Blog

Cybercriminals wait in the shadows of your smartphone, looking for vulnerabilities to unleash a stealth attack.

Now, the National Security Agency (NSA) has provided seven ways for iPhone and Android users to protect their devices and personal data.

The agency notes that these bad actors use WiFi networks, smartphone apps and other loopholes to conduct cyber espionage, steal identities and deploy ransomware.

Because of these flaws, officials are urging users to update their devices, turn off WiFi when in public, and implement other protocols to keep hackers at bay.

Statista reported that the data and personal information of 353 million people were compromised in the US last year, including breaches, leaks and exposures.

These findings have made it more important than ever to take steps to protect yourself from hackers breaking into your phone.

1. Update software and apps

The NSA advised users to update their smartphone software and apps to make the devices more secure.

Hackers find sneaky ways to break into phones by looking for loopholes in existing software, but with each update, companies remove any potential flaws they might have used to hack into your phone.

Taking this step is one of the best ways to prevent hackers from accessing your data, with the added caveat that it only works for some attacks, according to the NSA.

This method will stop cybercriminals from spying on calls, texts and data, and will block most phishing attacks where a cybercriminal sends targeted phishing emails to steal sensitive information such as login credentials.

This will also help prevent zero-click exploits, which involve the hacker downloading spyware onto smartphones without them ever clicking on a link.

2. Install apps only from official stores

Smartphone users should be careful when installing apps and make sure they are only downloaded from official stores like Google Play and the App Store.

Unofficial app stores include Aptoide, SlideMe, ACMarket and Amazon Appstore.

Hackers often create a fake version of a legitimate app that will give them full access to your device once it’s downloaded.

They can then install malware on your device and share your data with third parties.

By double-checking that the app and store are legitimate, you can prevent phishing and collect audio, video, calls, text, and data, as well as stop a hacker from accessing your device’s geolocation.

Google was forced to ban nearly 2.3 million apps from its Play Store last year alone and banned 333,000 bad accounts “for violations such as confirmed malware and repeated severe policy violations,” the company said in April.

This is a 60 percent increase from the previous year, when 1.4 million apps were banned from the Play Store and 173,000 accounts were banned.

Click here to resize this module

3. Turn off WiFi and Bluetooth

Android and iPhone users should also refrain from connecting to public WiFi networks.

But NASA warned that users connecting to external networks should turn off Bluetooth when not in use.

Hackers are constantly looking for vulnerabilities, and leaving WiFi on makes the device susceptible to “KRACK” attacks, also called a key re-installation attack.

This is a cyberattack that works by manipulating secure WiFi access via encryption keys to establish a secure connection that allows them to steal data over the network when they are in close range of their target.

Similarly, leaving your Bluetooth on can lead to a “BlueBorne” attack – where a hacker takes control of your device without any user interaction.

BlueBorne allows hackers to carry out cyberespionage, data theft or even a ransomware attack.

Public WiFi networks don’t have the same security that your home does, leaving your smartphone at serious risk of hackers stealing your identity and financial accounts.

Cybercriminals can set up WiFi networks that look similar to the one you want to use, such as “Cafe01” instead of “Cafe1”, in the hope that you’ll connect to it by mistake.

Once you’re online, hackers can use online victim profiling to steal your identity and download data from everything you enter online.

They can also install malware on your device that will allow them to continue to access your phone’s data even after you’ve disconnected from the WiFi network.

According to a 2023 Forbes survey, 40 percent of people surveyed said their personal information had been compromised while using public WiFi — mostly at airports, hotels or restaurants.

4. Use encrypted applications for voice, text and data

Encrypted voice, text, and data apps can help block hackers from accessing your personal information by converting your communications into code.

WhatsApp is one of the most popular encryption apps, followed by Telegram, which provides end-to-end encryption, a security method that keeps phone calls, messages, and other data private from everyone, including the app itself.

However, even encrypted apps are not 100 percent safe from attacks like WhatsApp, as they are vulnerable to zero-click exploits in 2019.

The exploit was triggered by a missed call, allowing the hacker to access the app and install malware on the device.

Zero-click attacks are among the most dangerous because the user does not have to click on a malicious link or download a compromised file for their data to be targeted.

Kevin Briggs, an official at the US Cybersecurity and Infrastructure Security Agency, told the Federal Communications Commission (FCC) earlier this year that there have been “numerous cases of successful, unsolved attempts” to steal location data from cellphones in USA.

The hackers also monitored voice and text messages and delivered spyware and delivered text messages from overseas to influence American voters, Briggs said.

5. Do not click on links or open attachments

The NSA warned Android and iPhone users not to open unknown email attachments and links in its mobile best practices document.

“Even legitimate senders can transmit malicious content accidentally or as a result of compromise or impersonation by a malicious actor,” the NSA wrote in the report.

Hackers can gain access to your personal information in one of two ways: by logging keystrokes or using Trojan malware.

Keylogging works like a stalker that tracks your every move, allowing them to access real-time information while you’re typing or surfing the web and other apps—even listening in on your phone calls.

The Trojan horse is invisible malware that is used to extract important data, including credit card account information and your Social Security information if it is saved on your phone.

“Being exposed to social engineering tactics, such as responding to unsolicited emails asking for confidential information, can lead to account compromise and identity theft,” Oliver Page, CEO of cybersecurity company Cybernut, told Forbes.

“These phishing attempts often impersonate legitimate entities, tricking individuals into revealing confidential details,” he continued.

“Trusting phone calls or messages without verification can have serious consequences as fraudsters manipulate victims into revealing sensitive information or taking actions that compromise their security.”

6. Reboot your device every week

Smartphones should be turned off and on once a week to prevent zero-click exploits and phishing.

If users do not reboot the system, a hacker can manipulate open URLs to execute code that installs malware on the device.

Shutting down the phone resets all open web pages and apps and logs out of bank accounts to prevent cybercriminals from gaining access to sensitive information.

This has the same result in a phishing attack as it removes the ability of hackers to send targeted phishing emails as they will not have access to your personal information.

A 2015 Pew Research study found that nearly half of all smartphone owners rarely or never turn off their cell phones, while 82 percent said they never or rarely restarted their phone.

Although restarting your phone only sometimes prevents attackers from accessing your data, it makes hackers work harder to break through your phone’s security.

“It’s all about imposing costs on these malicious actors,” Neil Ziering, CTO of the National Security Agency’s Cybersecurity Directorate, told The Denver Post in 2021.

7. Use a case to drown the microphone and cover the camera

Using a protective case to muffle the microphone and block out background sound can stop a “hot mic attack” in its tracks, the NSA said.

These cases have a built-in microphone muting system that prevents unwanted eavesdroppers from hearing your conversations through apps or an external cyber attack.

It’s also important to cover the rear and front cameras on both Android and iPhone because hackers can turn the mobile camera on and off and save media from your camera roll if they gain access to your phone.

You can cover the camera with a sticker, tape or camera cover built into the case to protect you from a hacker watching your every move.

How to tell if you’ve been hacked

There are some possible signs that indicate if your Android or iPhone has been hacked, such as if the camera light stays on even after you close the app, or it may turn on unexpectedly.

Other signs that you’ve been hacked include your battery draining faster than usual, if your phone runs slowly or heats up unexpectedly, and if apps suddenly close or your phone turns off and on seemingly on its own, according to security company, McAfee.

Users should also watch out for unrecognized text, data or unknown charges on your phone bill.