How To: It's Not Just Your Camera & Mic Here's All the Crazy Ways Your Phone Could Be Used to Spy on You
As you're surely aware, your phone can be used against you. Thanks to our cameras and microphones, a clever hacker can obtain access to your device and invade your privacy. But spying isn't limited to just these two sensors — gyroscopes, proximity sensors, QR codes, and even ads can be used to paint a very clear picture about who you are and what you're currently doing.The examples below are theoretical. No known real-world threat exists that utilizes these tactics. However, as any good cybersecurity expert would inform you, you must think about how hackers will infiltrate in order to properly protect your system. We hope with this information, you will care a little bit more about your phone's security and protecting your privacy.
Keylogging Using the GyroscopeAll modern smartphones are equipped with a gyroscope. This sensor is used to detect the precise direction your phone tilts, which can be used for things like steering a car in your favorite racing game.Thanks to the growth of smartphones, various sensors (including gyroscopes) have dramatically improved their ability to measure specific movements. Because of this accuracy, it possible to use the gyroscope maliciously. One potential cyber attack was demonstrated at Northeastern University, where a group was able to use both the gyroscope and the microphone to perform keylogging.Keylogging is the capturing of text you input into a device — this is particularly dangerous when it comes to passwords. While there are other ways to accomplish this, the College of Computer and Information Science at Northeastern University demonstrated how it could be easily be performed with the two sensors. The gyroscope used in racing games can also be used to determine to conduct keylogging. As you type, your phone tilts slightly in reaction to each touch. By capturing this tilt, letters can be determined. As you tap the screen to type, a sound is produced, which is also captured by the microphone. Its position can be determined by measuring the distance of the sound using each of the phone's microphones. Using the combination of these two sensors and a set of algorithms, researchers were able to log the exact keys pressed with 90–94% accuracy on the first try.
Determining Your Location Without Using GPSOne type of sensitive data that our phone has access to is our location. Even with the GPS off, as we connect to cellular towers and Wi-Fi points with geolocation information attached to them, our phone has a rough idea of our location. However, even without access to these tools, a hacker could still determine your location using other sensors we don't normally think about.The same group at Northeastern University attempted to demonstrate this by using sensors that don't require users to grant permission explicitly before apps can access them. The result was an app that used the gyroscope, accelerometer, and magnetometer.With a map of the area the person was in, the app was able to track the user as they drove around. The accelerometer was used to determine movement and stoppage. The magnetometer (the compass) provided direction of their travel. The gyroscope measured the turning angles, allowing for accurate tracking as the person made turns.Using an algorithm to match the observed movements against a map of the rough area, they were able to determine where the person traveled and visited. Similar to Google's Location History, by observing the location and the time spent at locations (both time of day and duration), the app could effectively determine the user's home and workplace addresses, along with their favorite places to visit. Using your location history (with your permission) and a similar algorithm, Google Maps can automatically determine your home and work addresses.
Tracking Location Using AdsBesides the previous method, there is another way to track someone's location without direct access to their GPS data. According to Wired, all it takes is $1,000 and a few mobile ads.A University of Washington research team demonstrated this by creating a mobile banner ad and a website linked to the ad. They paid the minimum $1,000 deposit for ad space on major mobile platforms such as Google AdWords and Facebook. With their deposit, they were able to specify where their ads appeared, in which app, and for which unique phone identifiers. They also used geofencing to create a 3-mile square section that would place on their ads in a specific app when users traveled within the geofence.Each time the target phone used the app, researchers were charged 2 cents, and information about the phone was sent to them, such as approximately where they were, what time they were there, and what phone they were using. With this info, the research group was able to track the user's location to within 25 feet )as long as the app remained open for four minutes in one location or was opened twice in the same location). While this method does require the opening of a specific app, this obstacle could be overcome by targeting commonly used apps. Ads, such as this, can be used to track your location. The researchers needed to know the device's specific advertising ID beforehand in order to target a specific person, but this still has potential privacy implications even when a user isn't specified. For example, the researchers were able to see the number of people using the Grindr app in an area, or those of a specific religious denomination (they used Quran Reciter to determine the number of Muslims in the area), which could be used to conduct targeted surveillance of a populace.
Seeing What Links You've Visited Using the Light SensorThe ambient light sensor measures the light in your environment and adjusts the brightness of your phone's display for optimal viewing. This sensor, which is normally not considered a potential threat, can be used for hacking purposes.Lukasz Olejnik illustrated the ambient light sensor's malicious potential by creating an app that uses its data to determine the links visited by a user. In short, the light emitted by your screen can be read quite precisely by your phone's ambient light sensor. This could let an attacker see the exact color of a webpage you're viewing.Websites can display different colors for links you've previously visited and those you haven't, but for security reasons, they not allowed to "know" which color you see (this is determined by your browser, not the site). In other words, a link might be light blue if you haven't visited it before, then it may turn purple after you click on it — but the website itself doesn't know this; it only knows what color it told your browser to show for visited and unvisited links.If websites get access to your ambient light sensor's data, they can read the light emanating from your screen to determine whether or not you've previously clicked a link on the page.For instance, if a website had a black background with dark grey text and even darker gray unvisited links, it would know that the ambient light sensor should be reading fairly low levels of light from the screen. It could then request that your browser shows visited links as white, and when you scrolled to that portion of the page, the ambient light sensor would see the extra light from the white link and the website would know you visited that link. After analysis, the site could create a list of all sites you've visited.
Stealing QR Codes & Other Cross-Origin ResourcesLukasz Olejnik also demonstrated how the ambient light sensor could create complete copies of the cross-origin elements on a site, such as QR codes.Normally, resources from different origins aren't able to access each other's data — for instance, an embedded QR code from an ad can't see what's on a website, and the website it's displayed on can't see where the QR code links to. This is known as the same-origin policy, and it protects users against hackers.Let's say a site uses a QR code for account recovery purposes. The intention is that you'll scan the code with your phone and it will verify you as a user, then allow you to log back in after you've forgotten your password.Using data from the ambient light sensor, Olejnik was able to create a pixel-perfect representation of QR codes and other elements displayed on a site — elements that are normally protected by the same-origin policy. The sensor is precise enough to map out the subtle differences between black and white pixels emitting light on your screen, so the same principles could be used to recreate avatars or security codes displayed on websites.
Identify Users and Nearby ObjectsThe vast majority of smartphones have a proximity sensor. This is used to turn off the touch screen when you're in a call — otherwise, your face would accidentally touch buttons on the dialer or even hang up the call.The proximity sensor not only detects when objects are close to the screen, but it can also accurately measure distance. According to Lukasz Olejnik, one possible measurement is how close we hold the phone to our face.While this may not seem obvious at first, each one of us holds our phones at a different distance based on height, arm length, the strength of our vision, and other factors. With this information, an app could differentiate users and use this information to discriminate against them. While the accuracy of this method may not be high, when combined with other identifiable factors (such as the advertising ID), advertisers could differentiate users pretty easily.Additionally, Lukasz Olejnik identified another possible security risk with the proximity sensor: Identifying nearby objects. By measuring the distance between the phone and the objects around it, an app could feed a third party (whether advertisers or hackers) your location in relation to the objects, even while your GPS sensor is turned off.Each one of these potential threats is theoretical, and as far as the public knows, there has been no widespread attack utilizing one of these methods. However, the risk is there, so we wanted you to know about it. What do you think of these potential attacks? Were you aware of these possibilities? Let us know in the comment section below.Don't Miss: iPhone Security 101 & Android Security 101Follow Gadget Hacks on Facebook, Twitter, YouTube, and Flipboard Follow WonderHowTo on Facebook, Twitter, Pinterest, and Flipboard
Cover image and screenshots by Jon Knight/Gadget Hacks
News: A Return to Glory? HTC Releases the U12+ with 4 Cameras, Edge-to-Edge Display & Edge Sense 2 By Jon Knight; Smartphones; Latest Phones; 2017 was a down year for HTC. First, the U11 and U Ultra were widely criticized.
HTC One Specs « HTC One :: Gadget Hacks
Home Forums Channels Android Devices HTC Desire HD Support how do i set a mp3 as my incoming message tone? Discussion in ' Android Devices ' started by strobez1977 , Nov 15, 2010 .
HTC Desire 626 - Ringtones, notification sounds, and alarms
How to Hack a six volt lantern battery « Hacks, Mods
Once you've completed the steps, the XAMPP Control Panel will launch, and you can begin the web server environment configuration. How to configure XAMPP on Windows 10. The XAMPP Control Panel includes three main sections. In Modules, you will find all the services available. You can run each service by clicking the Start button.
Configuring XAMPP on Windows | Develop guide on Drupal.org
It's called the Google Arts & Culture app, and it's free on Google Play and the Apple App Store. But the ability to compare your face to famous works of art is a new feature. And it's one that's
Art masterpiece school ideas and kid art - Pinterest
Nintendo launched the Switch as their modern console, a way to play your favorite Nintendo games not only on the go, but in a portable application as well. Samsung Galaxy Note FE Troubleshooting;
Samsung Galaxy S8 can emulate Nintendo GameCube games
News: eBay Vulnerability Allows Scammers to Attack Android & iOS with Malicious Programs News: Cinemark Movie Club Is a Great Subscription for Occasional Filmgoers & Popcorn Addicts Forum Thread: How to Find the Sales Price Using the Discount Formula. 0 Replies 3 yrs ago
How to Use Macys Coupon? « Null Byte :: WonderHowTo
At the time of the iOS 4 announcement, Steve Jobs mentioned that some features such as Multitasking and Wallpaper are not going to work on the iPhone 3G. This is most probably because of memory and CPU issues (the iPhone 4 has 512Mb, the iPhone 3Gs has a faster CPU than the 3G).
Multitasking and homescreen wallpaper on iPod touch 2g
Mozilla Firefox Preview, new Firefox browser, is available on Google Play by Martin Brinkmann on May 16, 2019 in Firefox , Google Android - No comments Fenix, which is a codename, is a new browser for Android by Mozilla that will replace the current Firefox web browser for Android eventually.
Open With Google Chrome - Get this Extension for 🦊 Firefox
Now you have learnt how to install flash player on Nexus 5 by using two browsers. This adobe flash player installed on your LG Nexus 5 doesn't guarantee full compatibility with all websites running flash content. But it will work with most websites. Other Browsers To Try
How to Install Flash Player on Any Android KitKat Phone
The ultimate guide to customizing the ultimate Android home screen. set the image as either your home screen or lock screen; if you don't see an option, it'll default to your home screen
How to Customize The "Slide to Unlock" Text on Your iPhone's
Here's a quick guide on how to make your Android device safer for your kids. that your children aren't downloading any sensitive content. To enable restrictions, open up your Play Store app
How to enable safe mode on android Oreo 8.0 device
0 comments:
Post a Comment