computer keyboard and determine what you're typing, with 80 percent accuracy. So, say you type in the address of your favorite banking web portal and then your login credentials; hackers now have total access.
App developers have wised up to hackers targeting microphones and made it much more difficult to gain access without getting caught. Enterprising criminals, however, have discovered a way to tap a phone's gyroscope. This lets the user play Angry Birds or any other orientation-based program and detect sound waves through it. So, next time you talk about finances with your significant other while three-starring a new level in your go-to mobile game, you may also be giving hackers the information they need to steal from you.
Targeting RFID Chips
In an effort to make retail purchases easier and more secure, many credit cards come equipped with RFID chips. Smartphones, meanwhile, include near-field communication (NFC) technology that allows them to transmit and receive that RFID data. The risk, here, is that hackers who manage to compromise your phone can leverage malware to read the information from a card's RFID chip if you're storing it in a nearby wallet or card-carrying mobile case. Then they can make a physical copy. You're defrauded and don't even know it.
Mobile cameras have also come under scrutiny, since hacking this feature lets attackers take snaps of you or your family whenever and wherever they want. Despite improvements in basic phone security, though, it's still possible for malicious users to take control of your camera. It goes like this: Operating systems like Android now mandate that a preview of any new photograph must be displayed on-screen, but don't specify the size of this image. As a result, cybercriminals can take surreptitious photographs and then send them to anyone at any location.
MDM Leads to Risk
A large number of smartphones contain weak mobile device management (MDM) tools installed by carriers. And although reaching these tools in a target phone requires close proximity and the use of rogue base stations or femtocells, the risk is substantial. Attackers could take total control of your device.
Fit or Foul?
Mobile phones aren't the only technology at risk; wearables are also open to attack. What can hackers do to these devices? Back in March 2015, wearable maker Fitbit was notified by researchers that their device could be hacked in fewer than 10 seconds. While initial reports focused on logical changes such as altering steps taken or distance walked, as noted by The Hacker News, it wasn't long before hackers discovered a way to inject malware that potentially spreads to all synced devices.
Potentially Lethal Consequences
Security flaws in wireless-enabled pacemakers could allow hackers to take control of (and then stop) this critical device as well. In September 2015, a team from the University of Southern Alabama managed to access a functioning pacemaker and "kill" a medical mannequin attached to the device.
Medical devices such as insulin pumps and implantable defibrillators have notoriously weak security — a lack of encryption and weak or default passwords, in particular — of which cybercriminals can easily take control. The result? Delivering a fatal drug overdose or shocking perfectly healthy patients without warning.
Be Diligent About Mobile Security
The lion's share of existing security issues stem from poor app development in mobile and wearable devices. Mobile device developers prioritize speed over security and eschew critical features such as encrypted commands, limited application sessions and disabling repeat requests. And while recognizing these flaws is the first step to improving mobile safety, users need to be aware of today's risk factors. Right now, hackers can do far more with a mobile or wearable than the user may realize.