WhatsNew2Day – Latest News And Breaking Headlines
Many of us would feel lost without our smartphones in our hands, but what if that same device became a tool for criminals?
Kieran Burge, security consultant at Prism Infosec, has revealed The five common mistakes that could allow you to access your smartphone in a matter of seconds.
As a penetration tester (a legal hacker who tests companies’ cybersecurity to find weaknesses before criminals do), Kieran knows what he’s talking about.
And he says simple mistakes like reusing passwords, clicking on dodgy links and sharing too much information on social media can get you into trouble.
So are you guilty of these security errors? Keep reading to find out.
Kieran Burge, security consultant at Prism Infosec, has revealed the five common mistakes that could allow you to access your smartphone in a matter of seconds.
As a penetration tester (a legal hacker who tests companies’ cybersecurity to find weaknesses before criminals do), Kieran knows what he’s talking about.
1. Using outdated software
Keiran told MailOnline that one of the first things he and other hackers look for when preparing an attack is outdated software.
“Outdated software is a really big problem because if the software has been updated, it’s probably because there’s a security issue,” he explained.
Software, whether it’s your iPhone’s operating system or a factory’s control system, usually has some type of vulnerability.
While they can be fixed quickly by developers, they are also often shared online through forums and hacker communities.
If you haven’t updated your software to include the fix, Keiran explains, “people can come in and steal really sensitive information and sometimes even take control of the software.”
Keiran told MailOnline that one of the first things he and other hackers look for when preparing an attack is outdated software.
Vulnerabilities can take many different forms and allow criminals to cause serious disruption to businesses and individuals.
These attacks are often opportunistic, as criminal groups scan online files for outdated software versions.
Keiran says the recent devastating attack on the British Library was likely just such an opportunistic attack.
To stay safe online, Keiran says you “should always make sure your software is up to date.”
2. Reuse passwords
Another common way hackers obtain your personal data, according to Keiran, is by exploiting reused passwords.
Keiran told MailOnline: “No matter what site gives you information, you don’t know what they are going to do with that information or how they are going to protect it.”
He says the big risk of reusing passwords is that if even one site you use is compromised, it can give hackers access to all your accounts.
“As soon as a company suffers a breach, there is usually a large dump of databases on the dark web,” Keiran said.
The dark web is an encrypted part of the Internet that cannot be accessed with normal search engines and is often used to host criminal markets.
In April of this year, an international raid took down a hacker bazaar called Genesis Market that the FBI said offered access to more than 80 million account access credentials.
Keiran said: “There will be databases with username and password combinations for your accounts.”
“If you’re reusing passwords, any hacker can take that combination and use it to take control of another company.”
Reusing passwords puts you at risk because your account credentials can be stolen and resold on marketplaces like Genesis Market, which AI took down earlier this year.
3. Giving too much information online
“On a personal level, for someone in their daily activities, one of the most important things to think about is how much information they share online,” Keiran said.
In ‘red teaming’, a cybersecurity term for testing a company’s defences, one of the first places Keiran and his team look is social media.
“We can do almost anything to break into a company, but one of the tools we use is collecting data from social networks,” Keiran explained.
“We scour social media sites like LinkedIn to see what we can find.”
Not only could this reveal usernames that may be linked to stolen account credentials, but it also opens the door to a whole range of other attacks.
One of the most insidious attacks this exposes you to is a technique called “simulation trading” or “simulation jacking.”
Keiran explains that hackers will search the web for information like your date of birth, address, and even answers to common security questions like your mother’s maiden name.
“Once you have all that information, you can use social engineering techniques to call your mobile provider and convince them to transfer the mobile number to a new SIM card,” he said.
Now, every time a text message or call goes to the victim’s phone, it goes directly to the attackers.
“Once they have it, suddenly you have access to all the multi-factor authentication sites that the person is registered with,” he added.
This could include work email accounts, online shopping accounts, and even online banking.
“You no longer have control over everything you put online, and if you’re unlucky and all that information gets linked, your identity can be partially stolen,” Keiran warned.
Revealing too much information online can leave you at risk of Sim-Jacking attacks where hackers transfer your phone number to a new sim to intercept your calls and messages (stock image)
4. Connection to unprotected public networks
“In recent years, something that has become much more important is remote work,” Keiran said.
“A big part of that involves people going to coffee shops like Starbucks and connecting to their public WiFi.”
The problem is that these types of public networks use a type of system called ‘open authentication’ to connect your device to the web without having to use identity verification.
While this makes it easier for you to quickly access the coffee shop’s WiFi to send some emails, it also puts you at risk of attacks from cybercriminals.
Open authentication means that the data you send over the network is not encrypted and can be captured by anyone else on the network.
“Someone could be sitting outside a public WiFi network and simply listening to what is being sent,” Keiran warned.
‘They could be in the cafeteria or they could be using specialized hardware to increase the range at which they can listen in on the network.
“They can hide at a safe distance and all they have to do is listen and wait.”
To prevent personal information, such as banking details, from being stolen from a public WiFi network, Keiran recommends always using a VPN when in public.
These services encrypt your data so that any spy on the network can’t read what you send.
On public WiFi, anyone could be listening to the information you’re sending, hoping to steal sensitive information like banking details and passwords.
5. Clicking on dubious links
Finally, Keiran says that sending dodgy links is still the most common way people get hacked.
Phishing scams remain the most common attack in the UK according to the UK National Cyber Security Center (NCSC).
In 2022 alone, 7.1 million malicious emails and URLs were flagged to the NCSC, the equivalent of almost 20,000 reports per day.
Keiran explains that hackers will send fake emails and text messages to targets that contain links to malicious websites or instructions for downloading software.
Once one of these links is clicked, criminals have a window to install malware on their victim’s device that can steal data and even take control.
But no matter how sophisticated a computer virus is, hackers still need someone to follow a link to a compromised website or download files containing hidden malware.
“You should be on the lookout for anyone who sends you something when you’re not expecting it,” Kieran concluded.
“Don’t click on dubious links, don’t download dubious files, don’t fall into their trap.”