Does your phone unlock itself? It may have been hacked, experts warn

US
By James

Hackers can now unlock phones remotely using a terrifying new technique, experts warn.

NordVPN has urged phone users to step up their security amid an increase in ‘GhostTouch’ attacks that allow criminals to take control of a device remotely.

Attacks use electromagnetic signals to simulate tapping on a touchscreen, meaning malicious users can secretly access personal information or even install malware.

Libraries, cafes and public lobbies are considered prime targets for this form of attack, with users often unaware of what is going on.

NordVPN’s Adrianus Warmenhoven said: ‘Unfortunately, the most common places for touchscreen hacking are public places like libraries, cafes or conference lobbies, where people put their smartphones upside down on the table.

NordVPN has urged phone users to increase security in the face of GhostTouch attacks

HOW TO PROTECT YOUR PHONE AGAINST AN ATTACK

  1. Device security: Ensure passwords are secure and add advanced security measures to accounts. This can be facial recognition, pins and even fingerprints.
  2. Update your phone: Updates often include vital security enhancements to manage device vulnerabilities.
  3. Anti-malware software: Installing device security software will not prevent an attack from happening. However, it prevents criminals from installing malware on a device if it is used.

Source: NordVPN

“The attackers prepare the equipment under the table in advance and launch the attack from a distance. The user may not even notice that his gadget has been hacked.’

GhostTouch attacks can occur from a distance of up to 40mm, requiring hackers to know the make, model and passcode of the device.

While criminals often find passwords on the dark web, many simply resort to personally spying on a phone user.

Specialized equipment is then set up to send out well-tuned electromagnetic signals that interfere with the phone’s usual behavior.

In public, this is often hidden under a table in close proximity to the intended victim.

Hackers can then inject fake touch points into a screen, simulating the usual swipes and taps of a phone.

So far it has been proven to work on nine phone models including iPhone SE (2020), Samsung Galaxy S20 FE 5G, Redmi 8 and Nokia 7.2.

Not only can hacked devices unlock themselves, but criminals can even answer calls on behalf of the user.

Website URLs can also be accessed randomly as hackers look at banking details and other personal information.

NordVPN adds that attackers can also attempt man-in-the-middle attacks from a compromised device, manipulating communications between parties.

Any unusual Bluetooth or Wi-Fi connection can be a sign of this, with criminals often using a Bluetooth mouse to take control.

Jake Moore, a Global Security Advisor at ESET added, “This highly sophisticated attack is likely to only be used against targeted people in very specific circumstances. However, it remains important to remain vigilant for these attacks and to be aware of the increasingly smart ways cybercriminals operate.

GhostTouch attacks use electromagnetic signals to access a phone up to 40mm away

GhostTouch attacks use electromagnetic signals to access a phone up to 40mm away

While this technique can only activate target devices as close as 4 cm away, it highlights the potential of such new technology that allows threat actors to attack remote devices. While this seems very unlikely now, the process used has the potential to be improved in the future, allowing this tactic to be used from greater distances.”

To protect yourself, NordVPN recommends putting an extra security wall on phones.

In addition to a secure password, this could include using facial recognition, fingerprints or pins from the banking app to lock out criminals.

Keeping phones up to date can also help, says NordVPN, as packages often include extra features to help keep a device secure.

You can protect yourself against touchscreen attacks in a number of ways, from adding more security to your phone to being more vigilant in public places. Don’t leave your phone unattended, you will significantly reduce the chance of it being hacked,” Warmenhoven added.

Finally, software like NordVPN’s Threat Protection can prevent hackers from installing malware on a device, even though it cannot prevent an attack itself.

READ MORE: I’m a cybersecurity expert – these are the common mistakes that allow hackers to crack your passwords in SECONDS

Dropping numbers, symbols, and letters into your passwords can help convince you that your online accounts are safe.

Still, cybersecurity experts have warned that a six-character password that contains all of these attributes can be instantly cracked by hackers.

New research from Hive Systems shows that hackers can crack your password in seconds – even if it’s more than 10 characters long.

This is up to eight times faster than last year, which the researchers attribute to technological progress.

“The time has finally come when passwords are no longer secure in themselves,” said Alex Nette, CEO and co-founder of Hive Systems.

Hackers can now crack complex passwords eight times faster than last year, findings show (MD5 uses a generator)

Hackers can now crack complex passwords eight times faster than last year, findings show (MD5 uses a generator)

You might also like More from author