A lot of concern about the NSA's seemingly omnipresent surveillance over the last year has focused on the agency's efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited.
Two researchers have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device. The attacks would require proximity to the phones, using a rogue base station or femtocell, and a high level of skill to pull off.
But it took Mathew Solnik and Marc Blanchou, two research consultants with Accuvant Labs, just a few months to discover the vulnerabilities and exploit them. The vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them. Though some design their own tool, most use a tool developed by a specific third-party vendor—which the researchers will not identify until they present their findings next week at the Black Hat security conference in Las Vegas.
The tool is used in some form in more than 2 billion phones worldwide. The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven't looked at Windows Mobile devices yet. The researchers say there's no sign that anyone has exploited the vulnerabilities in the wild, and the company that makes the tool has issued a fix that solves the problem.
But it's now up to carriers to distribute it to users in a firmware update. Carriers use the management tool to send over-the-air firmware upgrades, to remotely configure handsets for roaming or voice-over WiFi and to lock the devices to specific service providers. But each carrier and manufacturer has its own custom implementation of the client, and there are many that provide the carrier with an array of additional features.
To give carriers the ability to do these things, the management tool operates at the highest level of privilege on devices, which means an attacker who accesses and exploits the tool has the same abilities as the carriers. The management tools are implemented using a core standard, developed by the Open Mobile Alliance, called OMA device management. From these guidelines, each carrier can choose a base set of features or request additional ones.
Solnik says they found that some phones have features for remotely wiping the device or conducting a factory reset, altering operating system settings and even remotely changing the PIN for the screen lock. They've also found systems that allow the carrier to identify nearby WiFi networks, remotely enable and disable Bluetooth or disable the phone's camera.
More significantly, they've found systems that allow the carrier to identify the applications on a handset, as well as activate or deactivate them or even add and remove applications. The systems give the carrier the option of making these changes with our without prompting the consumer.
Carriers also can modify settings and servers for applications pre-installed by the carrier—something hackers could exploit to force the phone to communicate with a server of their choosing.
Furthermore, some of the systems can monitor the web browser's home page and in some cases retrieve synced contacts. Others include a call redirect function that can direct the phone to a specific phone number. Carriers typically use this feature to program shortcuts to their own phone numbers. For example, Verizon might program its phones so "" dials customer service. But Solnik found this feature can be used to redirect any number; phone numbers also can be programmed to launch an application.
The more features the management tool offers the carrier, the more an attacker can do as well. But at a minimum, every device they examined would allow an attacker to change all of the cellular network functionality. In many cases, they could also control firmware updates. And even the phones that use only the most basic management system have memory corruption vulnerabilities that would still allow a hacker to execute code or install malicious applications, they found.
Among iOS devices, they found that only iPhones offered by Sprint and running an operating system prior to version 7. The 7. Carriers recognize the risk these management tools present, and many have added encryption and authentication to bolster security. Accessing the management system in the device, for example, often requires a password.
And the researchers found every carrier in the US encrypts communication between a device and the carrier's server. But these protections are so poorly implemented that the researchers could undermine them. That number is readily available by any base station that communicates with the phone.So for this, you require to hack these phones to spy on them.
Before proceeding, you should decide the reason for which you want to hack that cell phone. By spying into a cell phone, you can read its chat history, access contacts and monitor many more things.
So spying gives you consolation as you will be able to know the truth. This is the main step in which you choose a perfect spy software according to your budget and requirements.
There are a lot of spy tools in the market, but genuine and reliable products are rare. So here we listed the topmost spy products for you. No-Jailbreak solution also available. FlexiSPY — Plenty of unique features. These are the top spy programs having exciting features and you can choose any subscription according to your budget and requirements. These products are compatible with all versions of iOS. Now you require physical access of the target phone for only 5 to 10 minutes. In these 10 minutes, you have to install one of these cell phone spy software on the target cell phone.
You can operate this dashboard from your smartphone or PC. Later on, you can remotely uninstall spy software anytime from the target cell phone when you realize that there is no more need for this spy software now. If you are installing this spy software on an iPhone, iPad then you require to jailbreak your Apple device to use the complete list of features.
Ask Different is a question and answer site for power users of Apple hardware and software. It only takes a minute to sign up. As my question states, someone is basically getting into my apps on my iPhone remotely.
They are able to tell me what apps I have downloaded and who I have contacted through apps. I have changed my password to iTunes and to the apps themselves but the person can still access my information. How is this possible? How can I prevent it?
How can I find out who is doing it? Any technical input to explain how things work and practical security tips are welcome.
Subscribe to RSS
Should remove any security holes that may have unintentionally been opened. Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Someone keeps hacking into my iPhone remotely, viewing my apps, and logging into my apps. How can I prevent this and see who is doing it? Ask Question. Asked 8 years, 1 month ago. Active 1 year, 5 months ago. Viewed 10k times.
Brad Brad 15 1 1 silver badge 1 1 bronze badge. You don't tell us what kind of device you have, what version of iOS you're using, if you're jailbroken or not, whether you have ssh installed through Cydia or not, what kind of information they are illegally accessing, what apps they are getting into. Impossible to provide any real help without those vital details. It could be they are gleaning this info through other means like your PC. I echo what cksum says. We can't help much without vital information like what cksum mentioned.
What evidence do you have that you're being hacked? It seems to me if they're logging into your apps, you'd be able to see their various accounts' info.Sure, someone can hack your phone and read your text messages from his phone. But, the person using this cell phone must not be a stranger to you. Firstly, the person who wants to hack your phone and get access to your messages downloads text message tracker. The second step he does is install the application on the target device.
One of the hacking spyware built and used for the text messages spying purposes mentioned above is mSpy.Stop hackers from remote access
You may be angry because of unauthorized access to your phone and remind you about the right to privacy. If your phone is hacked, you should notice an unusual activity. When a hacker gets access to your smartphone, they can access all the installed applications. It means that the hacker can reset various passwords, send emails and text messages, mark unread emails, sign up for new accounts.
It could mean that your phone is spied on or hacked. Using these programs, hackers get access to information on your smartphone, including photos, messages, emails, and other apps. If you ever wondered: Can someone hack my phone by calling me? The answer is yes. Can someone hack into my phone through wifi? When you connect to the unlock Wi-Fi network, you risk being spied on by the hacker who just made their network opened to catch a victim.
Hackers can get access to your Google or iCloud account and see any relevant information you save there.
How to Avoid and Recover from Remote Access Scams
With the help of cell phone hacking software or SMS tracking apps, someone can get access to all your messages to:. Now that you know how someone can hack your phone, you might want to try it yourself. This app allows to read messages, emails, and chats on the target phone as well as view photos, videos, and get access to the installed applications.
It works with all types of devices Android and iOS and can be used on multi-platforms. Click here to download mSpy.
All these options will be available for someone who will decide to hack your phone and read your text messages using surveillance applications. Although all spy apps work in stealth mode and tracking should be secrecy and undetectable, sometimes you can notice some strange things with your device.
So if you notice something that you did not performthen there is an opportunity that another user hacks your smartphone.
Very strange tone with this article. Trying to walk the line between helping people with compromised devices and selling the service yourself. You need to know your enemy to fight it. Thank you so much! Any advice or info you can give?Normally, most people would never let a stranger use their computer, as it would be easy for that stranger to steal your private files, your money or your identity.
To find out how you can mitigate the damage of remote access scams, read on. In a remote access scam, a scammer attempts to persuade you into giving them remote control over your personal computer, which allows the scammer to con money out of you and steal your private information.
Normally, these programs are used for legitimate tech support and worker collaboration purposes, but they can also be used by bad actors for nefarious purposes.
While the scammer is connected to your computer, they will basically try to pull a high-tech confidence trick on you.
Some examples include using the Command Prompt tool to generate ominous messages, or opening Temp files in Notepad and claiming that the random characters that show up are a sign of corruption. They will then offer to fix the problem for a fee of a few hundred dollars, pretend to repair your computer and take your money, possibly using any credit card or bank details you give them to make additional fraudulent charges in the future. This can be even worse than just conning you out of money, as undetected malware can allow hackers to steal your identity, including your passwords and financial information, over and over againeven if you get new passwords and account numbers.
Steering clear of remote access scams becomes pretty simple once you realize a few key facts. First, tech support specialists from companies and government departments never cold call people, so if you receive a call purporting to be from some kind of tech support, it is almost definitely a scam.
Contact the financial institution associated with any payment method you gave the scammer, such as your credit card issuer or bank, and tell them about the scam. You should also file a complaint with the FTCas your report will help them track down and build a case against the scammers. Fixing any damage done to your computer can be more difficult, as digital threats are constantly evolving to escape detection. The safest approach is to wipe your hard drive and do a clean install of your operating system, but this is a drastic and time-consuming measure.
If you have a Windows computer, an easier but still effective option is to use the System Restore feature to roll back your computer to a point before the scam, which can undo malware that the scammer installed. While whichever solution you chose is working, you may also want to disconnect your computer from the Internet in case the scammer left a remote access trojan to let them reconnect to your system.
After your computer is clean, you should reset all of your passwordsand possibly install some kind of ad blocking software to keep from getting any more scam pop-ups. To learn more about the latest scams and how to protect yourself from them, follow our scams blog. Gabriel Wood is a personal finance and technology writer for NextAdvisor. He is a graduate of American University in Washington D.
Follow him on Twitter GabrielAdvisor. NextAdvisor is a consumer information site that offers free reviews and ratings of online services. Many of the companies whose services we review provide us compensation when someone who clicks from our site becomes their customer.
This is how we make money to support our site. The results of our analyses, calculators, reviews and ratings are based on objective quantitative and qualitative evaluation of all the cards on our site and are not affected by any compensation NextAdvisor may receive.
Compensation may impact which products we review and write about and where those products appear. We do not review all products in a given category. All opinions expressed on this site are our own. Advertiser Disclosure : NextAdvisor is a consumer information site that offers free reviews and ratings of online services. Methodology Advertiser Disclosure.
Credit Cards. How remote access scams work In a remote access scam, a scammer attempts to persuade you into giving them remote control over your personal computer, which allows the scammer to con money out of you and steal your private information.
How to avoid remote access scams Steering clear of remote access scams becomes pretty simple once you realize a few key facts.C ell phones usually store a great deal of personal data that trace back over the last couple of years.
You probably use your cell phone on a daily basis to: send text messages and emails; store voicemails; send pictures or videos to friends, your family or partner; browse the internet and social media - the list goes on and on.
But, why would someone spy on you? There could be multiple reasons for someone to spy on your phone. Maybe you have an important job or one with a lot of responsibility. For example, scientists, journalists, judges or other government workers could all be potential targets for the bad guys.
Unfortunately, even a strong login password on your phone is not going to protect you from harmful spies. And there are plenty of spying apps on the market that can monitor all of your cell phone activity without your knowledge. There are a few signs that should ring the alarm bells and could point to the possibility of your cell phone being infected with spy software that is either tracking or monitoring your activities - or both.
The signs vary and some are hard to spot. Is your monthly data usage unusually high? Generally, lower-quality spy software tools use a significant amount of data to send the collected information from your cell phone.
On the other hand, the top-notch spy software on the market requires much less data to send the information collected from your phone.
Aside from standard incoming calls, messages and other standard notifications that trigger activity on your cell phone, your cell phone screen should not be lighting up in standby mode. Does your cell phone reboot without an obvious reason, or without you making it do so? And, if someone has remote access to reboot your device, it would surprise me if that were the only thing they could do or see.
Typically, a message that contains a variety of weird symbols, random numeric sequences or other characters points to the possibility of a potential spy software tool on your cell phone. Spy software on a phone monitors all of your activities and sends these recordings to a third-party device. Then, measure the battery usage. This is one of the least obvious signs, because the battery temperature of a cell phone can be tied to a large number of different technical issues as well.
Similar to a PC, which always closes all active processes after you decide to shut it down, a cell phone follows the exact same routine. Your cell phone will close all of its active processes before it shuts down completely. Therefore, it will take quite a bit longer for a phone to shut down if it also has to cancel all the data-transmitting activities of spy software.
For example, maybe you just finished a number of calls or text messages and then tried to turn off your device, and it took an unusually long time. Are you experiencing difficulties while trying to shut down your device?
It could be a sign that your cell phone has been compromised.How do I get rid of someone who has control over my remote desktop?! Its killing me — I am literally watching stuff being erased! I had the same thing happen. After tryin all the fixes mentioned, I called my internet provider. Not only did he change my IP address but he also secured my net works in 2 ways and worked endlessly to reset the comuter and make sure it was virus free?
In conclusion he had me chang all my pastwords, he mcontactd DELL explaining the problems. Custom servivn was exemplary and so far so good with the computer! First off let me thank you for taking the time to help me with my dilemma. I purchased this Laptop from a local independent retailer a couple months ago as a second owner.
It was in perfect shape and much better than the piece of junk HP dv that finally died on me. So about weeks later I notice my passwords are changing. I figured I had just typed them in wrong or written them down wrong and would just change them either back to what I thought they where or created new ones.
Is Someone Spying on Your Cell Phone?
Now let me be clear, Im 43 years old and although no where near an expert I have been working on these systems for 25 years plus but in a fairly limited capacity.
I own a Commercial Art and Advertising company and for most of that span I have only mostly focused on software, hardware and applications and builds related to my vocation and industry! IT and security has been limited to home networks and creative passwords! So when, shall we say, these small glitches I started having became more and more frequent I decided to do some research. My only solution was to re-format and re-install. Virus scans, which I had run many times and used several would not have made a bit of difference in my case.
This has been a tremendous education for me and although satisfied that I have fixed the issue with the help of people more knowledgeable than myself Thank You, Thank you Thank you! I wont be using him again! So that's the story of "The Ghost In The Machine" and how I eventually, after hours and hours Something like 70 hours all told of speculation, second guessing, self doubt and im sure what my wife would describe as senseless paranoia She truely thought I was seeing Gremlins on the airplane wings!!!
Sorry but you are the one to blame. You bought a used PC of unknown origin.