It’s no secret or surprise that most of us carry
an entire suite of surveillance devices in our pocket.
But while most people assume this software and
technology is available only to the user to use (and abuse) many of us have
learned that bad actors have found ways to access those devices.
Through multiple means, software can secretly be
loaded onto your phone, tablet or computer that will allow all sorts of access
to your data, camera, location, and microphone.
The question is how these ‘viruses’ get onto
your devices and how to avoid falling victim in the future.
Dodgy Apps That Steal Your Data
If you’re reading this, there’s an excellent
chance you’re already hip to how seemingly simple software applications
downloaded from the internet can contain hidden programs designed to capture
private information and share it with unknown sources.
Perhaps the most famous of these were a flurry
of ‘flashlight’ apps that activated the LED next to the camera on your phone so
you could find your keys (and the lock) at three o’clock in the morning.
While these apps only appeared to turn a light
on and off, many were also making requests for access within your device that
can only mean they were harvesting private data.
According to some reports, many apps were requesting
an average of 25 five permissions in order to function, none of which were
required to activate the flashlight itself.
One app was downloaded and installed over 1
million times and had 76 requests to access contacts, camera, microphone and
other areas of your device you would rather not share with strangers.
Some requested to record audio, access contact
lists and even write to those contact lists.
At best, these apps were engaging in an
intrusion of privacy, sharing data with unknown recipients for unknown purposes
but at worst they might be actively monitoring everything you say, do and see.
Many phone operating systems now include a
flashlight app that does exactly what it claims but as hackers get more
sophisticated, malware can be found in all kinds of apps and on all platforms.
Android vs. OS X
It’s pretty clear that Android apps suffer a lot
more from malware since the process of adding new software to the Google Play
store is less stringent and has fewer checks than the Apple App Store, but
unexpected activity can be found on apps from both sources.
Malware is not only installed as part of another
app but can be injected onto your device if you click on a link or website that
can access vulnerabilities in your device.
Beware of any app, game or utility that contains
ads as your data or behaviour may be shared with companies providing the
developer with ad revenue.
And you should think twice before downloading
any app from any unknown developer.
Software For Both
Good And Evil
Injecting millions of phones with some form of
covert software is not just the pastime of small groups of hackers looking to
sell your data or watch you get dressed in the morning.
Governments around the world have been licensing
software that can access almost any phone.
This can be injected onto OS X devices using
previously unknown flaws in the operating system that allow the malware to be
secretly installed and gain full access to the device, even remotely.
This same software was also found on Android
devices and has been used by all kinds of users, from members of the
intelligence community to private companies all with seemingly good
justification.
But the software in question has already turned
up in several episodes that make its very existence a real concern for all of
us.
After journalist Jamal Khashoggi was murdered
and dismembered, investigating journalists found multiple attempts to place
this advanced form of surveillance software on phones belonging to people close
to Khashoggi, including his wife.
Whether or not they were successful is uncertain but phones were certainly targeted with links to inject this malware so it’s entirely feasible that Mr. Khashoggi’s own phone and those of his wife and close contacts played a part in his ultimate demise.
This same software is used globally to secure
secrets and trace targets and while the company that maintains the software
claims no responsibility, it is certainly offering a tool for both good and
evil.
It’s important to note that the software
providers denied any involvement in the Khashoggi affair and while this may be
true, their product can obviously be used for reasons they might never endorse.
Always Be Alert
The problem with breaking safeguards designed to
protect the privacy of everyday users is that once a tool is created for nation
states, the cracks that tool create in the general safety of a device and the
software operating within it can be far-reaching.
New and creative methods for circumventing
software protections are appearing every day.
While some are based on ingenious code with
concealed purposes, there’s one very common factor in almost all such breaches
of private security: You.
Flashlight apps with onboard malware only works
when people choose to download and install without really thinking about where
such apps come from.
Links to inject intelligence-gathering malware
only work when they are clicked without questioning who sent them, why, and for
what purpose.
How many times have you opened a link sent by a
friend without wondering if it might not be from who you think it is?
The problem is that even if you’re over-cautious,
there’s that one time you click without thinking because a nasty link appears
in concert with legitimate activity and seems to be part of another
conversation or communication.
Many people who get conned by opening a bogus
link to their bank do so because they were already in contact with their bank
and this link seemed to make sense at the time.
The people who sent that bad link probably sent
millions of emails and only need a few to get lucky either because the victim
is ignorant of their own online security or was just talking to the same bank
that was being spoofed in that dodgy email.
You’re Being Tracked Everywhere
So be aware that your personal, financial, and
live data might compromised at any time thanks to that expensive little spy in
your pocket.
Or perhaps by the
phones in your friends’ pockets, or on the poker table, or beside you on a plane,
or behind you in a coffee shop – or anywhere you might be in modern life.
I should probably say there’s no need to be paranoid,
but the truth is— there’s plenty of reason to be paranoid.
