It’s extremely easy nowadays to place a great amount of trust with your smartphone manufacturer when it comes to security and privacy. The average consumer is most likely uninformed when it comes to dangerous mobile phone exploits and hacks and how they work. While technology companies do their best to secure phones and provide security updates, hackers still find ways to get into phones. This is actually a real issue that’s still fairly common today, and sometimes you may not even be aware that an anonymous party has gained access to your phone. Just think about all the sensitive data you have on your phone (passwords, credit card numbers, pictures, bank accounts, etc.), so you would expect that your smartphone manufacturer does their best to protect your privacy. Still, exploits and system vulnerabilities still exist, which is why it’s important for you to be aware of such things. So why don’t we take a look at a few recent exploits and hacks that are some of the most dangerous ones?
Masque Attack is the name of an iOS vulnerability that was first identified by FireEye, a computer security company, back in 2014. The vulnerability affects iPhones and iPads running iOS 7.1.1 up to iOS 8.1.2. Essentially the vulnerability works when hackers get unsuspecting users to download an app that has deceptively been created to appear like a normal, legitimate app. They create these malicious apps by using the same bundle identifier, an apps unique ID, that are used by non-malicious apps. So for example an app labeled “New Flappy Bird” might appear to be a game, but is actually a malicious application. Once installed, hackers then use the fake app to gain basically root privileges of the phone. That means they can access your phones sensitive data, hijack your devices traffic, access information stored in other apps, or get into your system files. Apple has patched the vast majority of these vulnerabilities, but only if you are running iOS 8.1.3 or later. While this method hasn’t been exploited that much, you should definitely update your iOS device to the most recent version of iOS in addition to using common sense. As you will see, the best way to protect yourself from these hacks and vulnerabilities is to ensure your device is running the latest version of its software and avoid installing shady apps or downloading files from questionable websites.
The Samsung SwiftKey Exploit
The Samsung SwiftKey exploit was only just recently found back in June of this year, and it’s an exploit that is found on many Samsung smartphones. SwiftKey is a popular 3rd party keyboard used by many users, and their app is not affected. However, Samsung uses a special, customized version of the SwiftKey app on their phones like the Galaxy S6, Galaxy Note 4, and other devices. The vulnerability exists within the keyboards updating process, and keyboard applications have some of the highest levels of access within a cellphone. Essentially when the keyboard automatically updates, it’s exposed to attacks. Hackers could theoretically access your phone via the update process on a unsecured Wi-Fi network. During the updating process, they can then deliver a malicious payload and gain access into secure aspects of your phone. Samsung has already worked on patching this exploit and most users should be okay. But again, to protect your device you should update to the newest software version and avoid public Wi-Fi spots, unless you are using a secure VPN.
XARA is the name for a few vulnerabilities that affect OS X and iOS devices, however it primarily affects OS X devices. Basically hackers can uses these exploits to create malicious apps that can gain access to secure information within your device, specifically passwords. As long as you do not install questionable apps from the App Store, you should be good. Apple has already patched most of these exploits, and are currently working on fixing the rest.
Stagefright is an exploitable software bug that has just recently been discovered, and it could be one of the most dangerous exploits ever. It affects all Android devices running Android 2.2 up to the most current versions of Android 5.1.x, meaning that it more-or-less affects every single Android device. Essentially hackers can theoretically send any device a video MMS containing a malicious payload that can grant them access to your smartphone. Additionally phones can be exploited through malicious URLs or applications. Phones running Android 4.0 or higher contain software that makes it more difficult for hackers to exploit phones, however the hack still exists. Google, LG, Samsung, and Motorola have already pledged to provide users with updates that will fix the patch, and they are beginning to roll the updates to users already. Many other OEMs are getting on board with this as well. Multiple 3rd party messaging apps have also provided users with updates to protect from the MMS attacks as well. As I have mentioned before, the best way to ensure security is to make sure your running the latest version of your respective software and use common sense. Avoid downloading questionable apps and don’t open MMS messages from unknown senders. Do that, and you will most likely be okay.
Photo by Sean Gallup/Getty Images