Mobile Phone Security

IN Resources | 25/09/2012

A mobile phone today, is not just a device that is used to make calls. Plenty of services like browsing the internet, video calling, listening to music and watching videos, GPS (only in GPS enabled phones) and many more value added services are accessible on a mobile phone. High end mobile phones provide extra services that we might never even use. This has made this device a very reliable and convenient gadget to stay in touch with the rest of the world. Also the main reason which separates it from a regular landline (apart from colored displays and no extra wires) is its mobility. Our mobile phone follows us wherever we go. So apart from providing us all the essential services that it does, it also makes us more susceptible to surveillance and thus affecting our privacy. There are various functions in a mobile phone that can provide details of our private lives to unwanted parties. Such possibilities exist in terms of both the hardware and even software of our phone. There are possibilities of bugs physically attached to your phone for the sole purpose of spying on you. Although such tasks will always be carried out by professionals and you won’t be easily able to know that your phone has such bugs.

How is spying through mobile phones possible?
Spying on a mobile phone could mean anything from tapping into your calls to installing spyware (softwares that send private data like email information, phonebook contacts, etc to third parties), accessing your mobile contents through an unprotected Wi-Fi network. Mobile phone provides wide varieties of possibilities for spying or surveillance. There are tools in the form of hardware and software that can be used to retrieve and obtain data without the consent of the owner of the mobile phone. Spying or snooping on a mobile phone could be done through tapping (your cellular services), internet (Wi-Fi), MMS (installing ‘malware softwares’ or copying contact phonebook without user consent), viruses (that store and send private data to third parties and also harm the mobile phone) and geo-tagging in content like photos and videos.
How would you know if someone has tapped your mobile?
Practically, it is a very difficult task to find out whether your cell phone is being tapped. Always keep in mind that if the tapping is done by a professional such as the government agencies, then there is no sure way of knowing about the tap. But if other unauthorized parties are doing so, then these indications could help you figure out the tapping:
  • One of the major indicators which point to cell phone tapping is the static that you hear when you are on calls. It is normal to hear a static sound while on a call but if you seem to hear the static even after you have disconnected the call, means that your cell phone is tapped.
  • Observe and hear the static while you are on calls. If there is an odd but timely noise during calls, it can indicate a tap. You might hear odd clicks or beeps occurring at regular time intervals when you are on calls in such cases.
  • If you are on a call on your mobile phone for a long time or browsing the internet for long periods, it is perfectly normal for your phone to heat up. But if your phone seems hot even if you are not using for long hours, it is an indication that your phone is tapped.
  • If your phone restarts and lights up on its own, it could point to tap but it could mean something else as well. If the operating system of your phone has been infected then your phone might restart or light up on its own. But if both the hardware and software of your phone is perfectly fine, then it could mean that your cell phone is tapped. It could also indicate that spyware software might be installed in your phone without you knowing about it. Most spyware softwares for cell phones are designed to collect private data and send it to unwanted parties. In such cases try to limit the usage of internet browsing on your phone. Also try to avoid keeping your cell phone always connected to the internet.Phone battery could also indicate a tap. If your cell phone battery dies too soon and too often, try to replace it with a new one unless you have a new phone. If the new battery dies too soon and often as well, then your phone could be tapped.
What to do in case of physical bugs attached to your phone?
There are people or agencies that need to physically attach devices on or around you to spy on you. The best option for the spying parties is to attach a device to your mobile phone so that they can listen and track you at the same time. Using a mobile phone would also mean that you will use it as you move from location to location, so it becomes ineffective for the eavesdroppers to bug locations around you.
  • Go to a known professional who specializes in mobile technology.
  • In case you wish to personally check your phone, look for an odd device that seems to look detachable from the phone or looks to be manually stuck to the phone.
  • Remember, except the SIM card, memory card and battery, nothing else should be or look like a detachable device.
What is the legal view regarding mobile surveillance?
If someone is spying on you using your mobile phone, it is illegal as long as it is not a government authorized surveillance which that has been authorized by a court. Indian constitution guarantees under Article 21: “No person shall be deprived of his life or personal liberty except according to procedure established by law.” ‘Personal liberty’ includes ‘Right to Privacy’. So if someone is illegally spying on you via your mobile phone, that person can be tried under law. Only nine government agencies are allowed to tap into phones of people. No other agency or organization can tap phones. Let alone tapping, they can’t even ask for the permission of tapping phones. The authorized agencies that can tap phones include IB (Intelligence Bureau), RAW (Research & Analysis Wing), the Income Tax department, Narcotics Control Bureau and state police forces. The data and records collected through tapping by these authorized agencies has to be protected and not to be distributed in public domain. But there are instances where the tapping was done by an authorized agency, but unauthorized people gained access to those records, such as in the case of the Radia tapes.
What are the major kinds of threats?
As new technologies develop for phones, mobile phone security becomes increasingly essential. It is of particular concern as it relates to the security of personal information which is now stored on smart phones. Just like computers, phones are preferred targets of attacks. There are several elements of your phone that make it vulnerable to surveillance. 
These include:
  • SMS (text messaging)
  • MMS (multimedia messaging)
  • Wifi Networks
  • Geo-Tagging
We are using different types of phones which differ in shapes, sizes, features, technology, style and manufacturers. Phones range from simple ones that are capable of making just phone calls, to currently trending smartphones. But with more features comes more room for security risks. Smartphone users are exposed to variety of threats in addition to call based threats. Smartphones are used to store data which is at risk for being exposed to attacks. This data could be sensitive data like your credit card information, your personal phone contacts (including backups of contacts).
How can SMS pave way for threats?
It must be hard to imagine that even through SMSs; your phones’ security could be compromise your security. But the harsh truth is that it is true. Especially among smartphone users these risks are increased.
There are times you might receive SMSs telling you to click on a link (embedded in the SMS) that opens up your web browser of your phone. Many times these links have been known to point to malicious websites that are designed to harm the security of your phone.
What to do in case of snoopy SMSs?
  • Do not follow links embedded in a SMS.
  • Do not reply to messages where the number of the sender is not listed. recommends minimum usage of SMS if you wish to counter surveillance.
According to Mayank Aggarwal in an article, data stored on phones including contact registries have been known to be compromised during such threats like the famous YXES sms worm in 2009. In the same year at a BlackHat conference, mobile security experts were able to take control of an iPhone by first sending it an SMS.
SMSs can even trigger shutdown of phones.
How do MMS-based threats work?
MMS service supports wider variety of media files that can be sent to users over mobile phones. With Multimedia Messaging Service you have the ability to send additional attached files with every MMS you send. This feature has been used by hackers to attack phones.
Usually these files are known to be attached with a virus and once the receiver opens the attachment, the phone gets infected.
Almost every time such a security threat has occurred, virus infecting the recipients’ phones has been known to send SMSs to all the contacts saved in the address book of the phone. Therefore opening attachments with MMSs you receive must be opened with precaution.
What to do in case of receiving MMSs?
  • Do not follow links attached in an MMS
  • Do not save or open pictures or videos in an MMS if sent by an unknown user.
  • Do not install software that may open up as a prompt after receiving an MMS.
What kind of Wi-Fi based security threats are there?
Smartphones can be regarded as personal computers with pocket size portability. They are also equipped with another feature; ability to connect to wireless networks. So simply put, the threats that you think might possibly affect your computer or a laptop, can also be threats to your smartphone. Now there are phones which might not be considered smartphones but are still equipped with Wi-Fi features.
Having a Wi-Fi means, you can connect to free Wi-Fi networks in coffee places or fast food restaurants. This creates a further risk of eavesdropping into your phone at the place where you are connected to the open network. Bluetooth enabled devices can be used to send or receive messages from and to your phone. The open Wi-Fi network also makes it easy to hack into phone and there is always a possibility that a professional hacker might just be having a cup of coffee at the same place that you are at.
So when should you use this feature carefully?
  • Always try to use secure wireless networks for using internet on your phone.
  • Do not join open Wi-Fi networks.
  • Always try to avoid browsing sites that require your personal and financial information while using a free and open Wi-Fi network.
  • If you are using an open Wi-Fi network, always make sure that you are browsing secure sites whose addresses start with https://... Instead of just http://...
  • Try to use your 3G or 2G connection of your phone instead of open Wi-Fi networks.
  • Do not get excited to see free Wi-Fi networks and connect to them if you don’t want to compromise your phone data and security.
What is Geo-Tagging and how is it a risk for privacy?
Content like photos and videos also contain metadata information. Metadata is often referred to as “data about data”. It is used to store and view properties of content like photos, videos and web pages. Metadata for a photo may contain information like height and width of the photo, date of when the photo was taken, place or location where the photo was taken, the camera with which the photo was taken and also information like color, brightness and contrast settings of the photo. Metadata information is automatically or manually attached to such content.
Geo Tagging is a metadata which stores the location, where the photo or video was taken. Content like photos and videos are often uploaded and shared by us on websites and to other people on social networks. This metadata information can be used to keep a check on you of the locations that you have visited when you took such photos or videos. For the Geo-Tagging feature to work, GPS hardware is required in a mobile phone.
We are currently equipped with GPS-equipped smartphones which have the potential to tag or associate our ‘geographical locations’ to content like photos, videos or even activities on social networks. Many of us don’t even realize it that our locations are tagged with each of our social activity on social networks or photos and videos that we upload. Internet websites make money from information and the ‘information’ includes private information of people (of YOU!). Apps, websites, softwares, service providers and many other parties are always working to create content by which they are also able to obtain customer information and this customer happens to be you. This helps these companies in providing ads based on your personal information which includes your location. So you must always be alert about what apps you use and how you present yourself online.
How to protect yourselves from threats of Geo-Tagging on privacy and surveillance?
Different platform (iOS, Android, Windows, Blackberry) based phones have different ways of turning off Geo-Tagging.
For iOS (Apple):
Go to ‘Settings’ à General à Location Servicesà Turn ‘off’ (for each service that you want)
For Windows phones:
Go to ‘Settings’ à Application à Pictures & Camera à Keep location information on uploaded pictures (OFF) + “Include location (GPS) information on pictures you take” (OFF)
For Android:
Start Camera App à Slide open the menu à Settings à Geo Tag photos (OFF)
For Blackberry:
Start Camera à Menu à Options à Disable GeoTagging.
Useful Links:
Subscribe To The Newsletter
The new term for self censorship is voluntary censorship, as proposed by companies like Netflix and Hotstar. ET reports that streaming video service Amazon Prime is opposing a move by its peers to adopt a voluntary censorship code in anticipation of the Indian government coming up with its own rules. Amazon is resisting because it fears that it may alienate paying subscribers.                   

Clearly, the run to the 2019 elections is on. A journalist received a call from someone saying they were from Aajtak channel and were conducting a survey, asking whom she was going to vote for in 2019. On being told that her vote was secret, the caller assumed she wasn't going to vote for 'Modiji'. The caller, a woman, also didn't identify herself. A month or two earlier the same journalist received a call, this time from a man, asking if she was going to vote for the BSP.                 

View More