Does Your Mobile Have Spyware on It?

You have a mobile phone, you might think it’s pretty safe, but what you might not realize is that these devices can have spyware on them. Keep in mind, many of the “signs” listed below are everyday normal phone behaviors. But combined, might mean spyware. Here are some of the signs:

Unusual Background Noise

While common, humming, static, or other weird noises could be a sign that someone is tapping your line. Though all phones might have strange noises from time to time, you should check if there are other signs if you notice them. This is especially the case if you hear them when your phone is not in use.

Short Battery Life

Also common, another sign of a hacked phone is a short battery life. If you notice that your battery is suddenly losing power, it’s possible that there is malicious software running in the background. But don’t panic….yet.

Try Shutting it Down

If something seems weird with your mobile phone, try shutting it down. Watch how it reacts when you shut it down. Phones that have been hacked often won’t shut down correctly or never shut down, even though you tell it to. Still, a common issues with mobiles.

Look for Suspicious Activity

If you notice something suspicious, like your phone turning on or off by itself or apps getting installed or deleted, someone might have hacked it. Other suspicious signs that someone has hacked your phone include strange text messages that contain random letters or numbers. You might see pop-up ads or other issues, too.

Check for any Electronic Interferences

Though it might not be uncommon to get interference from other electronics, such as a computer, another phone, or even a television, it shouldn’t happen if you are not on a call. If it does, it could be a sign of something malicious, for instance, someone listening in on your phone calls.

Look at Your Phone Bill

If your phone bill shows more text or data usage than you typically use, it might be a sign that your mobile phone is hacked. Things like spyware can cause your data to rise, and this could definitely cause your bill to rise. However, keep in mind, if you just downloaded a new app, this could be the cause of your data usage. Also, make sure that no one in your home is using the data, such as your kids, who are notorious for this.

Use Caution when Downloading New Apps

Finally, when you download a new app, make sure they are safe. Most apps from the App Store or Google Play are safe, but occasionally, a malicious app will sneak in. If an app asks for access to your contact list, call history, or address book, use caution.

If you ever suspect spyware, back up your apps and reset the device back to factory then reinstall everything. Keep in mind, unless an iPhone is “jailbroken” spyware is unlikely. But with Androids, spyware is serious. Install antivirus on Androids.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Oh No, iOS Hacked by NSO

Recently, says a report at wired.com, it’s been unveiled that the obscure Israel-based NSO Group has been selling spyware delivered to smartphones through vulnerabilities in Apple’s iOS operating system.

“Pegasus” spyware can put a surveillance out on nearly everything including keystrokes, e-mails, video feeds and phone calls. Apple says that the three vulnerabilities with this spyware (“Trident”) have been patched.

In short, NSO Group’s spyware has been reverse engineered for the first time—achieved by the security research firm Lookout, which discovered Pegasus. Also getting credit for the discovery is Citizen Lab.

  • Ahmed Mansoor, a well-known human rights activist with a history of being targeted by surveillance spyware, sent the security firms the suspicious SMS text messages he had received.
  • Mansoor’s mobile device was running iOS’s latest version when two phishing texts came in with links. He had refused to click them.
  • Instead he sent screenshots to Citizen Lab. The links led to a blank Safari browser page. The analysis then began.
  • The spyware was intended to jailbreak the phone.

Jailbreaking an iPhone means the user can bypass Apple’s plan and customize the experience. However, in the Pegasus case, remote hackers wanted this control.

Citizen Lab and Lookout took their analysis to Apple, who made the patches within 10 days. The recommendation is to regularly download the latest iOS versions to help protect the device from attacks. The latest iOS version will stop Pegasus. However, it’s possible for NSO to infiltrate other phone operating systems like Android with the spyware, says Citizen Lab and Lookout.

NSO Group has no website, and supposedly, earns $75 million a year, with governments as the typical clients, and may have up to 500 employees. It won’t be any surprise if a new and similar threat follows soon, as the NSO Group is quite advanced, with a solid software development organization.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Should Stalking or Spying Apps be banned?

The words “spying” and “stalking” have negative connotations, but there’s a flipside to the coin: parents monitoring their kids’ online activities and physical locations. And how about middle-aged adults keeping track of the whereabouts of their aged parents with dementia?

7WIf you fear that apps for “spying” might get banned, here’s bad news: U.S. Senator Al Franken is pushing for this.

However, Franken’s proposed law will actually permit these constructive uses. His plan is to require companies to give permission to users before collecting location data or conducting any sharing of it. But suppose a real stalker poses as a concerned parent, how would the company know?

And when spying and stalking apps are used malevolently, should their makers bear responsibility? Is this like saying that the company that makes steak knives is responsible for the man who used one to stab his ex-friend?

However, maybe that all depends on whom the stalking and spying app company targets for customers. A now defunct maker of stalking apps targeted people who wanted to stalk their spouses, and its CEO was indicted last year and fined half a mil.

Another such maker, markets their product for good uses like keeping tabs on kids: a smarter move. Their site even calls their software “monitoring” rather than “stalking” or “spying.”

With that all said, it’s illegal to spy on someone with these apps without their permission. The line is very blurry, because it’s not illegal for a manager at the workplace to follow a subordinate and watch his every move, including what he’s doing on his computer during work hours.

Banning these kinds of apps will not go over well with the many parents who see them as a godsend for keeping a watchful eye on their kids, not to mention the many middle-agers who, without these apps, would fear that their elderly parents with dementia might wander off and get lost or in harm’s way.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is a Potentially Unwanted Program (PUP)?

Whether you’re an animal person or not, you have to admit that puppies are pretty darn cute. So cute that there are YouTube Channels, Facebook accounts, and Buzzfeed newsletters devoted to the subject. Unfortunately, there’s a not so cute PUP out in the world, and it wants access to your device. What I’m talking about is a potentially unwanted program (PUP). What is an unwanted program? It’s software or an app that you don’t explicitly want on your device. PUPs usually are bundled with freeware and often installs without your permission.

1SNote: PUPs are not malware. The main difference is that you give consent to download the PUP, even though you might not know about it if you don’t read the agreements or installation process thoroughly.

So if PUPs aren’t malware, why are they bad? Some PUPs contain spyware including keyloggers, dialers, and other software to gather your information which could lead to identity theft. Others may display annoying advertisements on your device. Even if the PUP doesn’t have any malicious content, too many PUPs can slow down your device by taking up space on your device and it can weaker your device’s security, making you vulnerable to malware.

Companies or hackers use several techniques to get you to download PUPs. One technique is offering multiple installation options. Although the standard or default options may be highly recommended by the company or hacker, it is usually the custom or advanced option that is PUP-free. Another trick is automatically including PUPs in the installation. You have to uncheck the boxes to opt-out of the PUP. Sometimes they will gray the opt-out option so it looks like you can’t get out of downloading a PUP. Other companies will sneak clauses about PUPs into the end user license agreement. This means when you click to agree with their user terms, you also agree to download PUPs.

Here’s some tips on how to make sure you don’t get a PUP.

  • Be picky. Hesitate before downloading any freeware. Do you really need that Guardian of the Galaxy wallpaper for your laptop? Be vigilant and only download from trusted sites.
  • Customize. When downloading a program, it may be tempting to use the standard or default installation, but this version usually includes downloading programs you don’t need. Choose the custom installation.
  • Opt out. Instead of asking you to opt in to PUPs, companies will automatically include the PUPs in the installation; it’s up to you to say no. For example, a freeware program might recommend that you install a free browser add-on andbelow this statement will be a box that is checked that indicates you want to install the add-on. If you don’t uncheck the box, you can potentially download a PUP you may know very little about.
  • Read the fine print. Read the End User License Agreement before you accept it. There may be a clause about PUPs.
  • Have comprehensive security software. Install security software that works for all of your devices, like McAfee LiveSafe™ service. McAfee LiveSafe can detect PUPs and remove them from your device.

Remember it’s much more fun to snuggle with furry pups rather than the computer code kind.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

This is what Spy Software looks like

If you’ve ever watched virtually any spy flick or James Bond movie you’re familiar with “bugs” – those little dime-sized metallic things that the bad guys would secretly stick under someone’s desk to record any conversation in the room—picked up by a receiver in their car. Or, the phone was “tapped” – the device was inside the receiver.

2WHow primitive! Because these days, all of your computer, mobile, tablet and online activities can be “bugged” – without someone ever coming into your home or office—remote spying—done with spyware. They know what you’re posting to Facebook, what videos you’re watching, what secrets you’re telling or hiding—anything and everything. They may even be watching YOU as you type or recording your keystrokes.

Spyware companies sell the technology and it’s legal to purchase. Spyware ranges from $40 to $200 a month. Based on their sales, it’s feasible that millions of Internet users are being spied on.

Selling spyware is perfectly legal, as mentioned, even though this can get into the wrong hands. But it’s akin to the legal sales and use of knives. In the wrong hands, even a butter knife could be a dangerous weapon.

Though some spyware devices must be installed physically on the target’s device (e.g., wife installing on her husband’s device, employer installing on employee device, parent on child’s device), some devices can be installed remotely.

This isn’t as techy as you think. The spyware companies want to make money, so they’ve made it easy to install and use their products. Parents wanting to know what’s going on with their teenagers are drawn to this technology. So are psycho-stalkers.

Spyware is a big hit with people wanting to find out if their spouse or significant other is cheating on them, and many even focus on this in their ads. Another demographic that’s drawn to spyware are employers who want to see what their employees are up to.

But let’s not forget that a thief could spy on someone to get their credit card number, passwords and other crucial information and then use it to drain their bank accounts, max out their credit card or open a new credit card under their name and go wild with it.

Spyware can also be used to eavesdrop on phone calls after the snooper (or stalker) puts the app in the phone. There are cases in which abusive men did just this to their partner’s phone after the partner fled from them, then tracked them down and committed violence against them. So should spyware be banned? Well, it goes back to the butter knife analogy.

Spyware gets away with legality because of its strong legitimacy in terms of parents keeping an eye on their kids, and employers monitoring employees whom they think are goofing off on the job. However, an employer can take it further and “follow” where the employee goes on lunch break or to see if they went to that big basketball game when they called in sick.

That’s pushing it, but it can go even further: The spyware customer could intercept phone calls, text messages and anything else the unsuspecting target does on their smartphone. However, even though spyware came out in the mid ‘90s, there have been only three prosecutions. If it’s ever outlawed, parents will go berserk.

How many times have you read about something horrible that a teenager did, that was somehow connected to their online activities, and you thought, “Where were the parents when all this was going on? Weren’t they monitoring their kid’s online activities? Didn’t the parents care what their child was doing online?” Etc., etc.?

If these parents had had one of these spyware programs, maybe they would have nipped their kids’ problems in the bud and prevented tragedy. But don’t let these cases fool you: Parents make up a large percentage of spyware customers.

Critics of spyware won’t back down, including legislators, and maybe that’s why some companies are requiring customers to identify themselves as parents or employers in order to use their applications. This sounds more like defensive TOS, since anyone can claim they’re a parent or workplace supervisor without having to prove it. What’s a company really going to do…send out a private investigator to see if the new user really DOES have a teenager?

Now that you know more about spyware, how can you prevent someone from bugging your phone or computer? Keep your devices locked. Never leave your phone where someone can get to it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Protect your Data during Holiday Travel

You’re dreaming of a white Christmas, and hackers are dreaming of a green Christmas: your cash in their pockets. And hackers are everywhere, and are a particular threat to travelers.
http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813

  • Prior to leaving for your holiday vacation, have an IT specialist install a disk encryption on your laptop if you plan on bringing it along; the hard drive will have encryption software to scramble your data if the device it lost or stolen.
  • Try to make arrangements to prevent having to use your laptop to handle sensitive data. If you must, then at least store all the data in an encrypted memory stick or disk encryption as stated above. Leave as much personal data behind when you travel.
  • Before embarking on your vacation, make sure that your devices are equipped with comprehensive security software such as antivirus, antispyware, antiphishing and a firewall so that you can have safe online connections.
  • If your device has a virtual private network (VPN), this will encrypt all of your transmissions when you use public Wi-Fi. Hackers will see gibberish and thus won’t have any interest in you. Don’t ever connect to an unprotected Wi-Fi network!
  • Always have your laptop and other devices with you, even if it’s to momentarily leave the hotel’s lobby (where you’re using your device) to get some water. When staying at friends or family, don’t leave your devices where even other guests in the house you’re staying at can get to them, even if they’re kids. Just sayin’.
  • Add another layer of protection from “visual hackers,” too. Visual hackers peer over the user’s shoulder to see what’s on their screen. If they do this enough to enough people, sooner or later they’ll catch someone with their data up on the screen.
  • Visual hackers can also use cameras and binoculars to capture what’s on your screen. All these thieves need to do is just hang nearby nonchalantly with your computer screen in full view, and wait till you enter your data. They can then snap a picture of the view.
  • This can be deterred with 3M’s ePrivacy Filter, when combined with their 3M Privacy Filter. When a visual hacker tries to see what’s on your screen it provides up to 180 degree comprehensive privacy protection. Filters provide protection by blackening the screen when viewed from the side. Furthermore, you’ll get an alert that someone is creeping up too close to you. The one place where a visual hacker can really get an “in” on your online activities is on an airplane. Do you realize how easy it would be for someone sitting behind you (especially if you both have aisle seats) to see what you’re doing?

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Spyware sold on the Open Market

You’ve heard of spyware, right? Spyware comes in the form of a virus and as a commercially available and legal software. It’s illegal for a stranger (or even someone you know, unless they own the device, and you just use it) to install spyware on your computer or smartphone and spy on you.

2WHowever, many parents—perhaps you yourself—use this very same technology to keep tabs on their kids’ computer and smartphone activities. And it’s perfectly legal to do so. It’s referred to as domestic surveillance. And frankly, if you have a 12 year old daughter with a mobile phone, it’s not a bad idea to know what she’s up to and who she’s chatting with. If you have a 14 year old boy you definitely want to know what he’s up to because I was 14 once and dang, I was up to no good!

There are many clever apps that can monitor your kids’ online activities. Depending on their features these apps can do anything you order them to upon installation, including track where your children are in physical space, monitor their text messages, videos and photos sent and received, calls made and received and sometimes even the websites they visit. For parents, this may provide a significant degree of insight and peace of mind.

There are two versions: One lets the user know it’s running by showing an icon, and one that, while running, does not let the user know it (the second version is great for parents—but also precisely what a criminal wants).

Outside of parental monitoring, this kind of technology is considered “spyware,” though the vendors who promote these applications market them as smart ways of remotely watching over your kids.

You can clearly see how this kind of app can be abused: installed on, for instance, an ex-lover’s device. You can see those worms slithering out of that opened can. However, parameters regarding what’s legit and what’s illegal with these kinds of apps have not been universally spelled out—they are somewhat blurred.

But case-by-case incidents are making marks, such as the former U.S. sheriff who was given a probationary sentence because he installed one of these apps on his wife’s work computer to spy on her.

Protection from Spyware

Apps such as described above can be installed remotely, not just directly. You can protect your device as follows:

  • Androids have many more options for spyware whereas iPhones, unless jailbroken do not.
  • It’s crucial for your device to have some kind of spyware protection. Most antivirus programs will recognize spyware.
  • Never click on a link in an e-mail or text, as it can direct you to a malicious download.
  • Never separate from your device when you’re in public; never let anyone use it. If they claim they need to make a call due to an emergency, you can make the call.
  • Your mobile should require a password for access. A password-protected phone makes spyware installation difficult.
  • If your phone has seemingly developed a mind of its own, or it’s “behaving” oddly lately, this probably means it’s been possessed by spyware. If you believe your phone’s been bugged with spyware, then reinstall its operating system. Simply confer with the device’s user manual. Or, call the carrier’s customer service for instructions.
  • If you are considering installing spyware on someone’s device, consider the legality of your actions first, determine if the installation is one that involves an open and honest conversation or will be done covertly and then consider this: just because you can, doesn’t mean you should. Think about what you are doing and the repercussions it may have.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Strong Passwords Aren’t Enough

I’ve said it before, use upper and lower case, use number and letter combinations and when possible, if the website allows it, use special characters. It has been documented that “Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.”

It is great advice to strengthen your passwords. It is just as important is to make sure your PC is free of malicious programs such as spyware and key-loggers.  Beware of RATS a.k.a “Remote Access Trojans.” RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. But what’s most damaging is RATs gaining full access to your files and if you use a password manager they have access to that as well.

RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”.

Installing RAT’s can be done by full onsite access to the machine or remotely when the user opens an infected attachment, clicking links in a popup, installing a permissioned toolbar or any other software you think is clean. More ways include picking up a thumb-drive you find on the street or in a parking lot then plugging it in, and even buying off the shelf peripherals like a digital picture frame or extra hard drive that’s infected from the factory. The bad guys can also trick a person when playing a game as seen here in this YouTube video.

An unprotected PC is the path of least resistance.  Use anti-virus and anti-spyware. Run it automatically and often.

A PC not fully controlled by you is vulnerable. Use administrative access to lock down a PC preventing installation of anything.

Many people leave their PC on all day long. Consider shutting it down when not in use.

Robert Siciliano personal security expert to Home Security Source discussing Digital picture frames with built in viruses on Fox News. Disclosures.

Mobile Phone Spyware Resellers Arrested

Spyware is sold legally in the United States. This software records chats, emails, websites visited, usernames and passwords, and basically everything a person does on that PC. Some spyware programs can record everything in a video file that can then be accessed remotely.

This is all perfectly legal as long as the PC’s owner is the one to install the software. Installing spyware on a computer that is not your own is illegal. Spyware can be great if, for example, you have a twelve-year-old daughter who obsessively chats online, and you want to know with whom she’s chatting or if you have employees whose productivity is less than satisfactory, you may want to check if they’re watching YouTube all day.

Spyware also comes in the form of a virus, which essentially does the same thing. When you click a malicious link or install a program that is infected with malicious software, numerous types of spyware can be installed as well.

Mobile phone spyware is relatively new and is quickly grabbing headlines. As PCs shrink to the size of a smartphone, spyware continues to evolve with this trend.

Apparently, cell phone spyware is illegal in Romania, since the Romanian Directorate for Investigating Organized Crime and Terrorism recently arrested fifty individuals, including “businessmen, doctors, and engineers, in addition to a judge, government official, police officer, and former member of Parliament,” who have been accused of monitoring cell phone communications of their spouses and competitors, among others, using off-the-shelf software.

Spyware can be installed on your cell phone remotely or directly. To protect your phone, never click on links in texts or emails that could actually point toward malicious downloads. Always have your phone with you and never let it out of your sight or let anyone else use it. Make sure your phone requires a password to have access. If your phone is password-protected, it will be difficult to install spyware.

If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the phone’s operating system. Consult your user manual or call your carrier’s customer service for step-by-step help with this process.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. Disclosures

Spying is Alive and Well…and Leads to Identity Theft

Robert Siciliano Identity Theft Expert

Most people assume that corporate espionage is just James Bond stuff. However, according to USA Today, even small and medium businesses are at risk. Spying has been going on since the beginning of time, and it’s alive and well today. In most cases, spying starts because a person or entity needs or wants information that is otherwise kept confidential or private from prying eyes.

Most people have probably spied at some point in their lives. Maybe as children, rifling through siblings’ or parents’ closets and drawers. Or as teenagers, spying on a boyfriend or girlfriend in an attempt to determine why a first relationship wasn’t working out. Or as parents, hoping to protect children from themselves. Hopefully this type of behavior subsides as we grow older and learn to trust others. But some people find serious reasons to spy as adults. This behavior can eventually culminate in stalking, which is, of course, illegal and can end in tragedy.

There are plenty of tools to facilitate spying. There are more ways of gathering intelligence than ever before. An online search for “spy shop” or “spy store” turns up a vast collection of small wireless cameras, listening devices, software, and hardware that can help the customer collect enough data on their target to do some damage, or uncover sensitive information.

Spyware is commercially available software that can track keystrokes, emails, and instant messages. In the wrong hands, it can be quite damaging. Keycatchers are hardware devices that can be installed in the back of a PC in order to record raw data.

It is necessary to monitor childrens’ Internet use, but an open dialogue is equally important. If a person has suspicions about his or her spouse, that’s an entirely different scenario, requiring a different set of rules. Be aware that if you spy or cheat on a loved one, you ought to be prepared for the consequences.

Protecting yourself and your business from this type of spying is difficult, but possible. Always keep in mind that those on the “inside,” such as friends, family members, employees, or people who have special access and could potentially be paid off, like a cleaning person or a security guard, can access sensitive data.

  1. Make sure that there are no mysterious hardware devices attached to your computer.
  2. Sweep your home for audio recording devices. You can either hire someone to do this, or do an online search for a tool that will help you.
  3. Password protect the administrator account on your computer, to prevent unauthorized software installation.
  4. Run a spyware removal program.
  5. Never leave file cabinets unlocked, or paper work lying around.
  6. Shed any document that may contain sensitive data before throwing it out.
  7. Lock down your wireless connections, since they are often the path of least resistance.
  8. Don’t disclose too much personal information on social networks, since that makes it easy for people to spy on you.
  9. Know that identity thieves have access to all these tools as well, so protect yourself. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  10. And invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses mobile phone stalking and spying on The Tyra Banks Show