Your Phone Is Spying On You

Uploaded on 2020-06-17 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In the connected world many people use their mobile phone to help manage their life. While most users know that everything they do online can be tracked and recorded, not everyone is aware of the opportunities smartphones provide for corporations and government agencies to spy on many users.

Smartphones are equipped with an arsenal of monitoring equipment: multiple microphones and cameras are designed to absorb audio and video. 

While these tools are useful for creating media, they are also a goldmine for advertisers and monitoring.
People should have the right to privacy on their mobile phones, but with the increase of malicious hackers and the use of 3rd party Apps this privacy is reducing. Governments, companies and cyber criminals look to obtain your data by any means, and use it to their advantage.

You are Being Watched

Edward Snowden showed the world how intelligence agencies are spying on their citizens and it became clear that we are all being watched.This is regardless of whether you are on a terrorist watch list or an exemplary national. The idea that our phones are listening in on your conversations became a big topic in recent years when platforms like Facebook seemingly started serving ads to people based on conversations they had when their phone was in the room.

During a recent interview, Snowden revealed that many mobile carriers are using IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) codes to determine each movement of the users. The IMEI and IMSI are identification numbers of smartphones and SIM cards.

According to Snowden, when a phone is turned on, the carrier continuously records every movement of the user by assessing their distance with the two signal towers. He points out that prior to the integration of smartphones; this type of information was private. However, digital technology has made it possible for mobile manufacturers and carriers to access the bulk information and even store it as a valued possession. 

Snowden says that no individual with a smartphone is exempt from this surveillance. Unfortunately, the users are not aware of this issue and continue to ‘hand over’ their privacy rights to their respective phone carriers, mobile manufacturers, and even app developers.

Currently, government agencies and tech giants have taken proactive action to secure the privacy of mobile users, specifically after the Facebook / Cambridge Analytica scandal. However, Edward says that the actions taken are not enough. 

Pre-installed Vulnerabilities and Spyware

US researchers have discovered a large number of vulnerabilities in smartphones. Malware and backdoors are often pre-installed at the root level, and there is nothing a regular user can do about it.

Most people are aware that their cellphone may have certain vulnerabilities and that they should be careful about the settings they choose, cautious when using the device to send and receive sensitive data and wary about what kind of apps to install. 

But most users are not aware that a brand-new mobile phone straight from the factory comes with pre-installed spyware.

The phone may have an invisible app that manages to obtain elevated admin privileges and do things that you as a user can hardly detect and cannot disable. That app may even send out data packages to some remote server at night when you as the owner are sleeping and your cellphone is turned off.  

The problem of pre-installed vulnerabilities is most likely not limited to Android. Similar bugs may also exist in other operating systems. But the sheer number of Android devices makes them a more attractive target to attackers and the way the system software is developed and distributed makes it easier for them to get a foothold in the supply chain of the software.

Of the estimated 5 billion people who are using mobile devices, 85% are using models based on a version of the Android operating system. Besides smartphones, Android  also runs on a variety of other connected devices like TVs or car entertainment systems and the vulnerabilities extend to those, too.

As new software components arrive in the market at a breathtaking pace, the bugs and vulnerabilities in pre-installed software are more likely to increase in number than come to an end anytime soon.

What Data is being Collected?

What is being monitored is details of your device such as the model, name and phone number these trackers can grab your email address, the IP address that is allocated to your Internet connection and even your precise location at any given time. Some of the identified vulnerabilities allow attackers to get into the phone remotely, activate keyloggers, take screenshots or simply record everything the owner sees, does, says and hears, including the typing, deleting and correcting of passwords. Everything from music streaming and weather apps, through to news and storage apps are doing it. 

The Nuclear Option
To protect yourself from corporations or hackers listening in on your conversations, make sure to disable access to microphones for all apps that do not absolutely require them. Additionally, you should avoid clicking on any links or downloading attachments from unknown senders.

If you want to frustrate the collectors of this data as much as possible, there are other more drastic measures you can take. The obvious one is to uninstall all the apps that are not 100% essential to you. A regular cull, on a regular basis, is no bad thing anyway if only on memory and storage usage grounds.

You can switch such things as Wi-Fi, GPS and Bluetooth off when you don't need them. Additionally, you should only download reputable applications to minimize the chance of ending up with a malicious app on your phone. Running a regular malware and virus scan on your smartphone can also help you to identify and clear out any potentially harmful applications. 

Hard-line privacy activists may suggest that ditching smartphones altogether is the best step to take to avoid phone-based privacy invasions. However, for the majority of us, that would be rather impractical.

For a number of years the tech giants have batted away suggestions that they are using the microphones in our mobiles to spy but as distrust in the US tech giants has grown and many users now feel that they are being spied upon.          

DeutscheWelle:          Forbes:        Brave New Coin:       BBC:       HackRead:         Digital Information World:   

You Might Also Read: 

Coronavirus Tracing Apps Conflict With Privacy:

 

 

« Maritime Cyber Attacks Quadruple
Hackers Are Targeting Coronavirus Research »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology (NIST)

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

CipherBlade

CipherBlade

CipherBlade specializes in blockchain forensics, data science and transaction tracking.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.