How to hack a phone: 7 common attack methods explained

How to hack a phone: 7 common attack methods explained

Mobile security often beats PCs, but users can still be fooled and smartphones can still be hacked. Here’s what you need to watch for.

Credit: Dreamstime

They’ve broken in, now what?

Once an attacker has used one of the techniques outlined above to gain a foothold on a smartphone, what's their next step? While smartphone OSes are ultimately derived from Unix-like systems, an attacker who's managed to force a breach will find themselves in a very different environment from a PC or server, says Callum Duncan, director at Sencode Cybersecurity.

"Most apps interface with the operating system and other applications on what are essentially API calls," he explains. "The kernels for iOS and Android are so vastly different from anything that would resemble their Unix base that shared exploits would be almost impossible. Command lines do exist for both devices but are only accessible the highest level of privilege for both devices and can usually only be accessed but rooting or jailbreaking the device."

But just because it's hard doesn't mean it's impossible. "Exploits of that type do exist," Duncan says. "Privilege escalation would be key to this process and working around inbuilt safety mechanisms would be hard, but any attacker with the ability to run code on a user's device is doing just that — running code on a user's device — so if they're smart enough they could make that device do whatever they please."

Caitlin Johanson, Director of the Application Security Center of Excellence at Coalfire, says that a surprising amount of sensitive data is accessible to attackers who gain a foothold on a device. "Data stores such as SQLite get created by installed apps and could contain everything from web request and response content to potentially sensitive information and cookies," she explains. "Common weaknesses observed in both iOS and Android include caching of application data within memory (such as authentication credentials), as well as persistence of thumbnails or snapshots of the running application, which could inadvertently store sensitive information to the device. Sensitive information—most often left unencrypted—is found in abundance within browser cookie values, crash files, preference files, and web cache content created in easy-to-read formats stored right on the device."

"The very tools created for development purposes are what makes it easier for an attacker to extract, interact with, or even modify this kind of data, such as abd on Android or iExplorer or plutil on iOS," she continues. "Standard utilities can be used for the examination of any database files copied from the device, and if we run into the need to decrypt, there’s tools like Frida to run scripts to decrypt stored values."

Thick as thieves

We don't mean to oversell how simple any of this is. Most users don't jailbreak their phones, click smishing links, or give enhanced privileges to dodgy applications. Even when hackers do gain a foothold on a device, they're often stymied by iOS and Android's built-in security measures.

Perhaps more than any specific technique outlined here, the way to hack a smartphone is via sheer determination. "Attackers create highly repeatable and automated models that pick and pry at every angle of a mobile app or a new operating system version in hope of finding a weak point," explains Hank Schless, Senior Manager at Security Solutions at Lookout. "Once they find an exploitable weakness, they try to use it to their advantage as quickly as possible before a fix is released."

And if you can't figure out how to breach a cell phone, well, maybe you can find a friend who can help. "Information sharing among cybercriminals most commonly occurs either on the dark web or in groups on encrypted chat platforms like Telegram," Schless says. "Larger groups, such as those backed by nation-states, are encouraged to share code and exploits amongst each other with the hope that collective efforts will help create more successful malicious campaigns." The good guys need to share intelligence too, because they clearly have their work cut out for them.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



Show Comments