How To: It's Not Just Your Camera & Mic Here's All the Crazy Ways Your Phone Could Be Used to Spy on You

How To: It's Not Just Your Camera & Mic Here's All the Crazy Ways Your Phone Could Be Used to Spy on You
As you're surely aware, your phone can be used against you. Thanks to our cameras and microphones, a clever hacker can obtain access to your device and invade your privacy. But spying isn't limited to just these two sensors — gyroscopes, proximity sensors, QR codes, and even ads can be used to paint a very clear picture about who you are and what you're currently doing.The examples below are theoretical. No known real-world threat exists that utilizes these tactics. However, as any good cybersecurity expert would inform you, you must think about how hackers will infiltrate in order to properly protect your system. We hope with this information, you will care a little bit more about your phone's security and protecting your privacy.

Keylogging Using the GyroscopeAll modern smartphones are equipped with a gyroscope. This sensor is used to detect the precise direction your phone tilts, which can be used for things like steering a car in your favorite racing game.Thanks to the growth of smartphones, various sensors (including gyroscopes) have dramatically improved their ability to measure specific movements. Because of this accuracy, it possible to use the gyroscope maliciously. One potential cyber attack was demonstrated at Northeastern University, where a group was able to use both the gyroscope and the microphone to perform keylogging.Keylogging is the capturing of text you input into a device — this is particularly dangerous when it comes to passwords. While there are other ways to accomplish this, the College of Computer and Information Science at Northeastern University demonstrated how it could be easily be performed with the two sensors. The gyroscope used in racing games can also be used to determine to conduct keylogging. As you type, your phone tilts slightly in reaction to each touch. By capturing this tilt, letters can be determined. As you tap the screen to type, a sound is produced, which is also captured by the microphone. Its position can be determined by measuring the distance of the sound using each of the phone's microphones. Using the combination of these two sensors and a set of algorithms, researchers were able to log the exact keys pressed with 90–94% accuracy on the first try.

Determining Your Location Without Using GPSOne type of sensitive data that our phone has access to is our location. Even with the GPS off, as we connect to cellular towers and Wi-Fi points with geolocation information attached to them, our phone has a rough idea of our location. However, even without access to these tools, a hacker could still determine your location using other sensors we don't normally think about.The same group at Northeastern University attempted to demonstrate this by using sensors that don't require users to grant permission explicitly before apps can access them. The result was an app that used the gyroscope, accelerometer, and magnetometer.With a map of the area the person was in, the app was able to track the user as they drove around. The accelerometer was used to determine movement and stoppage. The magnetometer (the compass) provided direction of their travel. The gyroscope measured the turning angles, allowing for accurate tracking as the person made turns.Using an algorithm to match the observed movements against a map of the rough area, they were able to determine where the person traveled and visited. Similar to Google's Location History, by observing the location and the time spent at locations (both time of day and duration), the app could effectively determine the user's home and workplace addresses, along with their favorite places to visit. Using your location history (with your permission) and a similar algorithm, Google Maps can automatically determine your home and work addresses.

Tracking Location Using AdsBesides the previous method, there is another way to track someone's location without direct access to their GPS data. According to Wired, all it takes is $1,000 and a few mobile ads.A University of Washington research team demonstrated this by creating a mobile banner ad and a website linked to the ad. They paid the minimum $1,000 deposit for ad space on major mobile platforms such as Google AdWords and Facebook. With their deposit, they were able to specify where their ads appeared, in which app, and for which unique phone identifiers. They also used geofencing to create a 3-mile square section that would place on their ads in a specific app when users traveled within the geofence.Each time the target phone used the app, researchers were charged 2 cents, and information about the phone was sent to them, such as approximately where they were, what time they were there, and what phone they were using. With this info, the research group was able to track the user's location to within 25 feet )as long as the app remained open for four minutes in one location or was opened twice in the same location). While this method does require the opening of a specific app, this obstacle could be overcome by targeting commonly used apps. Ads, such as this, can be used to track your location. The researchers needed to know the device's specific advertising ID beforehand in order to target a specific person, but this still has potential privacy implications even when a user isn't specified. For example, the researchers were able to see the number of people using the Grindr app in an area, or those of a specific religious denomination (they used Quran Reciter to determine the number of Muslims in the area), which could be used to conduct targeted surveillance of a populace.
Seeing What Links You've Visited Using the Light SensorThe ambient light sensor measures the light in your environment and adjusts the brightness of your phone's display for optimal viewing. This sensor, which is normally not considered a potential threat, can be used for hacking purposes.Lukasz Olejnik illustrated the ambient light sensor's malicious potential by creating an app that uses its data to determine the links visited by a user. In short, the light emitted by your screen can be read quite precisely by your phone's ambient light sensor. This could let an attacker see the exact color of a webpage you're viewing.Websites can display different colors for links you've previously visited and those you haven't, but for security reasons, they not allowed to "know" which color you see (this is determined by your browser, not the site). In other words, a link might be light blue if you haven't visited it before, then it may turn purple after you click on it — but the website itself doesn't know this; it only knows what color it told your browser to show for visited and unvisited links.If websites get access to your ambient light sensor's data, they can read the light emanating from your screen to determine whether or not you've previously clicked a link on the page.For instance, if a website had a black background with dark grey text and even darker gray unvisited links, it would know that the ambient light sensor should be reading fairly low levels of light from the screen. It could then request that your browser shows visited links as white, and when you scrolled to that portion of the page, the ambient light sensor would see the extra light from the white link and the website would know you visited that link. After analysis, the site could create a list of all sites you've visited.
Stealing QR Codes & Other Cross-Origin ResourcesLukasz Olejnik also demonstrated how the ambient light sensor could create complete copies of the cross-origin elements on a site, such as QR codes.Normally, resources from different origins aren't able to access each other's data — for instance, an embedded QR code from an ad can't see what's on a website, and the website it's displayed on can't see where the QR code links to. This is known as the same-origin policy, and it protects users against hackers.Let's say a site uses a QR code for account recovery purposes. The intention is that you'll scan the code with your phone and it will verify you as a user, then allow you to log back in after you've forgotten your password.Using data from the ambient light sensor, Olejnik was able to create a pixel-perfect representation of QR codes and other elements displayed on a site — elements that are normally protected by the same-origin policy. The sensor is precise enough to map out the subtle differences between black and white pixels emitting light on your screen, so the same principles could be used to recreate avatars or security codes displayed on websites.
Identify Users and Nearby ObjectsThe vast majority of smartphones have a proximity sensor. This is used to turn off the touch screen when you're in a call — otherwise, your face would accidentally touch buttons on the dialer or even hang up the call.The proximity sensor not only detects when objects are close to the screen, but it can also accurately measure distance. According to Lukasz Olejnik, one possible measurement is how close we hold the phone to our face.While this may not seem obvious at first, each one of us holds our phones at a different distance based on height, arm length, the strength of our vision, and other factors. With this information, an app could differentiate users and use this information to discriminate against them. While the accuracy of this method may not be high, when combined with other identifiable factors (such as the advertising ID), advertisers could differentiate users pretty easily.Additionally, Lukasz Olejnik identified another possible security risk with the proximity sensor: Identifying nearby objects. By measuring the distance between the phone and the objects around it, an app could feed a third party (whether advertisers or hackers) your location in relation to the objects, even while your GPS sensor is turned off.Each one of these potential threats is theoretical, and as far as the public knows, there has been no widespread attack utilizing one of these methods. However, the risk is there, so we wanted you to know about it. What do you think of these potential attacks? Were you aware of these possibilities? Let us know in the comment section below.Don't Miss: iPhone Security 101 & Android Security 101Follow Gadget Hacks on Facebook, Twitter, YouTube, and Flipboard Follow WonderHowTo on Facebook, Twitter, Pinterest, and Flipboard
Cover image and screenshots by Jon Knight/Gadget Hacks



Hi, I am looking into making my own watch to. But i would like to design and make my own casing and dial. Do u have any tips or trick to take in consideration and what would be a nice quality movement that isn't to expensive quartz or automatic if possible


Peak hours are the busiest times for Lyft — when we consistently need additional drivers on the road to satisfy demand. Rides count as peak rides if the ride was requested during a peak hour. Peak hours aren't necessarily the same as Prime Time, which can happen at any time. Peak hours vary by region
26 Uber and Lyft Tricks to Save You - The Krazy Coupon Lady




How To: Rip Original PlayStation Games to Play on Your Android with a DualShock Controller Turn Your HTC One into the Ultimate Gaming Machine
Turn your Android device into a computer with Andromium
androidfact.com/turn-your-android-device-into-a-computer-with-andromium/
Turn your Android device into a computer with Andromium HTC One M8, HTC One M7, LG Nexus 4, Nexus 5, Nexus 6, and the Oneplus One. 2 thoughts on " Turn your
How to Turn on an HTC Phone: 4 Steps (with Pictures)

Subscribe to Gadget Hacks:

Multitasking in iOS 11 on iPad, Drag & Drop, App Switcher, Split view, Slide Over Split Screen on iPad Not Working in iOS 11, iPad Mini, Pro, iPad Air: Here's Fix How to Use Drag and Drop in iOS 11 on iPhone
How to Drag & Drop Photos on Your iPhone in iOS 11 « iOS


The good news is that this will work on any Samsung device that has root. If your Samsung device is rooted, you will be able to enjoy these boot animations. Before we begin, you will need a rooted Samsung phone! Step 1. Go to the Samsung QMG section at AndroidBootAnimation.com and download the Android boot animation you want to install. Step 2.
Easily Change the Boot Animation on Your Samsung Galaxy S5


16MP main camera with a 5MP sidekick for depth info The Realme 3 Pro is equipped with a 16MP main camera and a 5MP secondary module for depth detection. The primary cam uses the Sony IMX519 sensor


In the case of a playlist player (or custom player), the player will play the entire playlist and then start again at the first video. Note: This parameter has limited support in the AS3 player and in IFrame embeds, which could load either the AS3 or HTML5 player.
Embed Video on Website: 5 Easiest Ways - Freemake


This may be hard to imagine, but I, a now hilarious 24-year-old with impressive self-control and impeccable taste in movies, music, and celebrity crushes, have not always crafted the best tweets
Dan Gerous (@DangerousFunny) | Twitter


RCS messaging is becoming more popular these days, and Google and the GSMA are helping to promote the new service. Here's what you need to know.
What is RCS messaging? Here's all you need to know about SMS

0 comments:

Post a Comment