When buying a smartphone one of the first things we do is choosing an unlock pattern, trusting that by doing this our WhatsApp conversations will be protected from our nosy surroundings. If you are one of those who think that just one finger is able of drawing a complicated route on the screen, you are mistaken! Hacking an Android’s phone lock is easier than what you thought!
Digital thieves can reach even more. Not only can they get physically inside your phone, but they can also do it virtually or, using the phone’s microphone. Now they can even spy on you when the phone is turning off.
Those who trust that clicking on their smartphones “off” switch is enough to stop their contact with the outside world are in trouble. Virtual spies are able to remotely pull the strings, even so when the owner and his phone were sleeping. Security researchers have demonstrated how a Trojan for Android phones can make the users believe that they have turned it off as they usually do.
PowerOffHijack, the new malware, succeeds a very particular task: Hijacks the users’ shutdown process. When pressing the on/off button a fake dialog box appears making the users believe that their phone is turning off. Meanwhile, the malware is manipulating the operating system “system server” file.
The owner rests peacefully, even though the device is not at ease: the Trojan can make outgoing calls (even to foreigner numbers), make pictures and many other things without notifying the user. In China there have been more than 10.000 devices infected by this malware; it seems it expands via some apps.
In order to avoid this mocking Trojan we recommend you to pull out your battery so it doesn’t raise your phone bill to unsuspected limits. As much as the spies try, they are still not capable of controlling the phones without lithium. Another tip is to uninstall the apps that may have caused these silent thieves entry.
Although taking the battery off and putting it back on can resolve the Power Off Hijack issue, some hackers are using the battery’s internal information to spy mobile phones. Researchers of Stanford University together with a group of Israelis experts have developed Power Spy, a new technology that gathers the Android phone’s geolocation, even when the GPS is turned off. How? Tracking the phone’s power consumption over time.
WiFi and GPS connections need the user’s permission in order to work, but the battery consumption data doesn’t. So the cyber criminals can track your phone with 90% accuracy, later using this location information as they please, being able to locating you at all times.
The researchers have proven Power Spy’s capacities in two Nexus phones. This program enabled them to locate the phone even if its owner wasn’t using it at the moment. Power Spy would access your phone without you knowing it. The issue is that you might be downloading it together with any app without noticing it.
“We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement”, says Yan Michalevsky, one of the researchers.
Fortunately this technology has its limitations: in order to work it needs predefined routes and to have already traveled along the route before. “If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile,” says Michalevsky. In addition the tracking accuracy increases if the phone has just a few apps rather than in the ones with more, where power is used unpredictably.
Anyone can start spying on your phone in ways you would have never suspected. Security is not only needed in your desktop computer, it is essential in the tiniest corners of your phone.
Do you want to try our free antivirus for Android?
The post New threats for Android phones, how do they work? Beware of your battery! appeared first on MediaCenter Panda Security.