We hear this when we discuss the breaches to smartphones with people who are often not government intelligence or security professionals – users who are all too aware of these mobile security concerns. Breaches that are executed by competitors, governments and malicious actors of all types like those mobile surveillance attempts on a human rights activist being or a Mexican journalist. When we elaborate on how everyday apps over-reach their intended purpose to pry into the personal lives of users with mobile tracking to listen in on conversations or to track user location data; people say they have nothing to hide. To help shed some light on smartphone vulnerabilities, your smartphone privacy and what’s really at risk when your phone has been compromised, we set out to hack a smartphone and reveal the information that may be accessed through its sensors.
To demonstrate this important point we needed to take control of the smartphone’s cameras, microphones, and RF radios (cellular, WiFi, Bluetooth, NFC). Our iOS developer took less than 2 days to discover a hack similar to those available on the dark web and install it on our employee volunteer’s iPhone. The program ran in the background without a trace of the phone being hacked by either the user or readily available malware detection software.[1] We then recorded our volunteer’s day capturing the sights, sounds and settings of his life. The revelations included personal banking credentials, health information, business matters, and a not-so public personal matter or two.
Over the course of our project we captured video of our team in action that was edited around the recordings of our volunteer’s day to document our experience in this enlightening 2:00 video:
As we challenge the people we meet to put themselves at the mercy of a smartphone hack, we ask them to think about the things they say, the things they do, and the places they go with their smartphone, which might be acting as an electronic listening device or a "fly on the wall".
Smartphones can be listening, watching or reporting your whereabouts and you would never know. How could this be used against you? How could it be misunderstood or misconstrued?
You may feel similar to those who believe they have nothing to hide. After watching this video, you likely also conclude that what happens in your life isn’t anyone’s business, much less an overreaching app, a government or malicious actor taking your phone for a “joy ride” and especially a competitor or adversary.
At Privoro, our mission is to provide security, privacy and control in an ultra-connected, sensor-driven world. To learn more about smartphone vulnerabilities view our video series or to learn more about what’s really at risk when your phone has been compromised download our The Hijacking of Smartphone Cameras and Microphones whitepaper.
[1] While we had physical access to our volunteer’s device, there are well documented hacks, which are capable of overtaking the phone’s microphones, cameras and GPS signals, that do not require physical access to the target device. One such remote hack is similar to an email phishing scheme and occurs when a user receives an SMS message from one of their contacts who has been spoofed. The message includes a believable link that opon being clicked deploys malware on the phone.