I’m a professional hacker – and these are the 5 things that would allow me to crack into your smartphone within SECONDS
>
Many of us would feel lost without our smartphone in our hands, but what if that same device became a tool for criminals?
revealed Kiran Berg, Security Consultant at Prism Infosec The 5 common mistakes that could allow someone to hack your smartphone within seconds.
As a penetration tester – a legal hacker who tests companies' cybersecurity to find vulnerabilities before criminals do – Kieran knows what he's talking about.
He says simple mistakes, such as reusing passwords, clicking on fraudulent links, and sharing too much information on social media, can put you in a difficult situation.
Are you guilty of these security mistakes? Read on to find out.
Kiran Berg, Security Consultant at Prism Infosec, reveals the 5 common mistakes that could allow someone to hack your smartphone within seconds
As a penetration tester – a legal hacker who tests companies' cybersecurity to find vulnerabilities before criminals do – Kieran knows what he's talking about
1. Using outdated software
Kieran told MailOnline that one of the first things he and other hackers look for when preparing for an attack is outdated software.
“Outdated software is a really big problem, because if the software is updated, it's probably because there's a security issue,” he explained.
Software, whether it's your iPhone's operating system or the manufacturer's control system, often has some type of security vulnerability.
Although developers can quickly fix these issues, they are often shared online through forums and hacker communities.
If you don't update your software to include the fix, “people can come in and steal very sensitive information, and sometimes even take control of the software,” Kiran explains.
Kieran told MailOnline that one of the first things he and other hackers look for when preparing for an attack is outdated software
Vulnerabilities can take many different forms and allow criminals to cause serious disruption to businesses and individuals.
These attacks are often opportunistic as criminal groups scan online archives looking for outdated versions of software.
Kieran says the recent hack that hit the British Library was likely an opportunistic attack of this kind
To stay safe online, Kieran says you should “always make sure your software is up to date.”
2. Reuse passwords
Another common way hackers get your personal data, according to Kiran, is by exploiting reused passwords.
“No matter what site you give the information to, you don't know what they will do with it or how they will protect it,” Kieran told MailOnline.
He says the big risk of reusing passwords is that if one site you use is hacked, it could give hackers access to all your accounts.
“Once a company is hacked, a large database is usually dumped and placed on the dark web,” Kiran said.
The Dark Web is an encrypted part of the Internet that is inaccessible by regular search engines and which is often used to host criminal marketplaces.
In April this year, an international raid took down a hacker marketplace called Genesis Market, which the FBI claims provided access to more than 80 million account access credentials.
“There will be databases containing sets of usernames and passwords for your accounts,” Kiran said.
“If you're reusing passwords, a hacker could take that combination and use it to take over another company.”
Reusing passwords puts you at risk because your account credentials can be stolen and resold on marketplaces like Genesis Market, which AI took down earlier this year.
3. Giving too much information online
“On a personal level, for someone in their daily activities, one of the most important things people need to think about is how much information they share online,” Kiran said.
In “red teaming” — a cybersecurity term for testing a company’s defenses — one of the first places Kieran and his team look is social media.
“We can do almost anything to get into a company, but one of the tools we use is collecting data from social media,” Kieran explained.
“We search social media sites like LinkedIn to see what we can find.”
This may not only reveal usernames that can be linked to stolen account credentials, but it also opens the door to a whole host of other attacks.
One of the most malicious attacks this method exposes you to is a technique called “sim swapping” or “sim-jacking.”
Kiran explains that hackers will search the web for information like your date of birth, address, and even answers to common security questions like your mother's maiden name.
“Once you have all this information, you can use social engineering techniques to contact their mobile service provider and convince them to move the mobile number to a new SIM card,” he said.
Now, when a text or call arrives at a victim's phone, it goes directly to the attackers.
“Once you suddenly have access to all the multi-factor authentication sites that the person has signed up to,” he added.
This can include work email accounts, online shopping accounts, and even online banking.
“Whatever you put online you can no longer control, and if you're unlucky and all that information is linked, your identity could be partially stolen,” Kieran warned.
Revealing too much information online can put you at risk of Sim-Jacking attacks in which hackers move your phone number to a new SIM card to intercept your calls and messages (stock image)
4. Connecting to unprotected public networks
“In the last few years, remote work has become much more important,” Kiran said.
“A big part of that involves people going to coffee shops like Starbucks and connecting to their public WiFi network.”
The problem is that these types of public networks use a type of system called “open authentication” to connect your device to the web without having to use identity verification.
Although this makes it easier for you to quickly jump onto a coffee shop's WiFi network to send some emails, it also puts you at risk of attacks from cybercriminals.
Open authentication means that the data you send over the network is not encrypted and can be captured by anyone else on the network.
“It is possible that someone could be sitting outside a public WiFi network and just listening to what is being sent,” Kieran warned.
“They could be in a coffee shop or they may be using specialized equipment to increase the range at which they can listen on the network.”
“They can be hiding at a safe distance and then all they have to do is listen and wait.”
To avoid personal information such as banking details being stolen from public WiFi, Keiran recommends always using a VPN when in public places.
These services encrypt your data so that no eavesdropper on the network can read what you send.
On public WiFi, anyone could be listening in on the information you're sending, and waiting to steal sensitive information like banking details and passwords
5. Clicking on elusive links
Finally, Kieran says sending dodgy links is still the most common way people get hacked.
Phishing scams remain the most prevalent attack in the UK according to the UK's National Cyber Security Center (NCSC).
In 2022 alone, 7.1 million malicious emails and URLs were reported to the NCSC – the equivalent of about 20,000 reports per day.
Kiran explains that hackers will send fake emails and text messages to targets containing links to malicious websites or instructions to download software.
Once you click on one of these links, it gives criminals a window to install malware on the victim's device that can steal data and even take control.
But despite the sophistication of computer viruses, hackers still need someone to follow a link to a hacked website or download files containing hidden malware.
“You should be vigilant about anyone who sends you something you are not expecting,” Kieran concluded.
“Do not click on fraudulent links, do not download fraudulent files, and do not fall into their trap.”
(tags for translation) Daily Mail