Malicious Eavesdropping – What Can Be Done Against it?

This post is also available in: עברית (Hebrew)

Mobile devices contain access to all of our personal and corporate data. Eavesdropping is a prevailing threat among many on mobile phones, with technology capable of tracking users, listening to their conversations and even logging their application usage becoming more pervasive and easier to come by. There is an increase in attackers’ use of surveillanceware, which can be used to eavesdrop on people. The number and frequency of such incidents are substantial. Data Theorem has identified more than 100 million eavesdropping attempts on iOS and Android applications since its TrustKit release in 2015.

Moreover, telecom network conditions are not improving, with 4G subscribers across Europe and Asia exposed to the same threats as subscribers of previous-generation networks. It is the diversity in types of attacks that make building a strong defense against eavesdropping all the more challenging.

The list of dangers is growing, however, given the proliferation of the internet of things (IoT), many of which connect to or are accessible by mobile networks.

Lookout, a mobile security and antivirus company, recommends users take the following steps in order to secure their devices against eavesdropping:

• Download apps only from the official app stores such as Android’s Google Play or Apple’s iOS App Store.
• Avoid clicking on sketchy links from unknown contacts — simply visiting a page could put your device at risk.
• Avoid connecting to unsecured wireless networks or networks where everyone has the same password.
• Use a VPN that encrypts your traffic from prying eyes on a local network.
• Check your cellular carrier bills in case someone has requested a new SIM card for your account.
• Use secure messaging apps and services — standard phone calls and text-messaging are not secure. However, services and apps such as Signal, WhatsApp and iMessage do provide a higher level of protection against eavesdropping.
• Install a mobile security solution to detect whether your phone’s security has been compromised and you’re being spied on.

Other steps users can take include turning off Bluetooth when not in use, adding two-step authentication to apps and using passwords specific to apps rather than use one for all financial apps or all apps in general.