Breaking into your mobile device: location tracking and camera usage

In our previous articles, we have already discussed the important types of attacks on your mobile devices. Yet, these were only a fraction of the possibilities available to third parties and you should know about more of them in order to protect your data from unauthorised access.

Unauthorised location tracking

GPS or location tracking is one of the nifty features that come with an android device. This is the reason how you get to your destination from A to B, find the things you are looking for based on places, your food delivery guy can deliver the food to your place, and so on. But, it has its misuse as well. Again, it is the intent of a user which describes the mischievousness, not the technology.

There could be instances when your location information is sent to the third-parties, without your consent, or explicit permission. The best way to prevent this is to always turn off the location services. Doing so may prevent you from getting the rich experience of some apps, or some apps may not perform at all. In such a case, you will typically have a notification pop up telling you to turn on the location services.

Another move you can make is to turn off the tracking that some apps may use to prevent unauthorized tracking, in case the device allows the app. Again, those apps will pop up a notification to turn on the location services. In case, they don’t and you see any app that uses map is not working, manually go ahead and turn on the location services.

Let’s clear up one thing the GPS functionality inside a mobile device is not the only way to track you. There are cellular networks, WiFi are also can be used to track your device location. Cellular networks and WiFi are not as precise as the GPS. People who want to track your device can get really creative to track your device down. There are multiple ways this can be achieved. Also, given all the newest technology out there, this is just a matter of time.

For an organization, employers can track when you are coming in or going out with a technique called geofencing. Employees may not like this at all. Well, you better put it up front as the company policy or something, before they bring a whole mob or bring legal attention for invading employee privacy. I’m sure if you have an organization running, you know how to spit it out in a non-violent way so that they understand the benefit of using it as well.

Unauthorized camera and microphone

We have come to see how the malware can get to the root, and have access to various functionalities on the device. All the point that is mentioned above can lead to the point, where the attacker may activate the camera and microphone to spy on you. They can see you, hear you.

This may surprise you, there is more advanced malware that is out there, which can effectively keep your microphone active, even though the device has been shut down. An attack of such level can be a real deal and need more higher attention like the manufacturer or carrier provider securing the connection.

What they can do by activating your camera and microphone, is for you to judge. If you say or do nothing that is sensitive to your privacy or business, it really does not matter. I guess, in such a case, you won’t be a target. But do not shrug it off if you are working in a place where you or your organization deal with sensitive data regularly. The target may not be you but your company, where you are working as a medium, all happening behind your back, or… is it?

The best measure you can take is to restrict the permission for camera and microphone permission for the apps installed on your phone. Use an anti-malware app from your vendor-provided app store and often run a check and carefully assess the result, and in case you come across malware detection, see the kind of malware it is. Make a quick online search of the malware and educate yourself on them. In case you are someone who has an interest in cyber-security or wants to step in, this will fill up your knowledge.

Let me make one thing clear is that, even if you have downloaded an app from a trusted vendor source, the app may have any vulnerability, that the app developers might not be aware of yet. An attacker can always exploit the such issue. The best thing is to be careful to whom you are granting access to your device.