How To: It's Not Just Your Camera & Mic Here's All the Crazy Ways Your Phone Could Be Used to Spy on You
As you're surely aware, your phone can be used against you. Thanks to our cameras and microphones, a clever hacker can obtain access to your device and invade your privacy. But spying isn't limited to just these two sensors — gyroscopes, proximity sensors, QR codes, and even ads can be used to paint a very clear picture about who you are and what you're currently doing.The examples below are theoretical. No known real-world threat exists that utilizes these tactics. However, as any good cybersecurity expert would inform you, you must think about how hackers will infiltrate in order to properly protect your system. We hope with this information, you will care a little bit more about your phone's security and protecting your privacy.
Keylogging Using the GyroscopeAll modern smartphones are equipped with a gyroscope. This sensor is used to detect the precise direction your phone tilts, which can be used for things like steering a car in your favorite racing game.Thanks to the growth of smartphones, various sensors (including gyroscopes) have dramatically improved their ability to measure specific movements. Because of this accuracy, it possible to use the gyroscope maliciously. One potential cyber attack was demonstrated at Northeastern University, where a group was able to use both the gyroscope and the microphone to perform keylogging.Keylogging is the capturing of text you input into a device — this is particularly dangerous when it comes to passwords. While there are other ways to accomplish this, the College of Computer and Information Science at Northeastern University demonstrated how it could be easily be performed with the two sensors. The gyroscope used in racing games can also be used to determine to conduct keylogging. As you type, your phone tilts slightly in reaction to each touch. By capturing this tilt, letters can be determined. As you tap the screen to type, a sound is produced, which is also captured by the microphone. Its position can be determined by measuring the distance of the sound using each of the phone's microphones. Using the combination of these two sensors and a set of algorithms, researchers were able to log the exact keys pressed with 90–94% accuracy on the first try.
Determining Your Location Without Using GPSOne type of sensitive data that our phone has access to is our location. Even with the GPS off, as we connect to cellular towers and Wi-Fi points with geolocation information attached to them, our phone has a rough idea of our location. However, even without access to these tools, a hacker could still determine your location using other sensors we don't normally think about.The same group at Northeastern University attempted to demonstrate this by using sensors that don't require users to grant permission explicitly before apps can access them. The result was an app that used the gyroscope, accelerometer, and magnetometer.With a map of the area the person was in, the app was able to track the user as they drove around. The accelerometer was used to determine movement and stoppage. The magnetometer (the compass) provided direction of their travel. The gyroscope measured the turning angles, allowing for accurate tracking as the person made turns.Using an algorithm to match the observed movements against a map of the rough area, they were able to determine where the person traveled and visited. Similar to Google's Location History, by observing the location and the time spent at locations (both time of day and duration), the app could effectively determine the user's home and workplace addresses, along with their favorite places to visit. Using your location history (with your permission) and a similar algorithm, Google Maps can automatically determine your home and work addresses.
Tracking Location Using AdsBesides the previous method, there is another way to track someone's location without direct access to their GPS data. According to Wired, all it takes is $1,000 and a few mobile ads.A University of Washington research team demonstrated this by creating a mobile banner ad and a website linked to the ad. They paid the minimum $1,000 deposit for ad space on major mobile platforms such as Google AdWords and Facebook. With their deposit, they were able to specify where their ads appeared, in which app, and for which unique phone identifiers. They also used geofencing to create a 3-mile square section that would place on their ads in a specific app when users traveled within the geofence.Each time the target phone used the app, researchers were charged 2 cents, and information about the phone was sent to them, such as approximately where they were, what time they were there, and what phone they were using. With this info, the research group was able to track the user's location to within 25 feet )as long as the app remained open for four minutes in one location or was opened twice in the same location). While this method does require the opening of a specific app, this obstacle could be overcome by targeting commonly used apps. Ads, such as this, can be used to track your location. The researchers needed to know the device's specific advertising ID beforehand in order to target a specific person, but this still has potential privacy implications even when a user isn't specified. For example, the researchers were able to see the number of people using the Grindr app in an area, or those of a specific religious denomination (they used Quran Reciter to determine the number of Muslims in the area), which could be used to conduct targeted surveillance of a populace.
Seeing What Links You've Visited Using the Light SensorThe ambient light sensor measures the light in your environment and adjusts the brightness of your phone's display for optimal viewing. This sensor, which is normally not considered a potential threat, can be used for hacking purposes.Lukasz Olejnik illustrated the ambient light sensor's malicious potential by creating an app that uses its data to determine the links visited by a user. In short, the light emitted by your screen can be read quite precisely by your phone's ambient light sensor. This could let an attacker see the exact color of a webpage you're viewing.Websites can display different colors for links you've previously visited and those you haven't, but for security reasons, they not allowed to "know" which color you see (this is determined by your browser, not the site). In other words, a link might be light blue if you haven't visited it before, then it may turn purple after you click on it — but the website itself doesn't know this; it only knows what color it told your browser to show for visited and unvisited links.If websites get access to your ambient light sensor's data, they can read the light emanating from your screen to determine whether or not you've previously clicked a link on the page.For instance, if a website had a black background with dark grey text and even darker gray unvisited links, it would know that the ambient light sensor should be reading fairly low levels of light from the screen. It could then request that your browser shows visited links as white, and when you scrolled to that portion of the page, the ambient light sensor would see the extra light from the white link and the website would know you visited that link. After analysis, the site could create a list of all sites you've visited.
Stealing QR Codes & Other Cross-Origin ResourcesLukasz Olejnik also demonstrated how the ambient light sensor could create complete copies of the cross-origin elements on a site, such as QR codes.Normally, resources from different origins aren't able to access each other's data — for instance, an embedded QR code from an ad can't see what's on a website, and the website it's displayed on can't see where the QR code links to. This is known as the same-origin policy, and it protects users against hackers.Let's say a site uses a QR code for account recovery purposes. The intention is that you'll scan the code with your phone and it will verify you as a user, then allow you to log back in after you've forgotten your password.Using data from the ambient light sensor, Olejnik was able to create a pixel-perfect representation of QR codes and other elements displayed on a site — elements that are normally protected by the same-origin policy. The sensor is precise enough to map out the subtle differences between black and white pixels emitting light on your screen, so the same principles could be used to recreate avatars or security codes displayed on websites.
Identify Users and Nearby ObjectsThe vast majority of smartphones have a proximity sensor. This is used to turn off the touch screen when you're in a call — otherwise, your face would accidentally touch buttons on the dialer or even hang up the call.The proximity sensor not only detects when objects are close to the screen, but it can also accurately measure distance. According to Lukasz Olejnik, one possible measurement is how close we hold the phone to our face.While this may not seem obvious at first, each one of us holds our phones at a different distance based on height, arm length, the strength of our vision, and other factors. With this information, an app could differentiate users and use this information to discriminate against them. While the accuracy of this method may not be high, when combined with other identifiable factors (such as the advertising ID), advertisers could differentiate users pretty easily.Additionally, Lukasz Olejnik identified another possible security risk with the proximity sensor: Identifying nearby objects. By measuring the distance between the phone and the objects around it, an app could feed a third party (whether advertisers or hackers) your location in relation to the objects, even while your GPS sensor is turned off.Each one of these potential threats is theoretical, and as far as the public knows, there has been no widespread attack utilizing one of these methods. However, the risk is there, so we wanted you to know about it. What do you think of these potential attacks? Were you aware of these possibilities? Let us know in the comment section below.Don't Miss: iPhone Security 101 & Android Security 101Follow Gadget Hacks on Facebook, Twitter, YouTube, and Flipboard Follow WonderHowTo on Facebook, Twitter, Pinterest, and Flipboard
Cover image and screenshots by Jon Knight/Gadget Hacks
When working with config of varous services, like Apache, Webmin actually edits the same config files found via command line. While Webmin is a great tool, all tools may develop issues from time to time (and invariably when you need them to work) so it's probably a good idea to explore via command line what webmin did to those config files.
How To Install Moodle on CentOS 6 - idroot
Use this step-by-step guide to get your Galaxy Note 8 up and running the way you want it. Features to Enable and Disable. Then tap the on/off button at the top of the screen to enable the
How to Get Samsung's Battery-Saving Grayscale Mode on Your
How to Use Google Maps Offline on Android Phone. Once you have offline Google Maps for specific areas saved to your device, you can make use of then at anytime to find directions offline. 1. Open Google Maps on your Android Phone by tapping on the Google Map app icon. 2.
Master the many ways to search with Google on your Android
How To: Banish Multi-Page Articles & Slideshows Forever How To: Use Keyboard Shortcuts to Email More Efficiently in Google Inbox DIY Elsa Costumes: Icy Halloween Looks for Frozen's Snow Queen How To: Lock Down Your Google Account with Google's New Physical Key Noseprint Security: How to Unlock Your iPhone with Your Nose
Slide-shows « Wonder How To
To fix, just go back and set your date/time manually to be ahead of the countdown time, verify you have new lives in Candy Crush, set the time/date back to automatic—then play. Getting New Lives Faster on iPads, iPhones, & iPod Touches. To get new lives quicker on iOS devices, the process is pretty much the same as above.
How to Bypass Candy Crush Saga's Waiting Period to Get New
The best new features coming to your iPhone in iOS 13 that Apple didn't tell you about Here's a look at some of the other useful features coming in iOS 13 that Apple didn't get to discuss on
How to download apps and games from the App Store. Best new movies and TV Shows on iTunes. Need more help with your new iPhone? There's a lot to uncover with your new iPhone. Half the fun is finding it on your own. The other half is getting help from someone that knows the tips, tricks, and hidden secrets of the iPhone.
How to get a refund for iTunes or App Store purchases | iMore
There's a known issue affecting some Nexus 5 users where the speaker volume is fairly low. This could be attributed to a manufacturing defect, which you could possibly fix with a hot needle, but if your built-in speakers and headphones seem muted, don't take your Nexus apart just yet.
How To Boost & Increase Speaker & Headphones Volume on Nexus
This brief tutorial will show you how to add and/or remove Widgets to/from your Android home screen. Due to the large number of Android phones and tablets, the screenshots used in this tutorial will probably not match your device exactly.
Put a clock on your Home screen - Clock Help
In this tutorial you are going to learn How to share your location on iPhone. How to send your location via iMessages. Open iMessages and navigate to a desired thread. Tap on the "i" button
Share your location with anyone through Messages app on iOS
How to Enable/Disable Read Receipts Individually. Turning Read Receipts on or off completely has worked the same ever since iOS 5, but iOS 10 brought a new option that lets you turn Read Receipts on or off on a case-by-case basis.
How To: Disable App Icon Badges & Unread Counts on Your
What Huawei's Rumored Mobile OS Means for the US Market
this is how to make a mini flamethrower (please don't use this to melt crack ,etc. I take no responsibility for what you do with this) (notice the small deer walknig past at 00:21 lol, thats my
How to overclock your CPU - TechRadar
If your iPhone issue is covered by the Apple warranty, an AppleCare plan, or consumer law, there's no charge. This does not include accidental damage, which requires a fee. If your iPhone has accidental damage and you have AppleCare+ coverage, you can use one of your accidental damage incidents to cover the repair.
iPhone 4 Screen Replacement Disassembly and Reassembly - YouTube
How to Text from a Computer to a Cell Phone. Need to send a text to someone, even yourself, and don't have a phone handy? You can send text messages through your email program, or you can use a variety of different messaging programs.
How to Send Text Messages Via Email (SMS & MMS): List of Gateways
0 comments:
Post a Comment