How to find out if your phone is hacked

I have had this question come up quite a lot from people asking “hey, how would I know if my phone is hacked, it has been doing some weird things”.

So here is a list of items you should check to assess if your mobile phone might be compromised.

What might show my phone got hacked ?

Check Your Data Usage

Most mobile devices will let you check how much data each app has used up. For apps related to social media it would make sense for them to use up a lot of data. But if you have an app, you barely use, and you can see there is quite a lot of data usage on it. That might indicate that it has been running and sending/receiving data. Compromised apps, may tend to use more data since the attacker may be trying to send data over your phone to their own systems. A good way to measure this is to check your app data usage every month. So, you get to know what the average data usage if for each app you use.

Pop ups or Ads

This one is an obvious one, if you see random ads popping up out of no where. Or random windows pop up on your screen. There is a good chance your phone has malware, and/or an app was installed and could have full access to your mobile device. You should go through ALL your apps to see what you have running on your mobile device. If there is anything that you see which should not be running or installed. Remove the app and check to be sure it was removed with the app no longer showing up as running/installed.

Your Phone gets hot all the time

A phone gets very hot to touch when it’s running an app that takes up a lot of processing power. And, that makes your phone start to heat up. If this is happening to a point where your phone is always super hot to touch. Then chances are a malicious app is running all the time causing your phone to heat up. This is a good chance to view all apps running and see which one has been running the most. It could be an indicator that it is a malicious app and should be removed.

How did I get hacked ?

Autopsy– A Forensic Analysis Tool

Autopsy – Digital Forensics

For anyone looking to conduct some in depth forensics on any type of disk image. Autopsy is a great free tool that you can make use of for deep forensic analysis.

It has been a few years since I last used Autopsy. I recall back on one of the SANS tools (SANS SIFT). Back then I felt it was a great tool, but did lack speed in terms of searching through data. It appears with the most recent version of Autopsy that issue has been drastically improved. On top of that, machines have also become much faster using SSD’s and tons of more CPU and RAM power.

Google Data Self Destruct

Google Loves Your Data

Google has been following people around for ages. I always point out to people the fact that they state how they would use Google for everything. Whether it’s for using email, spreadsheets, google drive for file storage, chrome as a browser etc… Yet, none of them ever questioned how Google is not charging them for these services? Let’s face it, no company can provide free services, and yet eat up expenses for too long. When I tell people the fact that Google indeed profits off the data from each user. That is truly when people start to realize, and even question that they may be sharing more than they want with Google.

What do I think about Google keeping tabs?

NCIX Data Breach

NCIX Data Breach

One of the biggest news items around recently has been the NCIX Breach. I was notified of it through a colleague prior to the media finding out about it through the following blog –> (https://www.privacyfly.com/articles/ncix_breach/). The blog details events that took place where a person uncovered hard drives left by the now bankrupt NCIX computer retailer. The warehouse housing these drives, and left over computers that belonged to NCIX were being sold off by the warehouse landlord. The information based off privacyfly’s blog seems to point towards the landlord illegally selling the data on the drives to recuperate lost rent. The big question here is how NCIX, or the team taking care of their assets after bankruptcy could allow this information to be sold. And, this also goes to show how NCIX has very weak security procedues in place to safeguard their most vital data (customer and employee data). Read The Full Post

Vulnerable JavaScript Illegally Mining User Machines

Vulnerable JavaScript Illegally Mining User Machines

So a few days ago, I was browsing Cnet.com to view some on-line tools. I noticed an odd alert triggered by my Anti-Virus scanner. My scanner detected it as HKTL_COINMINE with my URL Filtering option enabled on my scanner. I decided to investigate it further to see what this was all about. What I slowly started to uncover was that something was using my machine to mine. This at first didn’t make sense, as no new applications or files were downloaded.

Then, I noticed an increase in CPU, and I have a normal baseline where my CPU levels normally reside at for the most part. After looking into some network connections I realized there was a connection made out to a server in Ukraine. And, that isn’t typical behavior of my network to be connecting to a machine in Ukraine. The realization after some further investigation that it was the CNET JavaScript file that had been compromised externally on another server . And, this led me to my next blog post!

How Do They Exploit JavaScript?

(more…)