How to protect your phone from being hacked
Despite the media’s constant reporting on hacking scandals and data breaches, we like to think that such thing can’t happen to us. But even if you’re not a celebrity with tempting pics on your phone, getting hacked is a real threat.
And while tech savvy users are probably starting to roll their eyes right about now, your run-of-the-mill smartphone user is only sparsely familiar with the hazards that come with those handy companions.
With smartphones often being used for banking and other financial transactions, your phone’s data contains a treasure trove of lucrative information. There are two main ways hackers can get access to what's stored on your phone.
How can my phone be hacked?
With smartphones often being used for banking and other financial transactions, your phone’s data contains a treasure trove of lucrative information. There are two main ways hackers can get access to what's stored on your phone.
Brute force
If the attackers steal your smartphone, they have all the time in the world to brute-force its security. Luckily, that's becoming increasingly difficult as manufacturers now use dedicated encryption chips to prevent the data from being read even if the storage itself is connected to another device.
Guessing your PIN is not an option either, as after a few attempts the software adds a delay that increases with each wrong code that is entered. Because of these obstacles, this isn't the hackers' method of choice.
Hacking using malware
Cyber criminals prefer to strike from a distance using software tools that do most of the work for them. In order to succeed, they rely on the weakest link in the smartphone security chain: you.They exploit a slew of weaknesses we humans have. From lack of understanding and knowledge of the technology we're using to simple disregard of safety for convenience's sake, there are many approaches the ill-minded can take. Their goal is to have us install their malicious software so it can secretly do its thing and send them whatever they're after.
How to keep my phone safe from hackers?
Depending on how concerned you are about the safety of your data, there's a wide range of measures one can take to be extra safe. From using VPN to turning off your mobile data, most of them are intrusive or straight up annoying.
So, instead of telling you to wrap your phone in tin foil when you’re not using it, we have some tips that are both easy to follow and effective enough for the average user. Here they are:
We often frown when we see there’s a security update waiting to be installed on our phone because that means it will be unusable for a few minutes (the horror!). But they exist for a reason. No software is perfect and vulnerabilities are often found months, if not years, after the initial release. Software updates close these holes and make sure there’s one fewer way hackers can get to your data.
The same thing is valid for the apps you have installed on your phone. They can just as easily become a backdoor to your phone and having the latest version is your best bet for safety.
Speaking of apps...
Countless apps exist for one sole purpose: to steal your data and sell it to the highest bidder. They often provide some basic functionality but can also lure people with extravagant claims like blood-pressure or temperature measuring. A good sign an app is trying to do more than it says is when during installation the required permissions include things it has no business accessing.
Your phone’s camera, microphones and contacts list are often prime targets for overreaching apps, so make sure they’ll actually be needed before giving them a carte blanche. Apps that double functions your phone can already perform, such as third-party camera or keyboard apps, should be avoided unless coming from very reputable developers.
You can always change permissions after an app has been installed, so if you’re suspicious of apps you already have, check and make changes accordingly. If an app refuses to work without those permissions, it might be time to find an alternative.
If for some reason you don’t have a lock on your phone, add one right now! And make sure the number you’re using is unique and not your birth year, birth date or anything else related to you. Also, don’t use codes such as 123456 and don't be like Kanye West and his super-secure PIN:
Face ID and Touch ID use for iPhones is a no-brainer and if you’re on Android, you can often make use of both face unlock and a fingerprint sensor. Keep in mind the face recognition on most Android devices can be fooled relatively easy, so if you have reasons to be extra careful, only use fingerprints for authentication. But remember, the PIN trumps all methods in terms of authority, so your security is only as good as it is.
Keep your phone’s OS and apps up to date
We often frown when we see there’s a security update waiting to be installed on our phone because that means it will be unusable for a few minutes (the horror!). But they exist for a reason. No software is perfect and vulnerabilities are often found months, if not years, after the initial release. Software updates close these holes and make sure there’s one fewer way hackers can get to your data.
The same thing is valid for the apps you have installed on your phone. They can just as easily become a backdoor to your phone and having the latest version is your best bet for safety.
Speaking of apps...
Don’t install shady apps with unnecessary permission requests
Countless apps exist for one sole purpose: to steal your data and sell it to the highest bidder. They often provide some basic functionality but can also lure people with extravagant claims like blood-pressure or temperature measuring. A good sign an app is trying to do more than it says is when during installation the required permissions include things it has no business accessing.
You can always change permissions after an app has been installed, so if you’re suspicious of apps you already have, check and make changes accordingly. If an app refuses to work without those permissions, it might be time to find an alternative.
Set up a secure PIN and any available biometrics
Apple's security is so good even the government has trouble cracking it
If for some reason you don’t have a lock on your phone, add one right now! And make sure the number you’re using is unique and not your birth year, birth date or anything else related to you. Also, don’t use codes such as 123456 and don't be like Kanye West and his super-secure PIN:
Kanye’s iPhone password is literally “000000” pic.twitter.com/Ya7wIN9eVQ
— Marcus Gilmer (@marcusgilmer) October 11, 2018
Don’t connect to random unsecured wi-fi networks
It’s always tempting to connect to a free Wi-Fi network to not waste your data allowance but that’s generally not a good idea when it comes to security.
Even if your phone is perfectly safe, you can never be 100% sure where the traffic from the network is going through. Public access points can often be easily compromised and the data intercepted and used for malicious purposes.
Pretty much every website today uses the HTTPS, which is meant to protect against such man-in-the-middle attacks, but unless you really have to use a public Wi-Fi, it’s better to stay on your mobile data as an extra precaution.
The so-called phishing attacks are probably the most popular way users compromise themselves. Messages or emails made to look like they’re coming from your carrier or popular service you use often include links that urge you to verify something because otherwise there will be serious consequences!
Pay close attention to the sender’s email/phone number. Usually, it’s not hard to spot a fake one, as they don’t come from the official domains.
Files can be even more dangerous. Just recently, news broke that Jeff Bezos’ phone was hacked, allegedly through a file sent via WhatsApp. It’s best if you just ignore any files that are coming from anyone who isn’t your friend.
Even that’s not a guarantee, however. Sometimes messaging services get compromised and messages are being sent from users without them even knowing (we’re looking at you, Skype). So if you receive a link from someone you don’t talk to often, make sure they’ve actually sent it before opening it.
Even if your phone is perfectly safe, you can never be 100% sure where the traffic from the network is going through. Public access points can often be easily compromised and the data intercepted and used for malicious purposes.
Don’t open suspicious emails/links/files
The so-called phishing attacks are probably the most popular way users compromise themselves. Messages or emails made to look like they’re coming from your carrier or popular service you use often include links that urge you to verify something because otherwise there will be serious consequences!
Pay close attention to the sender’s email/phone number. Usually, it’s not hard to spot a fake one, as they don’t come from the official domains.
Files can be even more dangerous. Just recently, news broke that Jeff Bezos’ phone was hacked, allegedly through a file sent via WhatsApp. It’s best if you just ignore any files that are coming from anyone who isn’t your friend.
Even that’s not a guarantee, however. Sometimes messaging services get compromised and messages are being sent from users without them even knowing (we’re looking at you, Skype). So if you receive a link from someone you don’t talk to often, make sure they’ve actually sent it before opening it.
Avoid using public charging stations
Knowing how vital smartphones have become for our existence, public places like airports and malls have started adding charging stations. As convenient as it is, plugging your phone to a random cable is obviously not a good idea unless you’re really desperate for some extra juice.
Of course, both iPhones and Android phones have defenses against attacks coming from the charging port, but it’s not far fetched to assume that people might accidentally click “Trust” when plugging their phone and have their data siphoned.
Plus, hackers are often one step ahead so you never know what new method they’ve come up with. If you find yourself with a dead battery often, it’s better to keep a power bank with you.
Android has a feature that’s very convenient but can pose a potential security risk. It allows you to skip PIN input/biometrics whenever your phone is connected to certain Bluetooth devices: for example your car, a pair of wireless headphones or a smartwatch.
But if someone gets their hands on your device without you noticing, they can stay within Bluetooth range and do all sorts of damage while you’re blissfully unaware. It’s best to use such features with devices you have at home and not ones you carry around with you.
Of course, both iPhones and Android phones have defenses against attacks coming from the charging port, but it’s not far fetched to assume that people might accidentally click “Trust” when plugging their phone and have their data siphoned.
Use features that keep your phone unlocked wisely
Android has a feature that’s very convenient but can pose a potential security risk. It allows you to skip PIN input/biometrics whenever your phone is connected to certain Bluetooth devices: for example your car, a pair of wireless headphones or a smartwatch.
Things that are NOT allowed: