Your Phone Is Spying On You

Uploaded on 2020-06-17 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In the connected world many people use their mobile phone to help manage their life. While most users know that everything they do online can be tracked and recorded, not everyone is aware of the opportunities smartphones provide for corporations and government agencies to spy on many users.

Smartphones are equipped with an arsenal of monitoring equipment: multiple microphones and cameras are designed to absorb audio and video. 

While these tools are useful for creating media, they are also a goldmine for advertisers and monitoring.
People should have the right to privacy on their mobile phones, but with the increase of malicious hackers and the use of 3rd party Apps this privacy is reducing. Governments, companies and cyber criminals look to obtain your data by any means, and use it to their advantage.

You are Being Watched

Edward Snowden showed the world how intelligence agencies are spying on their citizens and it became clear that we are all being watched.This is regardless of whether you are on a terrorist watch list or an exemplary national. The idea that our phones are listening in on your conversations became a big topic in recent years when platforms like Facebook seemingly started serving ads to people based on conversations they had when their phone was in the room.

During a recent interview, Snowden revealed that many mobile carriers are using IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) codes to determine each movement of the users. The IMEI and IMSI are identification numbers of smartphones and SIM cards.

According to Snowden, when a phone is turned on, the carrier continuously records every movement of the user by assessing their distance with the two signal towers. He points out that prior to the integration of smartphones; this type of information was private. However, digital technology has made it possible for mobile manufacturers and carriers to access the bulk information and even store it as a valued possession. 

Snowden says that no individual with a smartphone is exempt from this surveillance. Unfortunately, the users are not aware of this issue and continue to ‘hand over’ their privacy rights to their respective phone carriers, mobile manufacturers, and even app developers.

Currently, government agencies and tech giants have taken proactive action to secure the privacy of mobile users, specifically after the Facebook / Cambridge Analytica scandal. However, Edward says that the actions taken are not enough. 

Pre-installed Vulnerabilities and Spyware

US researchers have discovered a large number of vulnerabilities in smartphones. Malware and backdoors are often pre-installed at the root level, and there is nothing a regular user can do about it.

Most people are aware that their cellphone may have certain vulnerabilities and that they should be careful about the settings they choose, cautious when using the device to send and receive sensitive data and wary about what kind of apps to install. 

But most users are not aware that a brand-new mobile phone straight from the factory comes with pre-installed spyware.

The phone may have an invisible app that manages to obtain elevated admin privileges and do things that you as a user can hardly detect and cannot disable. That app may even send out data packages to some remote server at night when you as the owner are sleeping and your cellphone is turned off.  

The problem of pre-installed vulnerabilities is most likely not limited to Android. Similar bugs may also exist in other operating systems. But the sheer number of Android devices makes them a more attractive target to attackers and the way the system software is developed and distributed makes it easier for them to get a foothold in the supply chain of the software.

Of the estimated 5 billion people who are using mobile devices, 85% are using models based on a version of the Android operating system. Besides smartphones, Android  also runs on a variety of other connected devices like TVs or car entertainment systems and the vulnerabilities extend to those, too.

As new software components arrive in the market at a breathtaking pace, the bugs and vulnerabilities in pre-installed software are more likely to increase in number than come to an end anytime soon.

What Data is being Collected?

What is being monitored is details of your device such as the model, name and phone number these trackers can grab your email address, the IP address that is allocated to your Internet connection and even your precise location at any given time. Some of the identified vulnerabilities allow attackers to get into the phone remotely, activate keyloggers, take screenshots or simply record everything the owner sees, does, says and hears, including the typing, deleting and correcting of passwords. Everything from music streaming and weather apps, through to news and storage apps are doing it. 

The Nuclear Option
To protect yourself from corporations or hackers listening in on your conversations, make sure to disable access to microphones for all apps that do not absolutely require them. Additionally, you should avoid clicking on any links or downloading attachments from unknown senders.

If you want to frustrate the collectors of this data as much as possible, there are other more drastic measures you can take. The obvious one is to uninstall all the apps that are not 100% essential to you. A regular cull, on a regular basis, is no bad thing anyway if only on memory and storage usage grounds.

You can switch such things as Wi-Fi, GPS and Bluetooth off when you don't need them. Additionally, you should only download reputable applications to minimize the chance of ending up with a malicious app on your phone. Running a regular malware and virus scan on your smartphone can also help you to identify and clear out any potentially harmful applications. 

Hard-line privacy activists may suggest that ditching smartphones altogether is the best step to take to avoid phone-based privacy invasions. However, for the majority of us, that would be rather impractical.

For a number of years the tech giants have batted away suggestions that they are using the microphones in our mobiles to spy but as distrust in the US tech giants has grown and many users now feel that they are being spied upon.          

DeutscheWelle:          Forbes:        Brave New Coin:       BBC:       HackRead:         Digital Information World:   

You Might Also Read: 

Coronavirus Tracing Apps Conflict With Privacy:

 

 

« Maritime Cyber Attacks Quadruple
Hackers Are Targeting Coronavirus Research »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.