The Aftermath of a Hacked Phone

We all know the struggle of phishing, scam emails or spam messages from a relative who hasn’t used their Facebook page in months. If you receive these kinds of phished messages, it can be annoying. If your friends tell you that they’ve received messages from you, it can be unnerving. Somehow, someone got your personal information, hacked your account, and began to harass all your contacts.

Your phone isn’t exempt from this kind of invasion. “Smishing” (or SMS phishing, from a hacked cell phone) is becoming more and more prevalent these days. What is it that these hackers are after and how successful are they? Here’s what studies show.

Types of Phone Hacking

Smishing is just one form of phone hacking, though a common one. Others might be more subtle, more insidious. Here are some forms of phone hacking that can occur:

Hacking Software

Some hackers use hacking software to hack phones. There are countless hacking software options that can be found online for free or downloaded on just about any device. Some hacking software has to be installed on the phone being hacked, but that doesn’t mean the hackers have to physically get their hands on the phone. In some cases, they might be able to install the software without ever touching the device.

Phishing/Smishing

It’s an email from a potential client or a text from a trusted friend, but something looks off. Maybe the punctuation is off, or the language doesn’t sound like the person you know. At the end of the message, there’s a link offering more information. However, as soon as you click that link, a virus is downloaded that allows your phone to be hacked. Soon, those phished messages could be coming from you.

SS7 Signaling

This is a more sophisticated form of hacking that involves hacking the SS7 signaling system used to allow cell phones to communicate with one another. If a hacker can access this system, they can gain access to the phone’s number, location, calls, and messages. However, this is a less common form of phone hacking as it cannot easily be done by just anyone.

SIM Card Hacking

On the other hand, SIM card hacking is relatively easy. To work, hackers simply need to call the phone provider, offer information that “proves” that they’re you and request a new SIM card. If you’ve received a message that your SIM card is invalid, it’s possible that someone has hacked your SIM card and can now take over the phone’s messages and calls.

Bluetooth Hacking

This is easy enough to explain. The hacker hacks the phone’s system by connecting to Bluetooth and downloading information from that connection. However, there is a major limitation, in that the phone needs to be within Bluetooth range. Bluetooth hackers act quickly to download personal information before the phone is out of range.

Smishing: A Brief Overview

According to Proofpoint, “Smishing is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.”

We’ve learned to recognize phishing when it comes in the form of emails, blog comments, instant messages, etc. But smishing is a fairly new form of phishing. For the most part, cell phone users are more likely to trust a link that comes over an SMS text than an email. That’s the danger of smishing.

One popular form of smishing is a text claiming that the IRS is filing a lawsuit against you or performing an audit. The text reads that you have to call a particular number or click on a link to address the issue. This is a scare tactic that can be very effective for many, but it’s also not how the IRS communicates. Other forms of smishing might come in the form of offering a massive loan or cash reward or offering sexual services. The effect is the same: once the link is clicked, the virus is in your phone and your information can be easily accessed.

Phone Hacking: A Brief Case Study

So what does phone hacking really look like? Last year, several Bank of Ireland customers were unfortunately able to experience this firsthand. In this smishing scam, customers were texted and told that their bank card had been “compromised by a skimming device” and thus the bank had deactivated it. The text seemed to come from the Bank of Ireland and asked customers to follow a link in order to apply for a new card.

This smishing scam was elaborate, taking customers to a fake Bank of Ireland website that instructed them to mail in their old cards. The website asked for their current card number, pin, and phone number. Once this information was given, of course, it was all too easy to hack their phone and their bank accounts. In reality, no bank or financial institution is likely to ask for your personal information over text. They also aren’t likely to ask for cards to be mailed in.

Interested in the motives of phone hackers or the business of phone security? If you’d like a career in cybersecurity or more protective coding, you can get started with coding bootcamps from The Software Guild.