Mobile
11/29/2013
08:06 AM
100%
0%

Android Security: 8 Signs Hackers Own Your Smartphone

Security experts share tips on how to tell if attackers are in control of your Android smartphone.
Previous
1 of 8
Next

Searching for signs of Android infection

Image (derived) courtesy of Flickr user .RGB..
Image (derived) courtesy of Flickr user .RGB..

How can you tell if your Android smartphone or tablet been pwned?

That was the question recently posed by one InformationWeek reader, who suspected that her phone had been compromised by attackers. "I've only owned my Droid phone for two months and had a Trojan horse panic attack, and wiped my phone," she said via email.

Can you tell by observation alone if your Android device has been infected with malware? On Windows PCs, for example, some types of infections leave no signs at all. Conversely, some virus, malware, and Trojan infections -- as well as adware and spyware -- may slow systems to a crawl, begin redirecting browsers to arbitrary websites or search engines, trigger pop-up ads, block access to information security websites, disable security software, alter the user interface, or email everyone in your address book, leading to a flurry of outraged emails, bounce-backs, and warnings from recipients. 

As with some Windows infections, some types of Android malware might sport telltale signs of infection. For example, the reader -- who asked not to be named -- said she became concerned when a text message preview appeared on her lock screen, then mysteriously disappeared and couldn't be found. Perhaps not coincidentally, she'd also recently installed an app -- but not from the official Google Play store.

"What happened was I downloaded an app from a non-Play store site -- against my better judgment. Then not too long after I was looking at some article about security issues, and I had something really bizarro happen," she said. "A text notification with a partial preview flashed in my notifications bar and then vanished -- from a number not in my contacts. ... I went into my text messages app to try and read the full message, and it wasn't there. At that point I panicked and was convinced my phone must be hijacked -- even though nothing else seemed amiss -- and just wiped it." 

But was her phone infected? And if it was, how might other Android users spot a malware attack? Recent versions of the Android operating system, as well as mobile antivirus software, can help spot and block malware-infection attempts. But neither approach is infallible. So no matter which security tools you might be using, be sure also watch for the following telltale warning signs:

 

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
DennisC_VA
50%
50%
DennisC_VA,
User Rank: Apprentice
3/9/2015 | 5:03:25 PM
Good Advice from Mathew J. Schwartz
Beyond my earlier comment directed towards the other commenter and their issue involving text messages, I enjoyed reading this article and found Mathew's advice really solid.  After working in various support capacities for the past nineteen years, I have seen both "average" users with normal issues and "extreme" users with 'You did what?!?' issues.  If we can compare our Smartphones to our cars for a moment, the idea "hacking" the engine control module on a car sounds pretty intimidating to most people - sure, MAYBE it is possible to improve the mileage a little, but what is being risked in the process?  Also, if you return to the dealer or even a neighborhood auto mechanic with a car that has been "modified", do not be surprised when they refuse to work on it!  Similarly, is the cellphone carrier going to adopt a similar position IF something does not go smoothly with an altered Smartphone device?  There is risk and liability in everything we do, whether with our computers, Smartphones, other Internet-capable devices or even our cars; so it is really worth considering the true risks of having "fun" with Rooting a device versus the ultimate cost down the road.
DennisC_VA
50%
50%
DennisC_VA,
User Rank: Apprentice
3/9/2015 | 4:24:54 PM
Re: Specific texts were deleted from my phone.
It may be impossible to know for certain whether the phone's Operating System or Messaging capability has been compromised, and the longer you wait the more "damage" may be done.  If you think the phone is behaving in a manner inconsistent with its original 'Out-of-the-Box' (fresh from the store) behavior, I recommend performing the Factory Reset.  Only the user themselves can determine whether the value of past incriminating "evidence" is worth retaining versus the potential for future harm being done by an unauthorized person again using a compromised device.  This is pretty new territory for users of these devices and I suspect there are issues which may quickly exceed the major carriers' Technical Support services abilities.  Yes, they can take a report of suspicious behavor BY the device, but ultimately they are likely to instruct on performing the Factory Reset as a solution; it is simply the most effective way to deal with unknowns.  **NOTE: To preserve legally incriminating data on a Smartphone device, I think it would have to be powered off, have the battery removed and even go so far as to place it in a electromagnetically shielded pouch IF there is really "bad" stuff on it. **
GerardoF416
50%
50%
GerardoF416,
User Rank: Apprentice
2/15/2015 | 2:51:10 PM
I ben hack
I, ben hack I,m 100% I,no my phone is goin crazy whit my. Maseges voiz recordin I, do not what To do can enibati heelp
Ungerone
100%
0%
Ungerone,
User Rank: Apprentice
1/28/2015 | 10:19:18 PM
Specific texts were deleted from my phone.
A friend former friend of mine had sent me several sms texts that were very self incriminating.  Not  all texts have been deleted just specific ones.  From what I have read this is not possible unless you have physical access to the phone and that is just not possible.  The only thing wierd that has happened recently was an anonymous text that I received with no text in it.  When I tried to delete it it would not delete and it was after that that I noticed that the texts had been deleted. I have tried to use a few apps and pc based programs that are able to recover deleted texts from phones but non of them work as the Galaxy Mega that I have cannot be rooted.  So my question is, is it possible to delete texts that you have sent to another phone from your phone without ever having physical control of it and since texts seem to be recoverable from a sim card is it possible that the anonymous text that I received installed something that allowed the person to pick the texts that they wanted to delete but only those texts. if any of this is possible is there a way for me to scan my phone or sim card to find out if I have been hacked?  I know that I can do a factory reset on the phones to delete anything that may have been installed but I would prefer to find out what was done to allow this.  Not to mention if the sim card has been hacked to allow this I dont want it to start all over again even after a factory reset.  Any help from out there would be greatly appreciated.

 

Thank you for your time.

Ungerone
deviclock
50%
50%
deviclock,
User Rank: Apprentice
10/24/2014 | 9:16:44 AM
Re: More security tips for the Smartphones.
 Android security is vulnerable and is easily hacked by users of the Smartphone or IT specialists. Other apps have to be downloaded to protect your data against hacking. 

my device lock
FreeTipss
50%
50%
FreeTipss,
User Rank: Apprentice
8/6/2014 | 7:44:11 PM
More security tips for the Smartphones.
That's cool. You might want to check these 10 important Smartphone security Tips too.

http://freetipss.com/smartphone-security-tips-10-useful-tips/
RoopaL731
50%
50%
RoopaL731,
User Rank: Apprentice
7/25/2014 | 6:40:19 AM
secure android mobiles
this app http://hangoverstudios.com/mobileantitheft/  which helps you find lost phone's location and picture of thief.
mrhobbes
100%
0%
mrhobbes,
User Rank: Apprentice
7/9/2014 | 9:21:59 AM
Android Security needs to be increased
Nice article on Android Security, Mathew, Great work.

 

Android is more prone to malware impacts due to Google's loose developer agreement, you can check it on my blog post regarding the same topic http://goo.gl/LyLHse you can of course, give your opinion regarding the same.  If Google increases there security measure, then surely a lot of malware and PAU's can be avoided.
anon9673719294
50%
50%
anon9673719294,
User Rank: Apprentice
6/26/2014 | 2:37:51 AM
Interesting
I recently found a useful app in Amazon that not required any unnecessary permissions and store all your passwords - MyPasswords
pnally
50%
50%
pnally,
User Rank: Apprentice
12/12/2013 | 11:52:21 AM
I'm only seeing 7 "signs"
I'm only seeing 7 "signs" listed in the article...  Was it hacked?  ;)
Page 1 / 3   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.