Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/29/2013
08:06 AM

Android Security: 8 Signs Hackers Own Your Smartphone

Security experts share tips on how to tell if attackers are in control of your Android smartphone.
2 of 8

Image (derived) courtesy of Flickr user espensorvik. 


Odd charges on cellphone statements 

Not all malware will linger after infecting devices, especially if it has a financial bent. 'Some of the malware is opportunistic, and the installer is basically a wrapper for free Angry Birds,' said Sean Sullivan, security advisor at F-Secure Labs, via email. 'The installer has you submit to a EULA that says you will subscribe to an SMS subscription, then it installs the free version of Angry Birds that you can download for free.'  

What users may end up with, of course, is not just the free version of Angry Birds, but also a financial hit in the form of SMS messages sent to premium numbers and billed to their account. These SMS scams are much more prevalent in China and Eastern Europe than in the United States, where Android users are more likely to encounter Trojan apps or fraud attempts based on social engineering, rather than texts to premium SMS numbers.  

If consumers spot strange charges, their best strategy is to give their operator a call and say, 'Can you please tell me what these charges are?'' said Marc Rogers, principal security researcher at mobile security firm Lookout, speaking by phone. Likewise, don't be afraid to call your bank if you think you may have been exposed to a banking Trojan.
Image (derived) courtesy of Flickr user espensorvik.

Odd charges on cellphone statements
Not all malware will linger after infecting devices, especially if it has a financial bent. "Some of the malware is opportunistic, and the installer is basically a wrapper for free Angry Birds," said Sean Sullivan, security advisor at F-Secure Labs, via email. "The installer has you submit to a EULA that says you will subscribe to an SMS subscription, then it installs the free version of Angry Birds that you can download for free."

What users may end up with, of course, is not just the free version of Angry Birds, but also a financial hit in the form of SMS messages sent to premium numbers and billed to their account. These SMS scams are much more prevalent in China and Eastern Europe than in the United States, where Android users are more likely to encounter Trojan apps or fraud attempts based on social engineering, rather than texts to premium SMS numbers.

If consumers spot strange charges, their best strategy is to give their operator a call and say, 'Can you please tell me what these charges are?'" said Marc Rogers, principal security researcher at mobile security firm Lookout, speaking by phone. Likewise, don't be afraid to call your bank if you think you may have been exposed to a banking Trojan.

2 of 8
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
Laurianne
33%
67%
Laurianne,
User Rank: Apprentice
11/29/2013 | 9:19:36 AM
Smart Android tips
Great tips on Android pawnage, Mat. Anyone want to share your earliest clue your Android was in hacker hands?
IamWayne
67%
33%
IamWayne,
User Rank: Apprentice
11/29/2013 | 9:54:44 AM
MISCONCEPTION
Some of this is good information. However, the part about as you call it "jailbreaking", in Android it's called rooting. That does NOT make your phone vulnerable. That is a LIE that has been perpetrated by those in the media who do not have a clue. There are many advantages over rooting your Android phone as apposed to leave the malicious mobile carrier bloatware on it. Please research your articles and stop mis-leading the public with misconceptions.
Mathew
100%
0%
Mathew,
User Rank: Apprentice
12/2/2013 | 5:45:57 AM
Re: MISCONCEPTION
Thanks for the terminology catch, IamWayne (brain freeze on my part); yes jailbreaking an Android is usually known as rooting it.

In terms of rooting your phone making it more vulnerable to attack, I respectfully disagree. Rooting your phone means that more apps will be able to run with root-level privileges. This increases the chance that your device can be compromised, or that a compromise will have more severe repurcussions. 

The caveat, of course, is that if you know what you're doing, then your risks likely decrease. Likewise, it's great to nuke the bloatware installed by carriers. But the takeaway is that if you don't know what you're doing, then you're probably better off not rooting your phone.

In terms of the risks of rooting being a lie "perpetrated by those in the media," as indicated in my piece, this analysis comes via Marc Rogers, principal security researcher for mobile security firm Lookout. His analysis, by the way, is not an outlier.
Aroper-VEC
50%
50%
Aroper-VEC,
User Rank: Apprentice
12/2/2013 | 10:31:04 PM
Re: MISCONCEPTION
Jailbreaking and rooting are synonymous. This is because of the nature of the action. Technically speaking, you use root access to jailbreak a device running iOS. It is only called "rooting" in Android because they want to be different than anything having to do with Apple but, the sum result is the same. When jailbreaking an iOS device in order to unlock the device and load a "clean" or alternate version of the OS and to get rid of bloatware you are doing the same thing in Android. The term is irrelevant since the process and the result are the same.
anon6601743669
50%
50%
anon6601743669,
User Rank: Apprentice
12/11/2013 | 9:10:33 PM
Re: MISCONCEPTION
Jailbreaking is an iOS term because Apple keeps iSheep in jail as it where with the locking down of the OS.  Rooting on the Android side is from the Linux world, which basically means you gain root access of the OS.
sjennison
50%
50%
sjennison,
User Rank: Apprentice
12/9/2013 | 8:19:59 PM
Re: MISCONCEPTION
Agreed. In fact, custom ROMs are generally more secure, due to constant updates(nightly, weekly, or monthly, depending on the developer). That is assuming, of course, your ROM dev is fast on their updates.

In fact, the major "master key" exploit, which is one of the biggest security holes, was patched by Cyanogenmod long before the vast majority of manufacturers got around to fixing it.

http://www.ubergizmo.com/2013/07/cyanogenmod-10-1-2-fixes-android-master-key-exploit/

Also, generally rooting allows you to do things like fix the security holes in the system. Rooting installs a root control app (Superuser/SuperSu, etc) that restricts access to only apps the user allows. While the device can still be comprimised using privledge escalation vulnerabilities just like any other device, rooting will not make your device insecure. The very fact that a device can be rooted using exploits means it is inheirently insecure due to those same exploits. A malicious piece of software could exploit them just as easily. Rooting doesn't change that, unless you go deeper and actually fix the hole (assuming you can). Hence where custom ROMs come in - when a vulnerability is found, they release patches in less than a month. The only other OEM who comes close to that speed is Google. Nearly every other manufacturer takes months if not years to push an update through to end users.
J_Brandt
50%
50%
J_Brandt,
User Rank: Apprentice
11/29/2013 | 3:12:51 PM
You Can't Fix Stupid
Some great tips.  Sadly many of the people I know who download apps on a whim, who don't bother to read the service agreements, would not have the gumption or ability to dig deep to find any patterns or issues.  To quote Ron White, "you can't fix stupid."  They might notice the battery drain :)
shakeeb
0%
100%
shakeeb,
User Rank: Apprentice
11/30/2013 | 12:29:00 PM
Re: You Can't Fix Stupid
Great article. However as per the reading I have done, security features are built into the operating system itself to reduce the frequency and impact of security issues.
shakeeb
100%
0%
shakeeb,
User Rank: Apprentice
11/30/2013 | 12:36:39 PM
Re: You Can't Fix Stupid
Furthermore as an additional feature, appropriate protocols are used to protect sensitive data at the network level.
Lorna Garey
100%
0%
Lorna Garey,
User Rank: Ninja
12/2/2013 | 10:36:22 AM
Re: You Can't Fix Stupid
That's certainly true about stupid, and that some people download shady apps on a whim. However, legit apps ask for so many permissions now that I think the average user gets numb to it. I can see why a couponing app needs location data, but why does a game need to know if I'm at a mall?

App makers should stop with the "permissions bloat" -- that would be a big step toward helping people be more aware and selective. But given retailers' and vendors' hunger to collect more and more data, will that bloat reduction ever happen? Color me skeptical.
elysian
50%
50%
elysian,
User Rank: Apprentice
11/30/2013 | 8:31:57 AM
You Don't Jailbreak Android: You ROOT It.
Jailbreak is for iOS.
krishel67801
100%
0%
krishel67801,
User Rank: Apprentice
12/5/2013 | 2:47:00 PM
google aps
Google Play Store is malware in itself.  I have numerous aps that require play store services to be activated.  Play store then accesses your phone whenever it wants to.  Also play store will not allow aps that block advertising to be obtained thrrough them.  Another good reason for rooting your phone.  Take control away from google.
WayneT637
50%
50%
WayneT637,
User Rank: Apprentice
12/10/2013 | 12:47:36 AM
The Benefits of Rooting-
The first benefit of accessing administrator privileges over Android is full control over the applications installed on your handset. No longer do you have to suffer from the cluttered app drawers and reduced memory space taken up by pre-installed carrier and manufacturer applications, you can instantly cut the bloatware and keep only the apps that you really want.

Even if you're up to date with Android 4.1 or above, which grants users the ability to disable these pre-installed apps if you don't want to see or use them, you can't permanently remove them, they're still there eating up your memory space. Rooting is the only way to permanently get rid of these pesky apps, but please don't uninstall something crucial or your handset may stop working properly. Apps like Titanium Backup are particularly helpful for organising and culling this bloatware.

 

This brings me nicely on to the next major benefit of Android, improved backup and restore options. As already mentioned, Titanium Backup is one of the most popular backup apps used by rooters, and this, or a similar app, is essential if you're going to start tinkering around with Android software. But as well as acting as a safety net in case you uninstall something important, Titanium Backup can also be used to backup your user data, from SMS messages to browser bookmarks.

ClockworkMod Recovery Backup Cropped
ClockworkMod Recovery offers superior protection against faulty updates and bricking your handset.
Even better still, once rooted you can create complete backups of your entire handset using the ClockworkMod Recovery option, providing you with extra protecting in case of a major malfunction. Recovery can only be accessed before booting into Android, but it provides additional backup options in case, for whatever reason, Android fails to boot properly or experiences a crippling error. This makes ClockworkMod Recovery an essential tool for those looking to install custom versions of Android.

Once you're fully backed up you're ready to move up to one of the other major perks of rooting, installing different versions of Android.

We all know that manufacturers are often pretty slow at delivering the latest Android offerings even to their flagship handsets, let alone aging devices. So if you're not a Nexus or Play Edition device owner, rooting opens the door to much faster Android updates, thanks to the developers who put time into porting the latest updates to various handsets.

Pretty much every semi-popular handset has a decent following of developers working on porting the latest versions of Android to their handsets, most of which can be found over on the XDA Forum. The only sacrifice here is that you won't receive official manufacturer versions of Android, so no updated Touchwizz or Sense5 features, but if we were really too worried about that we probably wouldn't be rooting in the first place.

 

If stock Android isn't your thing, there are also tons of other customized ROMs offering unique features and improvements to the default Android experience.

AOSP has given us so many custom ROM's, and has extended the lifespan of many an Android.
AOSP has given us so many custom ROM's, and has extended the lifespan of many an Android handset.
I'm sure you've all heard of the biggest names, CyanogenMod, Paranoid Android, MIUI to name just a few of the most popular ones. Many custom ROMs are actually at the forefront of innovation on Android, offering several features that aren't available anywhere else. Paranoid Android's Halo feature or OmniROM's multi-workspace mode are just a couple of examples.

But as well as these big third party developments, you'll also find a lot of smaller developers tweaking away at the core Android experience, offering ROMs with vastly superior battery life or overclocked processor speeds. Not to mention that most custom ROMs are updated to the latest version of Android very quickly too, bringing you the best of both worlds.

As rooting opens up administrator type privileges on your handset you'll instantly have access to all the core files on your handset. File browser apps can take full advantage of this, allowing you to move stuff around on your internal memory if so require.

App wise, we've already touched on Titanium Backup, but there are far more apps that can make use of root permissions, and simply aren't available with a non-rooted device. The speed junkies among you could take advantage of overclocking software to boost performance or save on battery life, providing that your Kernel supports overclocking. Alternatively, fans of custom ROMs can use a ROM manager to install and update their operating system without the need to flash zip files from Recovery.

Rooting is sometimes criticized for compromising handset security, but security apps, such as Cerberus, use root functions to bury themselves deep down into the operating system, making them hard for would be thieves to remove. These apps can also be granted permissions that aren't available on unrooted devices, such as access to GPS data even when the device is locked.

There's also additional gesture apps, data syncing software, and even theme managers to customize the look of your handset.
AnthonyT219
50%
50%
AnthonyT219,
User Rank: Apprentice
6/1/2016 | 6:03:30 PM
Re: The Benefits of Rooting-
Hi is Titanium Backup for pc's too? Cause my pc with Windows 10 has gotten malware and probably trojans that none of my software is finding, and i need to back up certain files before having a computer tech clean up my pc and reinstall Windows 10, unless there is great software i can buy to find thealware and trojans and wipe them off my pc, please help.
pnally
50%
50%
pnally,
User Rank: Apprentice
12/12/2013 | 11:52:21 AM
I'm only seeing 7 "signs"
I'm only seeing 7 "signs" listed in the article...  Was it hacked?  ;)
anon9673719294
50%
50%
anon9673719294,
User Rank: Apprentice
6/26/2014 | 2:37:51 AM
Interesting
I recently found a useful app in Amazon that not required any unnecessary permissions and store all your passwords - MyPasswords
mrhobbes
100%
0%
mrhobbes,
User Rank: Apprentice
7/9/2014 | 9:21:59 AM
Android Security needs to be increased
Nice article on Android Security, Mathew, Great work.

 

Android is more prone to malware impacts due to Google's loose developer agreement, you can check it on my blog post regarding the same topic http://goo.gl/LyLHse you can of course, give your opinion regarding the same.  If Google increases there security measure, then surely a lot of malware and PAU's can be avoided.
RoopaL731
50%
50%
RoopaL731,
User Rank: Apprentice
7/25/2014 | 6:40:19 AM
secure android mobiles
this app http://hangoverstudios.com/mobileantitheft/  which helps you find lost phone's location and picture of thief.
AnthonyT219
50%
50%
AnthonyT219,
User Rank: Apprentice
6/1/2016 | 5:46:59 PM
Re: secure android mobiles
Lookout is also a pretty good app too, you can even log onto it from a pc or anyother web capable device to know where your phone is if it gets stolen, and i also suggest locking the screen with either a passcode or the pattern lock.
FreeTipss
50%
50%
FreeTipss,
User Rank: Apprentice
8/6/2014 | 7:44:11 PM
More security tips for the Smartphones.
That's cool. You might want to check these 10 important Smartphone security Tips too.

http://freetipss.com/smartphone-security-tips-10-useful-tips/
deviclock
50%
50%
deviclock,
User Rank: Apprentice
10/24/2014 | 9:16:44 AM
Re: More security tips for the Smartphones.
 Android security is vulnerable and is easily hacked by users of the Smartphone or IT specialists. Other apps have to be downloaded to protect your data against hacking. 

my device lock
Ungerone
100%
0%
Ungerone,
User Rank: Apprentice
1/28/2015 | 10:19:18 PM
Specific texts were deleted from my phone.
A friend former friend of mine had sent me several sms texts that were very self incriminating.  Not  all texts have been deleted just specific ones.  From what I have read this is not possible unless you have physical access to the phone and that is just not possible.  The only thing wierd that has happened recently was an anonymous text that I received with no text in it.  When I tried to delete it it would not delete and it was after that that I noticed that the texts had been deleted. I have tried to use a few apps and pc based programs that are able to recover deleted texts from phones but non of them work as the Galaxy Mega that I have cannot be rooted.  So my question is, is it possible to delete texts that you have sent to another phone from your phone without ever having physical control of it and since texts seem to be recoverable from a sim card is it possible that the anonymous text that I received installed something that allowed the person to pick the texts that they wanted to delete but only those texts. if any of this is possible is there a way for me to scan my phone or sim card to find out if I have been hacked?  I know that I can do a factory reset on the phones to delete anything that may have been installed but I would prefer to find out what was done to allow this.  Not to mention if the sim card has been hacked to allow this I dont want it to start all over again even after a factory reset.  Any help from out there would be greatly appreciated.

 

Thank you for your time.

Ungerone
DennisC_VA
100%
0%
DennisC_VA,
User Rank: Strategist
3/9/2015 | 4:24:54 PM
Re: Specific texts were deleted from my phone.
It may be impossible to know for certain whether the phone's Operating System or Messaging capability has been compromised, and the longer you wait the more "damage" may be done.  If you think the phone is behaving in a manner inconsistent with its original 'Out-of-the-Box' (fresh from the store) behavior, I recommend performing the Factory Reset.  Only the user themselves can determine whether the value of past incriminating "evidence" is worth retaining versus the potential for future harm being done by an unauthorized person again using a compromised device.  This is pretty new territory for users of these devices and I suspect there are issues which may quickly exceed the major carriers' Technical Support services abilities.  Yes, they can take a report of suspicious behavor BY the device, but ultimately they are likely to instruct on performing the Factory Reset as a solution; it is simply the most effective way to deal with unknowns.  **NOTE: To preserve legally incriminating data on a Smartphone device, I think it would have to be powered off, have the battery removed and even go so far as to place it in a electromagnetically shielded pouch IF there is really "bad" stuff on it. **
GerardoF416
50%
50%
GerardoF416,
User Rank: Apprentice
2/15/2015 | 2:51:10 PM
I ben hack
I, ben hack I,m 100% I,no my phone is goin crazy whit my. Maseges voiz recordin I, do not what To do can enibati heelp
DennisC_VA
50%
50%
DennisC_VA,
User Rank: Strategist
3/9/2015 | 5:03:25 PM
Good Advice from Mathew J. Schwartz
Beyond my earlier comment directed towards the other commenter and their issue involving text messages, I enjoyed reading this article and found Mathew's advice really solid.  After working in various support capacities for the past nineteen years, I have seen both "average" users with normal issues and "extreme" users with 'You did what?!?' issues.  If we can compare our Smartphones to our cars for a moment, the idea "hacking" the engine control module on a car sounds pretty intimidating to most people - sure, MAYBE it is possible to improve the mileage a little, but what is being risked in the process?  Also, if you return to the dealer or even a neighborhood auto mechanic with a car that has been "modified", do not be surprised when they refuse to work on it!  Similarly, is the cellphone carrier going to adopt a similar position IF something does not go smoothly with an altered Smartphone device?  There is risk and liability in everything we do, whether with our computers, Smartphones, other Internet-capable devices or even our cars; so it is really worth considering the true risks of having "fun" with Rooting a device versus the ultimate cost down the road.
LiveMsic
50%
50%
LiveMsic,
User Rank: Apprentice
5/14/2015 | 7:50:33 PM
Re: Good Advice from Mathew J. Schwartz
The answer is, of course it is.
LTCassity
50%
50%
LTCassity,
User Rank: Apprentice
3/19/2016 | 2:56:49 PM
Re: Good Advice from Mathew J. Schwartz
I have a android phone and have a hacker which has control of my fb and email accounts. every time I make a new account in either place they change the pasword so I cannot re-enter. I believe that they have my IP address and I am getting a new phone which I hope helps. any good advice guys.
AliciaT583
50%
50%
AliciaT583,
User Rank: Apprentice
4/29/2016 | 3:28:55 PM
no longer in control of my own phone
Your article is so my situation atm. My partner is a victim of fraud,(online purchase) leaving e-bay (the add site) & dealing with seller via e-mail, opened the porthole, 1of the 1st emails flashed an R rated pic of my partner of course we couldn't find it. Worried we used mine. I then installed an app from Google play, to help sort my "phone's issues" im not a tech savvy person. From then on it got worse. My phone became rooted, csc files were modified & my phone controlled by? I have that green man, he controls all my apps wifi email F/B. So factory reset 4 me. It took me 2yrs to "get with the times" & enjoy my Samsung & not hate technology, I have all information written down on good old paper. I will get re-connect my smartphone life but I will be smarter in my protection. This incident has devastated me, I want to track this down & stop it. I am posting my story everywere!!
AnthonyT219
50%
50%
AnthonyT219,
User Rank: Apprentice
6/1/2016 | 6:12:08 PM
pc malware and trojans
Hi everyone, My PC has gotten malware and trojans on it that my virus software is not detecting and wiping out, Is there software on the market that may be able to find and wipe it off my PC? Oh and is Titanium backup for pc's too?
RaimeV632
50%
50%
RaimeV632,
User Rank: Apprentice
9/14/2016 | 12:08:34 PM
Boyfriends phone hack
Ok so my boyfriend had his phone hacked I'm pretty sure due to him receiving notifications on lock screen but then nothing being there and his phone being really really slow. And battery low all the time. But not only that when he was pushing a button in chrome it copied something and he pasted into a file or something and his phone started copying when hurting a button. When he would paste it random things would appear. He is thinking that everything that was pasted was pics and message clips off his phone. But I am thinking these items were never from his phone. Would you know and what does he do about this hack?
gtjonzer
50%
50%
gtjonzer,
User Rank: Apprentice
6/29/2020 | 2:36:14 PM
Android phone hacked
I have a question regarding my phone possibly being owned.. I believe that by downloading images on browsers that someone has hijacked my phone. Sometimes I find unfamiliar tabs when opening browsers. Also battery burns fast and once on a different phone Google canceled my account for way too much rsoid volume of data. I think it may be happening again. Sometimes I find unfamiliar data files in my directory or under the Android data folder. Usually it contains my configuration in a sys file but lately there a .um directory containing a sysid.dat file which has a permalink url to Facebook that I'm not sure where it leads.... But if been getting hacked on FB too. I'd reset but it won't allow me into the recovery mode. Moto e6 . Any help?
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22199
PUBLISHED: 2021-06-16
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
CVE-2020-22200
PUBLISHED: 2021-06-16
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
CVE-2020-22201
PUBLISHED: 2021-06-16
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
CVE-2021-20483
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
CVE-2021-20488
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.