The news is a flurry with reports of Jeff Bezos’ smartphone hacking. After all, if Bezos isn’t safe, who is, right? And in our contemporary world, having your smartphone hacked is a legitimate fear for many people. It’s a device tied to almost every facet of our selves.
When the iPhone was released back in 2007, nobody could have predicted how the device would kick off a revolution – one that transformed how we interact throughout our personal and professional lives.
Thirteen years later, most smartphone owners use their device’s “phone” function far less than other apps. According to numerous surveys, traditional phone conversation doesn’t even make the top ten. Texting, unsurprisingly, dominates. Email, the camera, banking apps, Cloud services (especially Microsoft’s OneDrive), Facebook, Google Maps, What’sApp, Weather and news apps, and, of course, watching videos on YouTube, all see far more usage than the app the device is named after.
The reason for this is simple. Our devices are a lot more “Smart” than they are “Phone.” We wanted, hoped, and dreamed, that smartphones would evolve into ridiculously powerful mini-computers that could handle tasks designed for desktops. Did anyone really think we’d have a functional version of Excel, one that has almost as many features as the desktop version? That we’d be able to interact with the software on such a tiny screen?
The problem with all this functionality is security. Not only do we keep sensitive information on our smartphones, they’re connected to a myriad of services that house our personal data and professional work lives. Should an unauthorized user gain access to someone’s network, their finances, social lives, and business data, are at risk. It’s a fear we have to live with.
But what’s a realistic fear and what isn’t? A lot of people couldn’t say. According to Statista, almost five billion people will own a mobile phone by the end of 2020, and over half are smartphones. That’s a lot of people who know how to use their device but have absolutely no idea how it works.
There’s a lot of ground to cover regarding the realities and myths of cellphone hacking, and this is the first in a series. Throughout the next two weeks, we’ll look at a few popular misconceptions, some disturbing truths, and a few ways to make your phone more secure.
We’ll start off with one of the more dangerous, and very real, threats.
The “SIM-Swap” Scam
There’s nothing new about the “SIM-Swap” scam, it’s been around for years. The difference now is the stakes. Hackers can reap richer rewards than ever before, and this type of scam, while still relatively rare, is on the rise.
The short description of SIM-Swapping is this: a hacker researches their specific target, gathering every scrap of information possible, either through purchasing the details illicitly or developing them through carefully created phishing emails, texts, etc., and then contacts the person’s mobile phone provider. The fraudster convinces the phone company to port the victim’s phone number to a new SIM. The moment that happens, the victim loses control of their phone number.
Since many services that use two-step verification through text messing, for actions such as login and password resets, guess who gets the verification code?
The Reality Checks
Yeah, this one’s rough, but there’s several reasons why it remains rare. First, it’s not easy. It takes a *lot* of time and investment to gather the necessary information one needs to convince a telecom company you are a phone numbers legitimate owner. This means the target needs to be worth the effort, and most people aren’t rich enough to qualify.
Second, a hacker can’t be sure it’ll work even if they get your phone number. If you use authentication apps rather text notifications, a fraudster spent an awful lot of time, and probably money, for nothing.
The Solution
Stick to authenticator apps and hardware keys. They’re more secure because they don’t depend on a phone number. Companies often use the text-message version because it’s easy. Opt out. Use something else. When companies force using text-message codes, and if their service is that important to you, get a second phone number – one you take care not to share anywhere a fraudster might find it.
As scams go, SIM-swapping is labor-intensive and relatively limited to the wealthy. As techniques improve, however, SIM-swappers are broadening their aim. They’re dipping down to the upper-levels of the middle class. That doesn’t change the way you protect yourself.