Smartphones have become one of the most important gadgets in our lives. I know that if I ever lost mine, I would have trouble calling my friends and family. Once I store their phone number in my contacts, that's it, out of my mind forever.
But there is so much more than storage for contacts.
Smartphones have the inside scoop to much of our lives. We use them to keep precious photos and videos. We use our smartphone for banking, social media and much more.
There's so much sensitive data on our phone, it's frightening to think that someone could be spying on your every move. Unfortunately, secret spyware allows scammers to do just that.
How spyware works
Spyware is basically malware that's been developed to snoop on you, track your location and steal your information. It can be installed on your phone without you even knowing about it by clicking on a malicious link sent by a scammer wanting to spy on your phone.
There are a number of spy apps that can stay hidden on your phone and record everything you do. The snoop can watch every detail of your life and you'll never know.
Now let's be clear, there are occasions when spyware is used for non-threatening purposes. We hear regularly from parents worried about what their kids are up to on their smartphones. While our first recommendation is always open lines of communication with kids, sometimes it pays to keep tabs on them directly.
Another scenario when spyware isn't being used maliciously is in the workplace. Employers occasionally like to keep tabs on employees using company equipment.
Legally, an individual or company is only allowed to install spying software on a phone, tablet, or computer they own. So, employers giving out company phones and parents giving a phone to their kids are covered. They just need to make it very clear to the users of the phone that they're being watched, and for business purposes, written consent is also needed.
Are iPhones susceptible to spyware?
As you probably know, iPhones are less likely to be hit with malware than Android gadgets. A "Forbes" study showed that nearly 97 percent of all known malware threats only affect Android gadgets.
That's a pretty solid number for Apple fans. That doesn't mean iPhones are never at risk, though.
In August, Apple had to release an extremely critical iOS update to patch a zero-day security exploit. Before the update, an attacker could take over and fully control an iPhone remotely by simply clicking a link.
Note: [Zero-day attacks are previously unknown software vulnerabilities that are already being exploited by hackers even before the software makers are made aware of them.]
The threat discovered in August, named "Trident" by security firm Lookout and internet watchdog Citizen Lab, could reportedly turn any iPhone into an espionage tool by installing sophisticated spyware.
According to the security researchers, once an iPhone is infected, attackers could turn the device into a "digital spy." The attackers could then use the iPhone's camera and microphone to "snoop on activity in the vicinity of the device," record calls, log messages and texts, and track movement.
This exploit chain was uncovered when UAE human rights defender Ahmed Mansoor's iPhone was targeted with texts containing malicious links. Thankfully, instead of clicking the links, Mansoor forwarded the messages to Citizen Lab researchers.
Citizen Lab then teamed up with Lookout to reveal that the links led to the zero-day three-step exploit chain that would have jailbroken Mansoor's iPhone and installed the sophisticated spying malware Pegasus.
The security investigators say that the Trident exploit and Pegasus spyware can be traced back to an organization called NSO Group Technologies Ltd, a company that describes itself as a "leader in mobile and cellular Cyber Warfare."
Lookout determined that Trident does exploit these three zero-day iOS vulnerabilities:
- CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution.
- CVE-2016-4655: An application may be able to disclose kernel memory.
- CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges.
Apple was informed about the vulnerabilities, which led to the release of an iOS update. This is why it's important that you keep your iOS gadgets up to date.
To do this, go to Settings >> General >> Software Update. Your device will then automatically check for the latest version of iOS.
If your gadget is not up to date, information about the latest software update will be shown. Tap on "Download and Install" to begin the update process.
It's simple to install a spying app on an Android gadget once you get past the lock screen, so make sure you have the lock screen turned on and no one knows the PIN, password or pattern.
You can make it a bit harder by blocking third-party apps from installing. Go to Settings >> Security and uncheck the Unknown Sources option. It won’t stop a really knowledgeable snoop, but it could stump less-savvy ones.
No companies we could find have spy apps yet for Windows Phone 8 or Windows Mobile 10. There are some for older versions of Windows Mobile, but almost no one uses that anymore. As long as you keep an eye on your gadget and enable the lock screen, you should be fine.
Getting a spying app onto a phone someone is using is tough as long as they have a lock screen and other protections in place, but what if the app is on the phone from the beginning? There's no way to defend against that.
So, if someone offers you a shiny new smartphone out of nowhere, definitely do some homework on where it came from before accepting it.
This is important: If you think a spy app is already installed, do a factory reset of your phone - after you back up your information, of course. It's inconvenient, but it will give you peace of mind.