Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | The Best Coffee Grinder | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Use It

author photo

How to Tell if Your Phone Has Been Hacked

by on February 09, 2017
in Privacy, Phones and Mobile, Mobile Apps, Tips & How-Tos :: 18 comments

How to Tell if Your Phone Has Been Hacked

By now, government spying is such a common refrain that we may have become desensitized to the notion that the NSA taps our phone calls or the FBI can hack our computers whenever it wants. Yet there are other technological means – and motives – for hackers, criminals and even the people we know, such as a spouse or employer, to hack into our phones and invade our privacy.

From targeted breaches and vendetta-fueled snooping to opportunistic land grabs for the data of the unsuspecting, here are seven ways someone could be spying on your cell phone – and what you can do about it.

1. Spy apps

There is a glut of phone monitoring apps designed to covertly track someone’s location and snoop on their communications. Many are advertised to suspicious partners or distrustful employers, but still more are marketed as a legitimate tool for safety-concerned parents to keep tabs on their kids. Such apps can be used to remotely view text messages, emails, internet history, and photos; log phone calls and GPS locations; some may even hijack the phone’s mic to record conversations made in person. Basically, almost anything a hacker could possible want to do with your phone, these apps would allow.

And this isn’t just empty rhetoric. When we studied cell phone spying apps back in 2013, we found they could do everything they promised. Worse, they were easy for anyone to install, and the person who was being spied on would be none the wiser that there every move was being tracked.

“There aren’t too many indicators of a hidden spy app – you might see more internet traffic on your bill, or your battery life may be shorter than usual because the app is reporting back to a third-party,” says Chester Wisniewski, principal research scientist at security firm Sophos.

Likelihood

Spy apps are available on Google Play, as well as non-official stores for iOS and Android apps, making it pretty easy for anyone with access to your phone (and a motive) to download one.

How to protect yourself

  • Since installing spy apps require physical access to your device, putting a passcode on your phone greatly reduces the chances of someone being able to access your phone in the first place. And since spy apps are often installed by someone close to you (think spouse or significant other), pick a code that won’t be guessed by anyone else.
  • Go through your apps list for ones you don’t recognize.
  • Don’t jailbreak your iPhone. “If a device isn’t jailbroken, all apps show up,” says Wisniewski. “If it is jailbroken, spy apps are able to hide deep in the device, and whether security software can find it depends on the sophistication of the spy app [because security software scans for known malware].”
  • For iPhones, ensuring you phone isn’t jailbroken also prevents anyone from downloading a spy app to your phone, since such software – which tampers with system-level functions - doesn’t make it onto the App Store.
  • Android users can download a mobile security app that will flag malicious programs. There isn’t the same type of mobile security apps for iOS, due to App Store restrictions, though Lookout Security and Sophos will alert you if your iPhone has been jailbroken.

2. Phishing by message

Whether it’s a text claiming to be from your financial institution, or a friend exhorting you to check out this photo of you last night, SMSes containing deceptive links that aim to scrape sensitive information (otherwise known as phishing or “smishing”) continue to make the rounds.

Android phones may also fall prey to messages with links to download malicious apps. (The same scam isn’t prevalent for iPhones, which are commonly non-jailbroken and therefore can’t download apps from anywhere except the App Store.)

Such malicious apps may expose a user’s phone data, or contain a phishing overlay designed to steal login information from targeted apps – for example, a user’s bank or email app.

Likelihood

Quite likely. Though people have learned to be skeptical of emails asking them to “click to see this funny video!”, security lab Kaspersky notes that they tend to be less wary on their phones.

How to protect yourself

  • Keep in mind how you usually verify your identity with various accounts – for example, your bank will never ask you to input your full password or PIN.
  • Avoid clicking links from numbers you don’t know, or in curiously vague messages from friends, especially if you can’t see the full URL.
  • If you do click on the link and end up downloading an app, your Android phone should notify you. Delete the app and/or run a mobile security scan.

3. SS7 global phone network vulnerability

Nearly two years ago, it was discovered that a communication protocol for mobile networks across the world, Signalling System No 7 (SS7), has a vulnerability that lets hackers spy on text messages, phone calls and locations, armed only with someone’s mobile phone number. An added concern is that text message is a common means to receive two-factor authentication codes from, say, email services or financial institutions – if these are intercepted, an enterprising hacker could access protected accounts, wrecking financial and personal havoc.

According to security researcher Karsten Nohl, law enforcement and intelligence agencies use the exploit to intercept cell phone data, and hence don’t necessarily have great incentive to seeing that it gets patched.

Likelihood

Extremely unlikely, unless you’re a political leader, CEO or other person whose communications could hold high worth for criminals. Journalists or dissidents travelling in politically restless countries may be at an elevated risk for phone tapping.

How to protect yourself

  • Use an end-to-end encrypted message service that works over the internet (thus bypassing the SS7 protocol), says Wisniewski. WhatsApp (free, iOS/Android), Signal (free, iOS/Android) and Wickr Me (free, iOS/Android) all encrypt messages and calls, preventing anyone from intercepting or interfering with your communications.
  • Be aware that if you are in a potentially targeted group your phone conversations could be monitored and act accordingly.

4. Snooping via open Wi-Fi networks

Thought that password-free Wi-Fi network with full signal bars was too good to be true? It might just be. Eavesdroppers on an unsecured Wi-Fi network can view all its unencrypted traffic. And nefarious public hotspots can redirect you to lookalike banking or email sites designed to capture your username and password. And it’s not necessarily a shifty manager of the establishment you’re frequenting. For example, someone physically across the road from a popular coffee chain could set up a login-free Wi-Fi network named after the café, in hopes of catching useful login details for sale or identity theft.

Likelihood

Any tech-savvy person could potentially download the necessary software to intercept and analyze Wi-Fi traffic – including your neighbor having a laugh at your expense (you weren’t browsing NSFW websites again, were you?).

How to protect yourself

  • Only use secured networks where all traffic is encrypted by default during transmission to prevent others from snooping on your Wi-Fi signal.
  • Download a VPN app to encrypt your smartphone traffic. SurfEasy VPN (iOS, Android) provides 500MB of traffic free, after which it’s $2.99/month.
  • If you must connect to a public network and don’t have a VPN app, avoid entering in login details for banking sites or email. If you can’t avoid it, ensure the URL in your browser address bar is the correct one. And never enter private information unless you have a secure connection to the other site (look for “https” in the URL and a green lock icon in the address bar).

5. Unauthorized access to iCloud or Google account

Hacked iCloud and Google accounts offer access to an astounding amount of information backed up from your smartphone – photos, phonebooks, current location, messages, call logs and in the case of the iCloud Keychain, saved passwords to email accounts, browsers and other apps. And there are spyware sellers out there who specifically market their products against these vulnerabilities.

Online criminals may not find much value in the photos of regular folk – unlike nude pictures of celebrities that are quickly leaked– but they know the owners of the photos do, says Wisniewski, which can lead to accounts and their content being held digitally hostage unless victims pay a ransom.

Additionally, a cracked Google account means a cracked Gmail, the primary email for many users.

Having access to a primary email can lead to domino-effect hacking of all the accounts that email is linked to – from your Facebook account to your mobile carrier account, paving the way for a depth of identity theft that would seriously compromise your credit.

Likelihood

“This is a big risk. All an attacker needs is an email address; not access to the phone, nor the phone number,” Wisniewski says. If you happen to use your name in your email address, your primary email address to sign up for iCloud/Google, and a weak password that incorporates personally identifiable information, it wouldn’t be difficult for a hacker who can easily glean such information from social networks or search engines.

How to protect yourself

  • Create a strong password for these key accounts (and as always, your email).
  • Enable login notifications so you’re aware of sign-ins from new computers or locations.
  • Enable two-factor authentication so that even if someone discovers your password they can’t access your account without access to your phone.
  • To prevent someone resetting your password, lie when setting up password security questions. You would be amazed how many security questions rely on information that is easily available on the Internet or is widely known by your family and friends.

6. Malicious charging stations

Well-chosen for a time when smartphones barely last the day and Google is the main way to not get lost, this hack leverages our ubiquitous need for juicing our phone battery, malware be damned. Malicious charging stations – including malware-loaded computers – take advantage of the fact that standard USB cables transfer data as well as charge battery. Older Android phones may even automatically mount the hard drive upon connection to any computer, exposing its data to an unscrupulous owner.

Security researchers have also shown it’s possible to hijack the video-out feature on most recent phones so that when plugged into a malicious charge hub, a hacker can monitor every keystroke, including passwords and sensitive data.

Likelihood

Low. There are no widely known instances of hackers exploiting the video-out function, while newer Android phones ask for permission to load their hard drive when plugged into a new computer; iPhones request a PIN. However, new vulnerabilities may be discovered.

How to protect yourself

  • Don’t plug into unknown devices; bring a wall charger. You might want to invest in a charge-only USB cable like PortaPow ($6.99 on Amazon)
  • If a public computer is your only option to revive a dead battery, select the “Charge only” option (Android phones) if you get a pop-up when you plug in, or deny access from the other computer (iPhone).

7. FBI’s StingRay (and other fake cellular towers)

An ongoing initiative by the FBI to tap phones in the course of criminal investigations (or indeed, peaceful protests) involves the use of cellular surveillance devices (the eponymous StingRays) that mimic bona fide network towers.

StingRays, and similar pretender wireless carrier towers, force nearby cell phones to drop their existing carrier connection to connect to the StingRay instead, allowing the device’s operators to monitor calls and texts made by these phones, their movements, and the numbers of who they text and call.

As StingRays have a radius of about 1km, an attempt to monitor a suspect’s phone in a crowded city center could amount to tens of thousands of phones being tapped.

Until late 2015, warrants weren’t required for StingRay-enabled cellphone tracking; currently, around a dozen states outlaw the use of eavesdropping tech unless in criminal investigations, yet many agencies don’t obtain warrants for their use.

Likelihood

While the average citizen isn’t the target of a StingRay operation, it’s impossible to know what is done with extraneous data captured from non-targets, thanks to tight-lipped federal agencies.

How to protect yourself

  • Use encrypted messaging and voice call apps, particularly if you enter a situation that could be of government interest, such as a protest. Signal (free, iOS/Android) and Wickr Me (free, iOS/Android) both encrypt messages and calls, preventing anyone from intercepting or interfering with your communications. Most encryption in use today isn’t breakable, says Wisniewski, and a single phone call would take 10-15 years to decrypt.

“The challenging thing is, what the police have legal power to do, hackers can do the same,” Wisniewski says. “We’re no longer in the realm of technology that costs millions and which only the military have access to. Individuals with intent to interfere with communications have the ability to do so.”

From security insiders to less tech-savvy folk, many are already moving away from traditional, unencrypted communications – and perhaps in several years, it’ll be unthinkable that we ever allowed our private conversations and information to fly through the ether unprotected.

[image credit: hacker smartphone concept via BigStockPhoto]



Discussion loading

gravatar

Help

From Esperanza franco on March 10, 2017 :: 8:33 am

My hubends phone has been hacked mutipule time and they are using all my emails to do so need help to stop it

Reply

gravatar

Help is on it's away

From Geo metro on April 23, 2017 :: 1:12 pm

Don’t worry I’ll help you!!! Before going into the system I would want to know, what is the name of your phone?

Reply

gravatar

Help me

From Sarah on April 25, 2017 :: 7:07 am

Hi my sister erased everything on my iPod 6 and we don’t know the email or password to our iCloud and do not want to tell our parents is their any way we can hack it and bring everything back

Reply

avatar

May not be possible, but you can try

From Josh Kirschner on April 25, 2017 :: 9:24 am

There is no way to “hack” your iPod to bring everything back. However, it may be possible to recover some of the data using data recovery tools. This article explains one of the ways to do it: http://www.macworld.com/article/2095226/how-to-recover-lost-data-from-your-iphone-ipad-or-ipod-touch.html.

gravatar

hi

From dav on June 22, 2017 :: 6:43 pm

I’m probably not the only who’ll love to keep a tab on my husband;knowing what he does on his phone and PC as well as his social media activities. Well I met the only reliable hacker/private investigator (.(JavaScript must be enabled to view this email address) ) who handles such jobs with precision. Surprisingly, he offered me a 24-hours total refund if I find his services unsatisfactory but he delivered way more than I expected. I’ll gladly list a couple of services he offers:
–Clearing Criminal Records - Tracking GPS location –Cloning —Bank Account hack —Call Recordings – Call Logs Retrieval – Incoming calls restriction – Remotely accessing SMS –Genuine Software cracking—Game hacking and cracking—Keylogging – Remote device control – Calendar Monitoring – Remote email spying –Internet Usage Monitoring —Message retrievals: whatsapp message retrieval, iTunes message retrieval, Facebook message retrieval, instagram, snapchat message and story retrieval, etc– Intercepting Instant Messages: Whatsapp Spy, Viber Spy, Facebook Spy, Skype Spy, Hangouts Spy — Result/Grades modification; University, high school, professional schools, etc– Phone and PC bugging —Ambient Recording: Live listen and record voice surrounding phones – USSD Control commands
I’m quite sure he’s into many more. You can’t underestimate what he can do for you. You might really wanna consider contacting him today. He’s definitely going to be of great help. (.(JavaScript must be enabled to view this email address))

Reply

gravatar

Don't believe

From Stucknmal on April 22, 2017 :: 6:36 pm

I have used every anti Mal were app there is and never done nothing for me it is my beliefs that at one time is how they were accessing my account I’ve tried everything I could come up with and followed all the flashing and shaking things on the screen to mostly be hacked deeper and I’m lost and don’t care any more and anytime I ever tried to track someone it has never worked out for me r my phone flips out r something but every thing says the same thing and nothing works for me but if anyone knows something I don’t please fill me in cause I’m stuck I gang??? Can’t remember but I’m stuck and every playing game and trying to ruin ur life well I’m not playing anymore just waiting for a slip then it will be my time to shine thanks and he fun til the slip

Reply

gravatar

Google instant app

From pocha on May 29, 2017 :: 12:05 am

I do not want google instant app on my phone but someone keeps downloading it on here.I uninstall it but they put it right back on here. Who and why would they be doing this

Reply

gravatar

iPhone 7 plus have been hacked

From Jemma on May 31, 2017 :: 3:58 pm

Both of my iPhone 7 plus have been “hacked” because the hackers manage to repeat all my activities via phone in-front of me. Example repeat the WhatsApp text message, whatsapp call conversation. We chat text message, and even to record the life conversation. The hackers donor have chances to touch my IPhone but they just know my Apple ID and contact number. However I have changed my Apple ID and contact number but they still manage to listen to my daily conversation with others. Please help….

Reply

gravatar

How do they do it

From Melisa on June 11, 2017 :: 3:00 am

Me too, the hackers have never physically held my device yet they repeat my whatsapp conversations and know my phone conversations, and they know exactly where I am and sometimes they know what ive said at certain times perhaps from the tracking the microphone.  this is an iPhone 6s how do they do it

Reply

gravatar

ID theft via phone

From Leo on June 07, 2017 :: 2:49 am

My I phone 6 was hacked five years ago for the past five years I have had to rebuild my identity. The worst part is that this has cost me to loose work and has hindered me finding work. As they stole my resume. Is there anything I can do to regain my life back?

Reply

gravatar

Hacked phone??

From Amanda on June 15, 2017 :: 3:32 pm

I got some inappropriate texts from my father in law, sexual in nature.  When I showed my husband,  he denied sending them and claims his phone was hacked.  My question is, could a phone be hacked to send these messages?  Nobody else got ANY messages,  nothing else was disrupted either.  Could this even happen??

Thank you!!

Reply

gravatar

Phone hacked

From Jamme on June 22, 2017 :: 2:11 pm

Amanda,
I am in a similar boat.  I noticed odd numbers on my phone bill connected to my husbands phone, when i google the numbers that text messages were exchanged with they are to escort services and things of the like.  He denies ever sending texts to these numbers and no one else I know of has EVER had this issue.  A similar thing happened 6 years ago and a year after that.  And when I go back in the phone records, I can see the last 5-6 months that this has happened.

Reply

Please tell me if m

From facebook120025445256953 on June 15, 2017 :: 6:46 pm

Please tell me if m my phone is hAcked

Reply

gravatar

How do you know if my calls has been hacked

From Portia on June 19, 2017 :: 2:29 am

Hie I really need your help I thinks my boyfriend is hacking my call could you help me his phone number is 0766983409 and my number is 0725821450
Thanks

Reply

gravatar

Hy could you please helps

From Portia on June 19, 2017 :: 2:31 am

Hy could you please helps I need to know who hacking my calls my no 0725821450

Reply

gravatar

My cell phone hacked?

From Vero on June 20, 2017 :: 3:30 pm

I woke up yesterday only to fine someone I do know but not on my friends list of Face Book replying to a message I did not sent him… It was a photo of taken from my Instagram page which is private… I have no idea how this could happen?  Also a text message was sent to one of my contact on my phone that I never sent and some calls were made that I did not make…. I don’t know what to do or what to make of all this?  Any idea how someone could have done this. I had my phone in my possession the whole time and it’s pass code protected..

Reply

gravatar

Stalking and Harrassment

From Marian Marcus on June 26, 2017 :: 7:16 pm

I have neighbors(husband and wife) that is stalking, threatening and harassing me in the building where I live. I feel that she has found a way to hack into my phone and track my comings and goings.

Reply

© Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

site design: Juxtaprose