Most people feel lost when they don’t have their smartphone in their hands. But little do they know that their favorite device can become a tool for criminals.
Prism Infosec Security Consultant Kieran Berg, Revealed the five common mistakes that could allow a hacker to access your smartphone in seconds.
the Kiran is a legitimate hacker who tests cyber security For companies to find vulnerabilities and vulnerabilities before criminals find them and exploit them.
As he points out, simple mistakes like reusing passwords, clicking on suspicious links, and sharing too much information on social media can get you into trouble.
The five mistakes that allow hackers to hack your smartphones:
- Using old software
- Reuse password
- Revealing too much information on the Internet
- Connect to unprotected public networks
- Click on suspicious links
Using old software
Kieran told MailOnline that One of the first things he and other hackers look for When preparing for an attack This is outdated software. “Outdated software is a really big problem because if the software is updated, it’s likely because there’s a security issue.”to explain.
Software, whether it’s your iPhone’s operating system or the factory control system, often has some type of security vulnerability. Although developers can quickly fix these issues, they are often shared online via forums and hacker communities.
«“If you don’t update your software to include the patch, hackers can come in and steal really sensitive information, and sometimes take over the software.” Kiran mentioned.
Vulnerabilities can take many different forms and allow criminals to cause serious disruption to businesses and individuals. These attacks are often opportunistic, with criminal groups scanning online archives for outdated software versions.
To stay safe online, you must “Always make sure your software is up to date.”
Another common way for hackers to access your personal data is by exploiting reused passwords, according to Kiran.
“No matter what site you provide information to, you don’t know what they will do with that information or how they will protect it.” stated. “The big risk with reusing passwords is that if one site you use is hacked, it could give hackers access to all of your accounts.”
“Once a company gets hacked, there is usually a large database repository that goes out on the dark web.” he added.
The Dark Web is an encrypted part of the Internet that is inaccessible by regular search engines and is often used to host criminal marketplaces. In April 2023, international business It dismantled a hacking group called Genesis Market, which the FBI said provided access to more than 80 million account credentials..
“There will be databases available of username and password combinations for your accounts. If you reuse passwords, a hacker can take that combination and use it to take control of another company. Kieran added.
Revealing too much information on the Internet
“On a personal level, for someone in their daily activities, one of the most important things people have to think about is how much information they share online.”Kieran stated.
In “red teaming” – the cybersecurity term for controlling a company’s defense systems – One of the first places Kieran and his team look is social media.
“We can do almost anything to get into a company, but one of the tools we use is collecting data from social media. We search social media sites like LinkedIn to see what we can find.”Kieran explained.
This just can’t be done Revealing usernames that can be linked to stolen account credentialsBut it also opens the door to a whole host of other attacks.
One of the most malicious attacks this method exposes you to is a technique called “SIM swap” ή “SIM-jacking”.
Kiran explains that hackers will search the Internet for information such as your date of birth, address and even answers to common security questions such as your mother’s name. “Once they have all this information, they can use social engineering techniques to contact their mobile operator and convince them to port their mobile number to a new SIM card.”He said.
Now, every time a message or call arrives at a victim’s phone, it goes directly to the hackers instead. “Once they have that, they suddenly have access to all the multi-factor authentication sites that the person has signed up to.”he added.
This can include work email accounts, online shopping accounts, and even online banking.
«“What you put online is out of your control, and if you’re not lucky and all that information is linked, your identity can be partially stolen.”“, Kieran warned.
4. Connecting to unprotected public networks
“In recent years, remote working has become more important. A big part of that involves people going to coffee shops and connecting to their public Wi-Fi,” Kiran said.
The problem is that of this kind Public networks use a type of system called “open authentication” to connect your device to the web without having to use authentication.
While this makes it easy to quickly connect to the café’s Wi-Fi network to send some emails, It also puts you at risk of attacks by cyber criminals.
“Open authentication means that the data you send over the network is not encrypted and can be recorded by anyone else on the network. One can sit outside a public Wi-Fi network and listen to what is being sent. They could be in the cafeteria or they could use specialized equipment to increase the range that can “It can monitor the network. They can be hidden at a safe distance and then all they have to do is listen and wait.”“, Kieran warned.
For aAvoid theft of personal information Like banking details from public WiFi, Keiran recommends Always use a VPN when you are in a public place. These services encrypt your data so that those monitoring the network cannot read it.
5. Click on suspicious links
Finally, Kiran confirmed this Sending suspicious links is still the most common way people get hacked.
Phishing remains the most common attack in the UK according to the National Cyber Security Center (NCSC). Only in 2022, 7.1 million malicious emails and URLs were reported to the NCSC – The equivalent of approximately 20,000 reports per day.
Kieran explained Hackers send fake emails and text messages to targets containing links to malicious websites or instructions to download software.
Once you click on one of these suspicious links, criminals are given a window to install malware on the victim’s device, which can steal data and even take control.
But despite the sophistication of computer viruses, hackers still need someone to follow a link to an exposed website or download files containing hidden malware.
“You need to be on the lookout for anyone who sends you something when you least expect it. Don’t click on suspicious links, don’t download suspicious files, and don’t fall for them.” Kieran concluded.
“Avid problem solver. Extreme social media junkie. Beer buff. Coffee guru. Internet geek. Travel ninja.”