According to the Washington Post, hackers may be able to break into your laptop or smartphone even if it is not linked to the internet by studying the low-power electronic signals it sends.
Researchers at Georgia Tech are currently examining the source of these data leaks in order to assist hardware and software manufacturers in developing techniques to plug them.
The researchers established a methodology for gauging the intensity of the leaks — known technically as ‘side-channel signal’ — to help prioritize security efforts by monitoring emissions from several devices.
“People are concerned about internet security and wireless communication security, but we’re worried about what can be learnt from your computer without it sending anything,” said Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering.
“Even if you turn off your internet connection, you’re still sending out data that someone could exploit to attack your computer or smartphone,” Zajic explained. But how exactly can phone camera be hacked without internet across various devices?
Can Phone Camera Be Hacked Without Internet
Using a number of spying methods, side-channel emissions can be measured many feet away from an operational computer. Antennas hidden in a suitcase, for example, can receive electromagnetic radiation.
Acoustic emissions, or sounds made by electronic components like capacitors, can be picked up by microphones buried beneath tables, according to the researchers.
Fake battery chargers connected into power outlets adjacent to a laptop’s power converter can measure power fluctuations, which can enable hackers figure out what the computer is doing.
A simple AM/FM radio can pick up some signals, but more complex spectrum analyzers are required for others.
Furthermore, computer components such as voltage regulators emit emissions that might transport signals from other parts of the laptop.
Zajic performed a fake password on a laptop that was not connected to the internet as a demonstration.
A coworker on the opposite side of the wall, using an unconnected laptop, intercepted side-channel signals created by the first laptop’s keyboard software, which had been tweaked to make the characters easier to detect, and read the password as it was written.
“Nothing in the code has been introduced to arouse suspicion,” said Milos Prvulovic, an associate professor at Georgia Tech’s School of Computer Science.
“It appears to be a proper, but inefficient, version of standard keyboard driver software. In other cases, existing software is adequate for a successful attack, such as standard spell-checking, grammar-checking, and display-updating “Prvulovic stated.
There is currently no mention of hackers deploying side-channel attacks in the open literature, but the researchers feel it is only a matter of time before they do.
Whether you use Zoom, Skype, or Microsoft Teams, the webcam on your home PC or laptop has probably never been as busy as it is now during the pandemic.
For business, study, or virtual socializing, most of us have a camera built into our phone, tablet, laptop, or desktop webcam.
Unfortunately, this access makes us exposed to a type of online attack known as camfecting. This occurs when hackers get remote control of your webcam. They accomplish this by turning off the “on” light, which normally signifies that the camera is functioning, leaving victims in the dark.
Many of our mobile devices’ cameras are still unprotected. According to study, more than 15,000 web camera systems (including those in homes and businesses) are easily available to hackers throughout the world, without even needing to be hacked.
Take a page from Mark Zuckerberg’s playbook.
The webcam on your laptop cannot be used when it is switched off. Many of us, on the other hand, keep our laptops in hibernation or sleep mode (which are different). A cybercriminal may wake the device and switch on the camera in this situation. Even Mark Zuckerberg has acknowledged to masking his microphone and covering his webcam.
The amount of images captured through unauthorised webcam access that have been recorded is relatively low. This is because the majority of attacks take place without the user even noticing they’ve been hacked. As a result, these attacks go unnoticed.
It’s crucial to think about why someone would want to break into your home device. Images of you are unlikely to be captured by an attacker for personal extortion or their own nasty excursions. While these incidents do occur, the majority of unauthorized camera access is dedicated to data collection for financial benefit.
Beware of Camera Hack Scammers
Cybercriminals frequently try to dupe people into believing they’ve been hacked through a camera. Thousands of spam emails are sent every day in an attempt to persuade consumers that they have been “caught” on camera. But why is that?
Shaming people for “inappropriate” webcam use in this way is a scam that has had a lot of success in the past. Many victims pay up because they don’t want to be publicly exposed.
The majority of actual webcam hacks are targeted attempts aimed at gathering sensitive information. Intelligence collection and clandestine image capture are frequently carried out by tech-savvy corporate entities. Some hacks are the result of corporate espionage, while others are the work of government spy agencies.
In camfecting assaults, there are two main acquisition tactics. The first is known as a RAT (Remote Administration Tool), and the second occurs when malevolent persons offer fraudulent “remote tech support.”
Your retail service provider is usually the source of genuine remote tech help (such as Telstra or Optus). We trust our authorized tech support personnel, but you shouldn’t trust a “friend” you’ve never met who offers to “assist you” with a problem using their own remote support software.
A Trojan virus sent by email is an example of a RAT. This allows hackers to take control of a gadget from within.
Webcam Hacking Get Access to Everything
When a Trojan virus infects a device, the entire computer is remotely accessed, not just the webcam. This includes access to files, images, banking, and a variety of other information.
For some years, it has been possible to install a RAT. In 2015, a popular RAT could be obtained for only US $40 on the internet. Malware (malicious software) can be delivered via email, attachment, or USB flash drive.
Those interested in learning how to utilize such technologies should go to YouTube, which has a wealth of lessons. Hackers have never had it easier.
All Smarthome Electronics are at Risk
Every year, our homes become “smarter.” According to reports, the average Australian household had 17 connected gadgets in 2021.
Let’s imagine you have one or two laptops, three or four smartphones and tablets, a home security camera system, and a smart TV with a facial recognition camera built in.
With a remote video doorbell, a talking doll named My Friend Cayla, a drone helicopter you received for Christmas, and a robot toy that follows you around the house, your home may have more than 20 IP cameras.
You can use a tool like Shodan to better understand your weaknesses. This search engine allows you to see which of your gadgets are visible to others when connected to the internet.
At home, practice ‘cyberhygiene.’
One basic low-tech remedy for webcam hacking is to cover a camera with black tape. It’s also a good idea to turn off your laptop or desktop computer when it’s not in use. Don’t let a device’s hibernation, sleep, or low-power mode fool you into thinking it’s safe.
Your firm may provide firewalls, antivirus, and intrusion detection systems at work. When most of us work from home, such safeguards are null and invalid. Practices of “cyberhygiene” will assist protect you from cyber-attacks.
Always use strong passwords, and don’t reuse old ones containing numbers like “Richmond2019” or “Manutd2020.” Make sure your antivirus and operating system software are up to date as well.
Above everything, use your common sense. Don’t share your passwords (including your home Wi-Fi password), don’t click on strange links, and keep your devices free of unwanted software on a regular basis.
You might worry if you’re ever entirely safe when utilizing webcams. This is difficult to predict, but rest assured that there are things you can take to improve your chances.
What to Do If You Think Your Phone Has Been Hacked
Our cellphones serve as the central core of our online lives, handling everything from email to banking. It’s no surprise that cellphones are becoming more popular as internet hacking targets than desktops. Despite Google and Apple’s attempts, mobile malware continues to find its way into official app stores – and these harmful programs are becoming more cunning. According to the McAfee 2020 Mobile Threat Report, more than half of mobile malware apps “hide” on a device, serving annoying adverts, posting false reviews, or stealing information that may be sold or exploited to take users to ransom.
While iPhones can be hacked, Android devices are the target of more malware. MalwareBytes noted a spike in aggressive advertising and preloaded malware on Android smartphones in its 2020 State of Malware Report, with the goal of stealing data – or merely the victims’ attention.
Spyware that watches a device’s content, programs that use a device’s internet capacity to send spam, and phishing screens that take a user’s logins when typed into a hacked, genuine app are all examples of malware.
It is frequently acquired from non-official sources, such as rogue websites and phishing URLs transmitted through email or SMS. (While security experts encourage installing programs through official app shops such as the Apple App Store or Google Play, some nations are unable to access specific apps from these stores, such as secure messaging apps that allow users to interact privately.)
Then there are commercial spy applications, which require physical access to download to a phone – usually by someone the victim knows, such as a lover or parent – and can monitor everything that happens on the device.
Are you unsure if you’ve been hacked? We asked Josh Galindo, director of training at uBreakiFix, how to identify if a smartphone has been hacked. We also look at the twelve different ways your phone might be hacked and what you can do to protect yourself.
6 Indications that your phone has been hacked
1. Battery life appears to be dwindling
While a phone’s battery life will undoubtedly diminish over time, a smartphone that has been infected with malware may experience a considerable reduction in battery life. This is because the spyware – or spy app – may be consuming phone resources in order to scan the device and send data to a criminal server.
(However, regular use can diminish a phone’s longevity as well.) Check if that’s the case by following these methods to extend the life of your Android or iPhone battery.)
2. Lagniapped performance
Do you frequently experience your phone stopping or particular programs crashing? This could be caused by malware that is overburdening the phone’s resources or causing conflicts with other apps.
It’s also possible that programs will continue to run despite your efforts to quit them, or that the phone will crash and/or restart repeatedly.
(As with decreasing battery life, a slower phone can be caused by a variety of things, the most common of which is daily use, so consider deep cleaning your Android or iPhone first.)
3. A lot of data usage
Another symptom of a hacked phone is an unusually high data bill at the end of the month, which might be the result of malware or spy apps operating in the background and relaying data back to a server.
4. Missed or unanswered phone calls or texts
Be cautious if you see lists of calls or texts from numbers you don’t recognize — these could be premium-rate lines that spyware is forcing your phone to contact, with the proceeds going to the cyber-wallet. Criminal’s in this scenario, look over your phone statement for any charges you aren’t familiar with.
5. Surprising pop-ups
While not all pop-up notifications imply that your phone has been hacked, they could signal that your phone has been infected with adware, a type of malware that drives devices to access specific pages in order to generate revenue through clicks. Even if a pop-up isn’t the result of a hacked phone, many of them could be phishing links designed to trick users into entering sensitive information or downloading more software.
6. Unusual activity on any of the device’s accounts
If a hacker gains access to your phone, they gain access to all of your accounts, including social media, email, and a variety of lifestyle and productivity apps. This could manifest itself in account action such as resetting a password, sending emails, marking unread emails that you don’t recall reading, or signing up for new accounts that send you verification emails.
In this instance, you may be vulnerable to identity fraud, which occurs when crooks use information stolen from your hacked accounts to open new accounts or lines of credit in your name. Before performing a security scan on your phone, it’s a good idea to change your passwords – without updating them on your phone.
What should you do if your phone has been hacked?
If you’ve noticed any of these signs that your phone has been hacked, the best thing you can do now is download a mobile security app.
We recommend Bitdefender or McAfee for Android because of their comprehensive feature sets and outstanding ratings from reputable malware analysis labs.
While iPhones are less vulnerable to hacking, they aren’t completely secure. Lookout for iOS identifies suspicious apps, possibly risky Wi-Fi networks, and whether or not the iPhone has been jail broken (which increases its risk for hacking). It’s free, but you can upgrade to identity protection for $2.99 a month, which includes login alerts.
Who would want to break into your phone?
Government surveillance has grown so ubiquitous that we may have become hardened to the idea that the NSA can listen in on our phone calls or that the FBI can hack our computers whenever it wants. Hackers, thieves, and even individuals we know, such as a spouse or employer, have other technological methods – and incentives – to hack into our phones and breach our privacy. And unless you’re a high-profile target – journalist, politician, political dissident, business leader, and criminal – it’s far more likely that someone close to you is spying on you than a government agency.
There are 12 different ways your phone might be hacked.
Here are twelve ways someone could be spying on your phone — and what you can do about it. From planned breaches and vendetta-fueled snooping to opportunistic land grabs for the info of the unknowing.
1. Spyware applications
There are a plethora of phone monitoring apps available that allow you to follow someone’s position and listen in on their conversations without them knowing. Many are offered as a legitimate tool for safety-conscious parents to keep tabs on their children, but others are marketed to suspicious partners or wary employers. Apps like this can be used to see text messages, emails, internet history, and images from afar; log phone calls and GPS whereabouts; and some even use the phone’s microphone to record in-person conversations. Basically, these apps would allow a hacker to do practically anything they wanted with your phone.
And this isn’t simply platitudes. Back in 2013, when we looked into cell phone surveillance apps, we discovered that they could perform all they claimed. Worse, they were simple to set up, and the individual being watched would have no idea that their every step was being monitored.
According to Chester Wisniewski, principal research scientist at security firm Sophos, “there aren’t too many symptoms of a covert spy app — you might see more internet traffic on your bill, or your battery life may be lower than usual because the program is reporting back to a third-party.”
Spy apps are available on Google Play as well as unofficial iOS and Android app stores, making it quite simple for anyone with access to your phone (and a motive) to install one.
How to Safeguard Yourself
Because downloading surveillance apps necessitates physical access to your device, enforcing a passcode on your phone considerably minimizes the likelihood of someone gaining access to it in the first place. Also, because spy applications are frequently installed by someone close to you (think spouse or significant other), choose a code that no one else will guess.
Look through your app list to see if there are any that you don’t recognize.
If you want to keep your iPhone, don’t jailbreak it. “All apps show up if a device isn’t jail broken,” Wisniewski says. “Spy programs can lurk deep in the smartphone if it’s jail broken, and whether security software can locate them depends on how sophisticated the spy app is [since security software looks for known malware].”
Because such software – which tampers with system-level functionality – does not make it onto the App Store, ensuring your iPhone isn’t jail broken also stops anyone from downloading a spy app to your phone.
Install a mobile security app on your phone. We recommend Bitdefender or McAfee for Android and Lookout for iOS.
2. Phishing attempts
SMS texts containing bogus links that try to scrape private information (otherwise known as phishing or “smishing”) continue to make the rounds, whether it’s a text claiming to be from a coronavirus contact tracer or a friend urging you to check out this photo of you from last night.
Phishing emails are very profitable for attackers since consumers check their email programs frequently throughout the day.
Phishing messages soar throughout tax season, preying on people’s anxiety over their tax return, and this year’s coronavirus-related government stimulus payment period has seen an increase in phishing emails appearing to be from the IRS.
Texts with links to download harmful software may be sent to Android phones (the similar scam isn’t widespread for iPhones, which are generally non-jail broken and thus can’t download apps from anywhere but the App Store). When you try to download an unauthorized program, Android will warn you and ask for your permission to install it; do not ignore this warning.
These malicious apps may expose a user’s phone data or include a phishing overlay that steals login credentials from targeted apps, such as a user’s bank or email app.
Most likely. People have learnt to be weary of emails that beg them to “click to see this humorous video!” but they are less wary on their phones, according to security firm Kaspersky.
How to Safeguard Yourself
Remember how you usually verify your identification with different accounts – your bank, for example, will never require you to enter your entire password or PIN.
Check out the IRS’s phishing section to learn more about how the tax agency communicates with its customers, and double-check any correspondence you receive.
If you can’t see the whole URL, don’t open links from numbers you don’t recognize or in strangely ambiguous messages from pals.
If you click the link and try to install an unapproved app, your Android phone should warn you before doing so. Delete the app and/or do a mobile security scan if you ignored the warning or the app overcame Android security in some other way.
3. Unauthorized access to a Google or iCloud account
Photos, phonebooks, current location, messages, call records, and, in the case of the iCloud Keychain, saved passwords to email accounts, browsers, and other apps are all accessible through hacked iCloud and Google accounts. And there are spyware vendors who market their programs particularly to exploit these flaws.
According to Wisniewski, online criminals may not see the value in photos of ordinary people – unlike naked photos of celebrities that are immediately leaked – but they know the owners do, which can result in accounts and their material being held digitally hostage till victims pay a ransom.
A broken Google account also means a broken Gmail, which is the primary email for many users.
Having access to a major email account can lead to a domino effect of hacking of all the accounts related to that email – from your Facebook account to your cell carrier account – allowing for a depth of identity theft that might badly harm your credit.
“This is a significant risk. An attacker only requires an email address, not phone access or a phone number, according to Wisniewski. If you use your name in your email address, your primary email address to sign up for iCloud/Google, and a weak password that includes personally identifiable information, a hacker who can easily glean such information from social networks or search engines will have no trouble gaining access to your account.
How to Safeguard Yourself
For these important accounts, create a strong password (and as always, your email).
Enable login alerts to be notified of new computer or location sign-ins.
Enable two-factor authentication so that even if your password is cracked, no one can access your account without your phone.
When creating password security questions, tell a lie to prevent someone from resetting your password. You’d be surprised how many security questions rely on information that’s readily available on the Internet or that your family and friends already know.
4. Bluetooth eavesdropping
Any wireless connection could be exposed to cyber-snoopers, and security experts discovered a weakness in Android 9 and older smartphones earlier this year that allowed hackers to connect discreetly over Bluetooth and harvest data from the device. (The assault would have crashed Bluetooth on Android 10 devices, making connection impossible.)
While the vulnerability was quickly corrected in security upgrades, attackers may still be able to compromise your Bluetooth connection by exploiting additional flaws – or deceiving you into pairing with their device by giving it a different name (such as “AirPods” or another universal name). Your personal information would be at risk once you were connected.
“Very low, unless it’s a targeted attack,” says Dmitry Galov, a Kaspersky security researcher.
“Even then, a lot of things have to line up for it to happen.”
How to Safeguard Yourself
Turn your Bluetooth on only when you’re going to use it.
To avoid being a victim of fraudulent pairing requests, never pair a device in public.
Download security updates as soon as they are available to repair vulnerabilities.
5. Switching SIM cards
Another reason to be cautious about what you put online is that cybercriminals can impersonate legitimate customers who have been locked out of their accounts by calling cellular companies. They can have a phone number moved to their own device and use it to take over a person’s internet accounts by giving stolen personal information. Hackers exploited known login names to request password changes and intercept multi-factor authentication messages sent to the stolen phone number in a spate of Instagram handle thefts, for example. What is the goal? To kidnap captives and keep them for ransom or, in the case of high-value identities, to sell on underground markets. Some people’s bitcoin accounts have also been hacked and drained.
That agents from all five major carriers used the last three digits of the last two called numbers to verify users who provided incorrect information (such as billing address or zip code). Researchers were able to disclose these facts by sending users a text asking them to phone a specific number, which then played a voicemail advising them to call a different number.
“SIM shifting is currently very common in Africa and Latin America,” Galov explains. “However, we are aware of recent occurrences from many places around the world.”
How to Safeguard Yourself
Use numbers that are difficult to guess for your carrier PIN, such as your birthday or family birthdays, which may all be found on social media.
Instead of SMS, use an authenticator software like Authy or Google Authenticator for 2FA. “In most circumstances, this precaution will safeguard you,” Galov explains.
To reduce the chance of a cyber-attack that could divulge personal information that could be used to hijack your SIM, use strong passwords and multi-factor authentication for all of your online accounts.
6. Camera on a hacked phone
As video calling grows more common for work and family communication, the significance of protecting computer webcams from hackers has been highlighted – but your phone’s front-facing camera could also be at risk. For example, a now-fixed flaw in the Android onboard Camera app might have allowed attackers to record video, take photographs, and steal image geolocation data, while malicious apps with access to your camera app (see below) could have allowed hackers to hijack your camera.
Hacks on computer webcams are less common.
How to Safeguard Yourself
Download security updates for all apps and your device on a regular basis.
7. Apps that require too many permissions
While many apps over-request permissions for the sake of data collection, others – especially those obtained from unofficial stores – may be more dangerous, seeking intrusive access to everything from your location data to your camera roll.
According to Kaspersky study, many harmful apps in 2020 would take advantage of Accessibility Service, a mode designed to make it easier for individuals with disabilities to use smartphones. According to Galov, “a malicious application with permission to exploit this has practically endless possibilities for interacting with the system interface and apps.” This permission is used by some stalkerware programs, for example.
Over-requesting permissions is also likely to be a problem with free VPN programs. Two-thirds of the top 150 most-downloaded free VPN apps on Android made queries for sensitive data such as users’ geolocation, according to researchers in 2019.
Over-requesting permissions is a typical occurrence, according to Galov.
How to Safeguard Yourself
Read app permissions before installing them, and don’t install apps that require more access than they need to function.
Check online reviews even if an app’s permissions appear to match its function.
Download an antivirus app for Android, such as Bitdefender or McAfee, that will scan apps before they are downloaded and identify unusual behavior in apps you already have.
8. Snooping through public Wi-Fi networks
It’s advised not to get online the next time you come across a public Wi-Fi network that doesn’t require a password. On an unsecured Wi-Fi network, eavesdroppers can see all unencrypted traffic. Furthermore, malicious public hotspots can link you to phony banking or email services in order to steal your username and password. It’s also not always a shady manager at the establishment you frequent. Someone living across the street from a coffee shop, for example, may put up a login-free Wi-Fi network with the café’s name in the hopes of capturing useful login credentials for sale or identity theft.
Anyone with a basic understanding of computers might theoretically obtain the software required to intercept and analyze Wi-Fi traffic.
How to Safeguard Yourself
Only connect to public Wi-Fi networks that are password-protected and have WPA2/3 enabled (you’ll see this on the login screen when prompted for a password), as communication is encrypted by default.
To secure your smartphone traffic, use a VPN program. NordVPN (Android/iOS from $3.49/month) is a good all-around option that protects several devices, such as your tablet and laptop.
If you don’t have a VPN app and need to connect to a public network, don’t enter login information for banking sites or email. If you can’t prevent it, double-check the URL in your browser’s address bar. And only enter private information if you’re connected to the other site via a secure connection (look for “https” in the URL and a green lock icon in the address bar).
Enabling two-factor authentication for online accounts can also secure your privacy when using public Wi-Fi.
9. Applications with insecure encryption
Even non-malicious apps might make your mobile device vulnerable. Apps that utilize weak encryption techniques, according to the InfoSec Institute, can expose your data to someone seeking for it. Those that apply powerful algorithms incorrectly can provide further back doors for hackers to exploit, giving them access to all of your personal data on your phone.
“A potential hazard, but one that is less likely than others like unsecured Wi-Fi or phishing,” Galov says.
How to Safeguard Yourself
Before downloading an app, look for reviews online – not just on app stores (which are prone to spam reviews), but also on Google to see if other users have reported any suspicious activity.
Only download programs from trusted developers if at all feasible — for example, those who appear on Google with favorable ratings and feedback results, or on user review sites such as Trustpilot. “The onus is on developers and businesses to enforce encryption standards before apps are deployed,” according to Kaspersky.
10. Vulnerability in the SS7 global phone network
Signaling System No 7 (SS7), a communication system used by mobile networks all over the world, has a flaw that allows hackers to eavesdrop on text messages, phone calls, and whereabouts using simply someone’s mobile phone number.
Hackers have been using this flaw to intercept two-factor authentication (2FA) codes received by SMS from banks for years, with cybercriminals in Germany depleting victims’ bank accounts. A similar attempt was launched against the Metro Bank in the United Kingdom.
This method might be used to break into other online accounts, such as email and social media, causing financial and personal disaster.
Law enforcement and intelligence organizations, according to security researcher Karsten Nohl, utilize the exploit to intercept cell phone data and hence have little motive to see that it is fixed.
The likelihood is growing, as the minimal resources required to exploit this vulnerability have made it available to cybercriminals with a lower profile who are looking to steal 2FA codes for online accounts rather than tapping the phones of political leaders, CEOs, or other people whose communications could be valuable in underground markets.
How to Safeguard Yourself
Instead of SMS, use email or (much safer) an authentication app as your 2FA method.
Wisniewski recommends using an end-to-end encrypted message service that works via the internet (thus avoiding the SS7 protocol). WhatsApp (free, iOS/Android), Signal (free, iOS/Android), and Wickr Me (free, iOS/Android) all encrypt your messages and calls, making them impossible to eavesdrop or interfere with.
Be aware that your phone conversations may be monitored if you are part of a potentially targeted group, and respond accordingly.
11. Charging stations that are malicious
While travel and tourism are unlikely to pick up anytime soon, the Los Angeles County District Attorney’s Office issued a security notice last year regarding the threat of hijacked public USB power charging outlets in places like airports and hotels.
Malicious charging stations, including malware-infected laptops, make use of the fact that conventional USB cords may both transfer data and charge batteries. When an older Android phone is connected to a computer, it may immediately mount the hard drive, exposing the data to an unscrupulous owner.
Security experts have also demonstrated that the video-out feature can be hacked, allowing a hacker to record every keystroke, including passwords and sensitive data, when hooked into a malicious charge hub.
Low. There have been no reports of charging stations being taken over, although newer Android phones will ask for permission to load their hard drive when plugged into a new computer, whereas iPhones will ask for a PIN. New vulnerabilities, on the other hand, may be uncovered.
How to Safeguard Yourself
Bring a wall charger instead of plugging into unknown devices. A charge-only USB cable, such as PortaPow ($9.99 for a two-pack on Amazon), is a good option.
If a public computer is your sole choice for reviving a dead battery, choose “Charge only” (Android phones) or block access from the other computer if a pop-up appears when you plug in (iPhone).
12. Fake cell towers, such as the FBI’s Stingray
The FBI, IRS, ICE, DEA, US National Guard, Army, and Navy are among the government agencies that have been accused of using cellular surveillance devices (the eponymous StingRays) that imitate real network towers.
StingRays and other imposter wireless carrier towers force nearby cell phones to drop their existing carrier connection in favor of connecting to the StingRay, allowing the device’s operators to track calls and texts made by these phones, as well as their movements and the phone numbers they text and call.
Because StingRays have a radius of around 1km, monitoring a suspect’s phone in a crowded city center might result in the tapping of tens of thousands of phones.
StingRay-enabled cellphone tracking did not require warrants until late 2015. Over 75 federal agencies in over 27 states own StingRays, according to the American Civil Liberties Union, but this number is certainly an underestimate. Despite the fact that certain jurisdictions prohibit the use of eavesdropping technology unless it is used in criminal investigations, many agencies do not acquire warrants to utilize it.
While the common citizen isn’t a target of a StingRay operation, thanks to tight-lipped federal agencies, it’s hard to tell what happens to extraneous data collected from non-targets.
How to Safeguard Yourself
Use encrypted messaging and phone call apps, especially if you’re in a setting where the authorities would be interested, like a protest. Both Signal (free, iOS/Android) and Wickr Me (free, iOS/Android) encrypt messages and calls, making them impossible to intercept or interfere with. According to Wisniewski, most encryption in use today is unbreakable, and decrypting a single phone call would take 10-15 years.
“The difficult part is that what the police have legal authority to do, hackers can accomplish as well,” Wisniewski explains. “We are no longer dealing with technology that costs millions of dollars and is only available to the military. Individuals with the aim to disrupt communications are able to do so.”
Many people, from security experts to non-techies, are already shifting away from traditional, unencrypted communications – and it may be unimaginable in a few years that we ever let our private chats and information fly through the ether unguarded. Can phone camera be hacked without internet? Not anymore since you are now well informed.