Our world is filled with news and conversations about hacking. From well-publicized public hacks like Target, OPM and Equifax down to the private internal discussions of how to keep information safe, hacking is all around us.
This is due, in part, to the fact that information is being created at staggering rates – remember Moore’s law? It’s shared with tons of different companies and stored in countless locations. And it has value – big value.
To get just a piece of that value into their own hands, hackers have countless attack surfaces to choose from – laptops, servers, databases and of course, smartphones. In fact, smartphones are quickly becoming the attack surface of choice for hackers. Why? They are riddled with vulnerabilities (from the chips to firmware to OS to apps) that can be exploited in any number of ways.
Show me the money
Let’s not kid ourselves, hacking is a highly profitable business. Doesn’t matter if it’s a black-hat, white-hat or gray-hat hacker, there is money to be made. Yes, we’re all aware of the typical hacking crimes where someone tries to steal money from a corporation or re-route funds out of someone’s account or illegally mine cryptocurrency, but it’s bigger than that. Hacking has gone to Wall Street.
In 2018, the infamous Israeli hacking firm NSO Group, which has created numerous iPhone attacks, was the subject of acquisition. The interested parties? First, Verint, a publicly traded billion-dollar security firm. Second, Blackstone, the largest private equity firm in the world with over $400 billion in assets. The asking price for NSO? It was never officially disclosed, but several reports placed the value at over a billion.
That might not raise any eyebrows on the surface, but these facts will:
- Francisco Partners, another private equity firm, purchased the majority stake in NSO around 2016/2017 for $120 million. Pretty nice ROI for such a short-term investment.
- NSO’s revenue was estimated at around $75 million in 2017. That’s somewhere in the neighborhood of a 13x multiple. Multiples like that are typically tagged to unicorn companies like Uber and Airbnb.
- NSO Group is one of around 40 identified private companies that develop and sell mobile malware. It’s probably safe to say that the sale of malware on the open market is now worth north of $1 billion annually.
Point being, there is a lot of money being made on hacking into electronic devices, most specifically smartphones.
Information is power
Smartphones are the primary source of digital minutes with more than three hours a day being spent on them. We spend the most time on smartphones since they host the majority of the information we need to access on a regular basis – apps, emails, text messages, camera, etc. They’re also easy to travel with and they have loads of communication capabilities, like cellular, WiFi, Bluetooth, NFC, etc. All of these features and benefits mean they’ll likely continue to be the center of our digital universe.
Smartphones offer much greater rewards than simply siphoning off information, they are being turned into digital spies. Because of the microphones, cameras and RF signals, hackers can now listen to what a user says, see what a user sees, and track where a user goes.
Turning smartphones into spying tools can give your competition/adversary the leg up on anything you want to know as you’re almost never without your phone. Think about all the information users discuss around a smartphone: financial conversations, legal discussions, trade secrets, financial earnings, government meetings (war, politics, taxes, other countries, etc.), personal conversations (health, family, spouse, etc.) and more.
“But my smartphone has never been hacked”
I hear that all the time. But it’s nearly impossible to determine if your smartphone has been hacked. Most of the smartphone hacks are in circulation for three-plus years before they’re discovered. Plus, with Apple (mostly closed system) and Android (uncontrolled fragmentation), we have few defenses to truly stop or identify an attack. When you have billons of dollars being dedicated to breaking into electronic devices, it’s naive to think you’re safe. Note: recent Corus research shows that 25% of respondents don’t know if their phone has been hacked, up from 12% in 2017.
Just remember, with all the benefits a smartphone brings to your life, it can easily be turned against you to gather sensitive information you thought was safe.