Under the hood: how, who and why follows us through smartphones

[Father]

Smartphones have firmly entered our lives, opening up the widest opportunities for communication, work and entertainment. However, many people do not even think about the fact that your favorite gadget can be a real spy and follow its owner. In this article, we will tell you how smartphones spy on us, who can be behind the surveillance, and how to protect yourself from someone else's control.

How smartphones spy on us​

Smartphones are literally crammed with information about their owners. There are also bank accounts, correspondence, personal photos, videos, audio messages, geolocations, and so on. Therefore, there are many options for spying on your phone — spyware, completely legal applications, or deliberately left backdoors made by the phone manufacturer for their own needs or for more global purposes (special services, government, etc.). Let's take a closer look at possible espionage options.

Location Tracking​

Modern phones use a variety of location tracking technologies to provide us with various amenities and features:

1. GPS smartphones are equipped with a built-in GPS receiver, which can be used to determine the exact geographical location. GPS is based on receiving signals from satellites and allows the device to determine its location with high accuracy.
2. Wi-Fi — If the phone has Wi-Fi search enabled, it broadcasts its MAC address and other service data. Nearby devices can recognize your smartphone. But in fact, it is difficult to call it surveillance. At most, someone will know that the device is located near the access point. This information is usually of interest to owners of entertainment and shopping centers for marketing purposes. This way you can find out how many people visit a particular store, how often a person returns, and so on.
3. Bluetooth devices that have Bluetooth enabled can also be used for location detection. The phone communicates data about nearby bluetooth devices, such as headphones or smart watches, and can use this information to determine the approximate position.
4. Mobile app for phone tracking — some apps request access to the device's location to provide more personalized features, but in fact they simply track the position of a particular smartphone. But there are specialized applications for getting real-time location data for a particular phone. These apps are roughly divided into three categories: parental and family control, and phone search.

Even a jealous spouse can get access to a person's geolocation by using the functionality of legitimate applications, for example, some instant messengers. However, it is much more critical when the attacker has access to the victim's microphone and camera.

Audio and video recording​

The fact that smartphones are spying and eavesdropping is easy to see. Surely everyone has noticed this — they talked about something on the phone, for example, about replacing plumbing fixtures or where to go on vacation, and immediately ads for toilets or tropical hotels appear in the browser.

Moreover, these can be quite harmless applications that, when installed, ask for access to the camera, microphone, and other technical features of the smartphone. But it's one thing if, for example, a voice assistant requests access to the microphone, and another-if it's a calculator or a flashlight. In this situation, you should consider whether you need to grant access and install this application at all.

Ivan the King
Developer of the Anwork business communicator

With the rise of digital technologies and the expansion of digital services in the daily lives of ordinary users, attack vectors on smartphones are becoming more sophisticated. Hackers find system vulnerabilities, human errors in working with systems, and come up with new ways to compromise a mobile device.

One of these vectors is malicious applications. Scammers can create apps that appear useful, but actually spy on the user, collecting personal data and passing it on to the attacker. Using phishing, attackers can send fake messages or emails in order to gain access to the user's credentials or other confidential information.

Fraudsters use malicious links in emails, social networks, or other online platforms to infect a user's device with malicious software. Account hacks are gaining momentum: attackers can use weak passwords, neural networks, chatbots, or authentication methods to gain access to a user's account and gain access to personal data.

But denying access doesn't always protect you from eavesdropping and spying. Large corporations often do this without users permission. For example, in 2019, Apple admitted that it had been tapping phones for years to improve Siri. In the same year, Google also admitted to such unauthorized wiretapping. The goal is quite harmless-to improve language recognition. But this doesn't make it any easier for users whose conversations have been listened to for a long time.

Collecting information​

Sometimes espionage is not just limited to location information, wiretapping, or spying. If someone wants full control over their phone, they use spyware malware. It can be used to monitor a person's movements, read or delete private messages, listen to calls, steal passwords, learn about plans, etc. And the main task of criminals is to install software on the victim's smartphone. Usually, fake apps or downloading malware via links are used.

However, it's not just cybercriminal developments that help collect information about a victim via a smartphone. Sometimes completely legal software developed for special services and governments starts working on the side of evil. A striking example is the Pegasus software from the Israeli NSO Group. The program was designed to track criminals, but its victims included journalists, politicians, students, and even the current French President, Macron. At the same time, the victims did not install compromising applications or open suspicious links. Spyware got into their phones using" invisible " iMessage messages, notifications about which were not even shown to phone owners.

Similar programs include Reign and Predator, also from Israeli startups QuaDream and Cytrox. These companies are essentially exploit brokers. For large and very large sums of money, they buy vulnerabilities from researchers, for example, iOS devices, and on their basis stamp their own spyware.

Perhaps this software is behind the scandal of 2023, when the truth about a certain intelligence action of the American special services surfaced. To do this, iOS devices were used "in the dark" — a spy module was introduced into the iPhone of employees of companies and the special services received all the information they needed.

Who needs such espionage​

The beneficiaries of espionage can be roughly divided into several categories:

• close people-watch for their own comfort or for other completely harmless reasons;
• smartphone manufacturers-collect telemetry for effective feedback and product improvement (but history is silent about how and why);
• developers of pre-installed apps-get a wide variety of information about smartphone owners-from IDs to activity indicators in different apps;
• cybercriminals-pursue illegal goals and use the obtained data for blackmail, profit, etc.

At the same time, cybercriminals can be divided into two groups — single hackers and APT groups that conduct large-scale network attacks.

Andrey Yefimov
Engineer of the Information Security Department of IMBA IT

A smartphone can be an indispensable target for all sorts of attackers, who can build attacks both through simple attack vectors and using high-tech methods typical of professional espionage and the activities of APT groups (groups of targeted advanced threats).

Attack vectors for ordinary users can include::

• Creating and distributing malicious apps, meaning that attackers can create apps that appear useful but actually contain malicious code that allows them to access data on the device.
• Various phishing attacks — emails or messages disguised as official notifications from services may contain links to malicious websites or files for installing spyware on your smartphone.
• Outdated software is also fraught with high risks, as it can contain vulnerabilities that attackers use to break into the device.

As for APT groups, they can use exclusive vulnerabilities or exploits to hack smartphones, break into secure systems, and further collect information. Professional spies can also have specialized tools and skills to extract data from mobile devices, even if they are protected by passwords or encryption. They can also carry out sophisticated attacks on the network to intercept traffic from a smartphone or inject malware into the network to which the device is connected.

But no matter who is behind the espionage and what goals they pursue, without the consent of the smartphone owner, this is not a good idea. And since there are a huge number of people who want to get access to other people's data, users need to know how to remove phone surveillance.

How to protect yourself from surveillance​

To protect yourself from other people's prying eyes and ears, first you need to make sure that the phone is really "under the hood".

Sergey Polunin
Head of the Security Group for infrastructure IT solutions at Gazinformservis

Any oddity in the behavior of the smartphone should hint at the presence of extraneous software in the operating system. Of course, this isn't always the case, but it doesn't hurt to check. On the one hand, it is useful to install a special antivirus tool for your smartphone and regularly check your device for extraneous applications and suspicious actions. On the other hand, if you see that your smartphone is warming up, turns on the camera without your permission, or tries to activate the microphone, then this is already a reason to disconnect from all networks and clean your device.

In addition to heating up and randomly turning on the camera and microphone, a sign of the presence of spyware can be:

• reduced speed and performance;
• increased battery and traffic consumption;
• the appearance of apps that the phone owner didn't install;
• constant overheating of the gadget;
• strange messages, emails, pop-up ads;
• interference during a call.

Any deviations from the normal operation of the smartphone — a reason to think and conduct a preemptive strike against spyware. To do this, just install an antivirus program on your smartphone and scan the device.

Yuri Shabalin
CEO of Stingray Technologies

It's easy enough to protect yourself:

• don't install unknown apps from questionable sources;
• do not click on links from unknown numbers and do not allow dubious software to appear on your device;
• carefully monitor the permissions that the app requests, and do not issue unnecessary or suspicious ones.;
• oddly enough, installing an antivirus on your device can help — they can potentially highlight problematic or suspicious applications.;
• pay attention to the device indicators that indicate that a program has access to the device's sensors (camera, microphone, geo-location, etc.).;
• periodically clean your device, delete unused apps, and look at the service usage report, paying attention to atypical app behavior.

But for app developers, there is only one tip: keep in mind that your app data may be compromised by intruders and, perhaps, the next version of the virus will target you. So keep a close eye on what and how you store on your device, how your data is encrypted, and take care of the security of your apps.

These simple rules will help prevent online phone number snooping. Also, you should not leave your phone unattended in public places or trust it to strangers. In just a few minutes, you can install spyware on your smartphone that will leak all the information to criminals.

Conclusion​

A smartphone knows almost everything about its owner, because it is always close to it. Often, the user does not even know that their device has a conditionally legitimate ability to collect data, and the manufacturer (or application developers) has the ability to analyze this data or transfer it to third parties.

The same functions that developers use can also be used by intruders for personal surveillance of a specific person, for the purpose of espionage or subsequent blackmail.