How To Hack Into a Mobile Phone

  Last updated July 11, 2017 at 12:37 pm

Topics:  

Mobile phones are as much as part of our lives as oxygen these days. They hold the key to lots of important personal information so it’s not unsurprising mobile phone hacking exists, as Ben writes. 


The top of the line mobile phones come with a raft of security features intended to keep your phone’s contents safe if your phone gets lost, stolen or left unattended. But they’re definitely not foolproof – in fact they’re kind of surprisingly easy to get around.


Iris scanner


An iris scan is supposed to be one of the most accurate and secure biometric security features available. However the Samsung Galaxy S8’s iris scanner can still easily be fooled, as German hacker Starbug has revealed.


He used night mode on a camera to capture a photograph of a friend’s eyes – using night mode allowed greater detail to show in the iris. He then printed off the life-size picture and attached a contact lens over the iris to create the illusion of depth in the photo. Using this photo he was able to unlock the phone in less than 1 second.


The problem with this technique is getting a good enough photograph of the person’s face and eyes, but that’s not outside the realms of possibility.


Face scanner


Facial scanners have also been used on phones for a few years now, and is starting to appear as authentication for other apps such as banking.


The Galaxy S8 facial recognition is so basic it can be fooled with a photograph of the person. Samsung admit it’s not as secure as a fingerprint or iris scanning, but when it’s presented as a security option for locking the phone, many people will be using it.


Other facial scanners require the subject to blink during the facial recognition to prevent using a photograph – in which case if you can get a video of the person you can sometimes just use that to get through the roadblock.


There are some better facial recognition scanners out there such as Windows Hello (for laptops), which uses a separate camera and is accurate enough to be able to tell the difference between twins.


Fingerprint sensor


One of the first “advanced” security features to feature on mobile phones was a sensor to detect fingerprints. Very convenient. Very James Bond. Very defeatable.


The process was developed by researchers from Michigan State University. They started with a scanned photo of the user’s fingerprint which they then mirrored and printed onto a glossy paper not dissimilar to photo paper. The ink they used was a conductive ink that contained silver, and the printer an off-the-shelf model.


Then they tested it on phones they successfully unlocked a Samsung Galaxy S6 and Huawei Honor 7, and managed to sporadically open an iPhone 5S. Some newer versions of fingerprint scanners rely on also detecting the person’s pulse through their fingertip, but it’s not clear if more modern phones still have the vulnerability or not.


Back in 2014 Starbug reconstructed the German defence minister’s fingerprint starting with high-resolution photographs of her hand. The photographs included a photograph from a press release and another taken with a standard camera from a distance of 3 metres during a press conference. With some pre-planning, this means that your fingerprints could be spoofed without ever coming in contact with the hacker.


There are also other techniques using 3D printing to produce a fake finger, and if you happen to come across an indentation of the person’s finger it’s even easier – just like in films you can make a fake fingertip which you can wear over your own.


The worst thing about fingertip sensors though is that once you’ve had it broken, you’re vulnerable for life. You can change a password but you can’t change your fingerprint, so once it’s stolen it’s been stolen for good. And if it’s able to be reconstructed from photographs, that data can easily be stored for future use against you.


However you might not even your own fingerprint to be stolen. Researchers from New York University and Michigan State University have claimed that many fingerprint scanning devices can be fooled using a master fingerprint – essentially a master key. They created a set of master prints that they say could bypass fingerprint scanners 65% of the time by being similar enough to create partial matches with the stored reference fingerprint. This relies on the fact that most small scanners such as a smartphone are too small to detect every individual detail of your fingerprint and so rely on matching partial prints only, which is much more likely to create a false match. The study however was carried out using computer simulations, and not actually creating an analogue finger and testing it on real phones.


NFC


Near Field Communication is a way that allows your device to talk and swap small data packets with others over a range of a few centimetres – it’s how your tap and go payment apps work for example.


While the short range supposedly makes NFC transfers extremely difficult to hack into, NFC communications aren’t necessarily secure. It was designed as a tool of convenience rather than security and requires no credentials or passwords. Security can be implemented by individual apps (and is by banking apps, making those transfers secure from eavesdropping) or by the system adding a second layer of authentication, but the communication tool itself is not – and that means if you can get close enough, you can potentially get into the phone.


So how do you get close? If you can place an NFC tag near a payment terminal, or even just near where anyone would have their phone, you could transfer malware or viruses into a person’s device. Using NFC, data transfers quickly and potentially without the receiver being aware of the transfer, so they wouldn’t even know a transfer had taken place. With the right malware a hacker can then have full access to the person’s phone, including banking apps and social media accounts. However for this to work the tag would need to be extremely close – NFC’s security strength is it’s extremely short range, meaning the malicious chip would need to essentially be on top of the NFC terminal.


The more likely way of being able to hack someone would actually to be more overt, and it wouldn’t necessarily be difficult. NFC is becoming more popular as a marketing tool with signs with messages like “touch here for more information” – a few spoof or modified posters would give hackers access to a large number of phones quickly. A hacking group hid NFC tags in posters and buttons to place (benign) malware onto people’s phones as a demonstration of this at a tech conference.


There have previously been concerns that a well timed bump between people could surreptitiously transfer malware between an NFC tag in a hacker’s pocket and a target phone. If the phones sync it’d transfer before the person has even realised they’ve been bumped into. However due to the short range of NFC it would likely need to be an accurate bump and would rely on their phone having NFC turned on, making it a low-rate-of-success strategy.


More up to date phones have some protections against clandestine transfers with prompts asking to confirm a file download, however enticing a person to willingly touch a tag and transferring a file with a faked name easily circumvents this. Older phones may also not have an extra layer of protection. But if you were concerned about being hacked through NFC you can just turn it off when you’re not using it.


The good news is that device and app developers are constantly keeping abreast of the techniques used to hack devices and use that information in future designs to eliminate that vulnerability. But it’s worth knowing that sometimes those advanced security features… aren’t so secure. Ideally biometrics should be used with a second type of identification and not be used as a replacement for passwords. Even Starbug recommends passwords – “I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it.”


And if all else fails you can always brick your phone remotely, and that’s probably the most effective security feature there is.


Follow us on Facebook, Twitter and Instagram to get all the latest science.




About the Author

Ben Lewis
Ben Lewis is the Editor of Australia’s Science Channel, and a contributor to Cosmos Magazine. He has worked with scientists and science storytellers including Brian Cox, Chris Hadfield, Robert Llewellyn, astronauts, elite athletes, Antarctic explorers, chefs and comedians. Ben has also been involved in public events around Australia and was co-writer, producer and director of The Science of Doctor Who, which toured nationally in 2014 in association with BBC Worldwide Australia & New Zealand. Want more Ben? You can hear him on ABC and commercial radio in Adelaide, regional SA, across NSW, and the ACT. He also speaks at universities around Australia on communicating science to the public. Around the office he makes the worst jokes known to mankind.

Published By

Science and technology is as much a part of our cultural fabric as art, music, theatre and literature. They play a significant role in our daily lives, yet, in a world dependent on science, we often take them for granted. Australia’s Science Channel believes every citizen has a right, and a responsibility, to be informed, and our mission is to create programs to bring that about.


Featured Videos

Placeholder
Start your FameLab 2019 journey now
Placeholder
Nural Cokcetin - It all starts with FameLab
Placeholder
Erinn Fagan-Jeffries - It all starts with FameLab
Placeholder
Ronald Yu - It all starts with FameLab
Placeholder
Noushin Nasiri - It all starts with FameLab
Placeholder
Grassroots
Placeholder
What is machine learning?
Placeholder
Mythbusting artificial intelligence with expert Anton van den Hengel
Placeholder
Using machine learning to predict medical outcomes
Placeholder
KCLOC
Placeholder
Nature Calls
Placeholder
Mexican Fishing Bats
Placeholder
Bittersweet
Placeholder
Timelapse
Placeholder
Invisible Blanket
Placeholder
Look
Placeholder
The Anomalies: Venom Race
Placeholder
Science Meets Making
Placeholder
Spiral
Placeholder
Looking Out There
Placeholder
Protectors of the Penguins
Placeholder
Astroturf
Placeholder
Virtual Humans
Placeholder
Rancheros del Jaguar
Placeholder
Searching For Dark Matter
Placeholder
Finding prehistoric mega-shark fossils on Victoria's coast
Placeholder
The Grandfather of computers
Placeholder
James Cameron talks science
Placeholder
In Class With.....David Suzuki - The Environment
Placeholder
In Class With.....David Suzuki - Career
Placeholder
Sustainable water use with Doug Green
Placeholder
Why is Indigenous science important?
Placeholder
Vanessa Pirotta - Using drones to collect whale snot (FameLab Australia 2018 Winner)
Placeholder
Toby Hendy - Poking Plants (FameLab Australia 2018 Runner-Up)
Placeholder
Muthu Vignesh Vellayappan - Groovy Patches (FameLab Australia 2018 Audience Choice)
Placeholder
Taryn Laubenstein - The Tail of Two Fishes
Placeholder
Richard Charlesworth - Coeliac disease diagnosis can be a pain in the posterior
Placeholder
Pegah Maasoumi - Solar Windows
Placeholder
James Wong - Breathing while you hop: How do kangaroos do it?
Placeholder
Ben McAllister - The ORGAN Experiment: Shining a light on dark matter
Placeholder
Mortaza Rezae - Empowering beautiful minds
Placeholder
Zane Stromberga - Can allergy drugs beat bladder disease?
Placeholder
Working In.....Art - Astrophotography
Placeholder
What's the best way to move - springs or muscles?
Placeholder
FameLab Australia Semi-Final Highlights
Placeholder
Saving lives with platypus milk
Placeholder
Australian astronomers witness death throes of a cocooned star
Placeholder
How Australia's politicians see our future in space
Placeholder
Keeping satellites in the loop
Placeholder
Tim Flannery talks about COP
Placeholder
Tim Jarvis & Tim Flannery talk Climate Change
Placeholder
Andy's Week in Science - robo baby, university rankings, and cancer on circadian rhythms
Placeholder
From chocolate factory to surgery - the milliDelta robot
Placeholder
Andy's Week in Science: video games, low tech transition windows and a new CRISPR technique
Placeholder
Science lessons useful in Art Restoration career
Placeholder
Are drones the future of racing?
Placeholder
The future of esports according to the experts
Placeholder
Seeing is believing with artist Eugenie Lee
Placeholder
The human impace of Art Science collaboration
Placeholder
Follow your Interests in Robotics
Placeholder
Zoz on 3D Printing
Placeholder
Flavia Tata Nardini on women in engineering
Placeholder
Flavia Tata Nardini on the future of the internet
Placeholder
Explore the ocean floor and Antarctic biodiversity
Placeholder
Follow your interests in Medical Research
Placeholder
Artists on Science
Placeholder
What is Space Archaeology?
Placeholder
Follow your Interests
Placeholder
Scientists on Art
Placeholder
3D Printing in Medical Research
Placeholder
Ethical Issues
Placeholder
Problem Solving - Robotics at Dermatec
Placeholder
Problem Solving with CSI
Placeholder
Tamarah King - Earthquake Geologist
Placeholder
True or False with Bajo and Rad BONUS ROUND
Placeholder
True or False with Bajo & Rad
Placeholder
Andy's Week in Science - Cats vs Dogs
Placeholder
FameLab 2018 - Get Involved!
Placeholder
Nural Cokcetin - How FameLab changed my life
Placeholder
Erinn Fagan-Jeffries - How FameLab changed my life
Placeholder
Noushin Nasiri - How FameLab changed my life
Placeholder
Ronald Yu - How FameLab changed my life
Placeholder
Alan Duffy's Top 5 Science Communication Tips
Placeholder
A Judge's Top Tips for FameLab Australia
Placeholder
Brain Candy - Why, Why, Why Michael Stevens?
Placeholder
The Past, Present, and Future of Malaria
Placeholder
This is a video of poo pills being made!
Placeholder
Mind Games - Sports Psychology
Placeholder
Fuel to Win - Sports Nutrition
Placeholder
Fifty years since Australia beat the world to space
Placeholder
ECR Network: Talk Your Science with Alan Duffy
Placeholder
Andy's Week in Science - chimps, klompen, and clouds
Placeholder
Our robot medicine future - heart huggers and micro biohybrids
Placeholder
Six Awkward Cancer Questions
Placeholder
How do you tell if a whale is left-handed?
Placeholder
She Flies - Turning Girls into Drone Pilots
Placeholder
Andy's Week in Science - Magnetic Fabric, Cancer Treatments, and Echolocation
Placeholder
The Science of Sexuality
Placeholder
Sailing Through Space with Bill Nye
Placeholder
Using Sports Science to Help Olympic Athletes
Placeholder
Three and a Half Minutes of Top Shelf Career Advice
Placeholder
New Space Tech with Andrea Boyd
Placeholder
Kelly Meets the Mars Curiosity Rover
Placeholder
Hearts, Opera, and Tough Conversations - Andy's Week in Science
Placeholder
Bill Nye on Science, Girls, and Saving the World!
Placeholder
2017 Prime Minister's Prizes for Science Part 2
Placeholder
2017 Prime Minister's Prizes for Science Part 1
Placeholder
Who Decides the Law in Space?
Placeholder
Scientists Watch Collision That Created Gravitational Waves
Placeholder
Getting Cold Feet Leads to a Whole New Career
Placeholder
ECR Network - Why Every Scientist Should Be on Twitter - The Benefits
Placeholder
ECR Network - Why Every Scientist Should Be On Twitter - The Fears
Placeholder
Live Podcast - Life Vs Science
Placeholder
Origami Robots, Babies, and Kidneys - Andy's Week in Science
Placeholder
Namira Salim and the Zero-G Peace Summit
Placeholder
Elon Musk's Mars Plan: Expert Analysis
Placeholder
SPACE AF - Thursday
Placeholder
My Time in Space
Placeholder
IAC TV Daily Broadcast - Wednesday
Placeholder
SPACE AF - Wednesday
Placeholder
IAC TV Daily broadcast - Tuesday
Placeholder
SPACE AF - Tuesday
Placeholder
IAC TV daily broadcast - Monday
01:00:41
Placeholder
SPACE AF - Monday
Placeholder
Live from IAC 2017
Placeholder
Brew Ha Ha - Technology Rewrites History
Placeholder
Methamphetamine - Gateway Drug to Parkinson's Disease
Placeholder
Concussion, 3D BioPrinting, and The Universe - Andy's Week in Science
Placeholder
Pulsars, Clearwigs, and Pacemakers - Andy's Week in Science
Placeholder
Revolutions - The Quest to Transform HPV Racing
Placeholder
Brew Ha Ha - Hurricane Irma Blows Away Tesla's Rip Off
Placeholder
Brew Ha Ha - The Limit of Your Lifespan
Placeholder
The Recipient
Placeholder
Think Like a Scientist: Natural Selection in an Outbreak
Placeholder
The End of Snow
Placeholder
The Next Rembrandt
Placeholder
The Discarded
Placeholder
The Spectators
Placeholder
Test Tube Babes
Placeholder
Pangolins in Peril- A Story of Rare Scales
Placeholder
Rock Art Project
Placeholder
Pork.0
Placeholder
OWSIA (Darkened Water)
Placeholder
Nex
Placeholder
Northern Quolls
Placeholder
Dish Life
Placeholder
At Street Level
Placeholder
Custom Love
Placeholder
Adrift
Placeholder
A Story from Space
Placeholder
Brew Ha Ha - The Most Dangerous Thing in Boxing May Be the Gloves
Placeholder
ECR Network 2017 – Get Interdisciplinary!
01:27:00
Placeholder
Chris Hadfield: The Future of Space Exploration
Placeholder
Chris Hadfield: Life After Space
Placeholder
Chris Hadfield: Life in Space
Placeholder
Brew Ha Ha - Let's Make Algae Australian of the Year
Placeholder
Brew Ha Ha - Australia's Energy Showdown
Placeholder
Nine Awkward Astrophysicist Questions
Placeholder
Brew Ha Ha - There's No Such Thing as an Exercise Pill
Placeholder
National Science Week Awards Show
Placeholder
ECR Network 2017 - Grant Writing Workshop
Placeholder
Brew Ha Ha - Your 5 Step Asteroid Success Plan
Placeholder
National Science Week Forecast
Placeholder
Open Doors. Open Future. Open Day.
Placeholder
Brew Ha Ha - Lose a Little to Gain Millions
Placeholder
Brew Ha Ha - Crowd Sourcing Origami Astronaut Protection
Placeholder
Brew Ha Ha - T-Rex's Prehistoric Power Walk
Placeholder
True or False with Kale Brock
Placeholder
The Grandfather Paradox
Placeholder
Brew Ha Ha - The Hidden Heroes Tackling Mozzies
Placeholder
Brew Ha Ha - Emergency AI Assistance
Placeholder
Brew Ha Ha - Frogs Forever, Dinosaurs Never!
Placeholder
Brew Ha Ha - Australia, Let's Go To Space
Placeholder
Brew Ha Ha - Welcome to the Microbiome, Archaea!
Placeholder
Brew Ha Ha - Roos Blindside Driverless Cars
Placeholder
Biodiversity of Antarctica Under Threat From Increase In Ice-Free Areas
Placeholder
Brew Ha Ha - The Future of the Census
Placeholder
Tell Me! Brian Cox
Placeholder
Crash, Burn, Tweak, Repeat
Placeholder
Brew Ha Ha - Humans Just Got Older and Wiser
Placeholder
Brew Ha Ha - Cheers to Brain Health?
Placeholder
Gene Therapy Could Cure Allergies
Placeholder
Brew Ha Ha - iHeart Hacking
Placeholder
Ridiculology - New Hubble
Placeholder
Brew Ha Ha - Trees Alone Can't Save Us
Placeholder
Brew Ha Ha - Earth's Accidental Force Field
Placeholder
Dinosaurs on the Big Screen
Placeholder
Brew Ha Ha - Farewell MP3
Placeholder
Kids Beat Grown-ups on Pneumonia Vaccines
Placeholder
Brew Ha Ha - The Booger Conspiracy
Placeholder
FameLab 2017 National Final - Part 2
Placeholder
FameLab 2017 National Final - Part 1
Placeholder
2017 Budget Response
Placeholder
What Are Animal Weapons?
Placeholder
If You Love Both Art and Science, Be a Scientific Illustrator
Placeholder
Getting Personal With Skinks
Placeholder
Brew Ha Ha - CSIRO Email Leaks
Placeholder
FameLab 2017 Western Australia Semi-Final Highlights
Placeholder
Brew Ha Ha - New Hope for Premmies
Placeholder
Brew Ha Ha - Britain Goes Coal-Free
Placeholder
Brew Ha Ha - Naked Mole-Rats (SFW)
Placeholder
Brew Ha Ha - Easter Reminders
Placeholder
Meet Andrea Boyd - Space Flight Controller
Placeholder
Brew Ha Ha - Sperm Drug Smugglers
Placeholder
FameLab 2017 New South Wales Semi-Final Highlights
Placeholder
The Science of Fiction
Placeholder
Brew Ha Ha - Liquorice Poisoning
Placeholder
Brew Ha Ha - Crowdsourcing Science
Placeholder
FameLab 2017 Queensland Semi-Final Highlights
Placeholder
Brew Ha Ha - SpaceX Preps for Relaunch
Placeholder
Poly Cystic Ovary Syndrome Breakthrough
Placeholder
Brew Ha Ha - Surviving a Media Storm
Placeholder
Will This Aussie Team Win the Race to Create the Ultimate Malaria Vaccine?
Placeholder
Brew Ha Ha - New Dino Family Tree
Placeholder
How to fix things with Kyle Wiens
Placeholder
Repair or replace? iFixit co-founder Kyle Wiens
Placeholder
Special Investigation - No Alternative to Cancer
Placeholder
Brew Ha Ha - Raspberry Pi is Number 3 Best-Selling Computer
Placeholder
If reefs can't adapt, are they doomed?
Placeholder
Art, Music, Science, Society - Sir Tim Smit Has Thoughts On It All
Placeholder
Assembling the Best Team (according to Sir Tim Smit)
Placeholder
What's up with the Rogue Ginger?
Placeholder
Make Me A Martian
Placeholder
Brew Ha Ha - Recognising the Ethical Dilemma in Facial Tracking Software
Placeholder
Science Communication Around the Globe
Placeholder
Brew Ha Ha - Elon to the Rescue
Placeholder
Sing Us a Song, Spaceman!
Placeholder
Feather Map Of Australia Citizen Science Project
Placeholder
Tim Jarvis vs Mountain: Neuroscience
Placeholder
Brew Ha Ha - Don't Pee in the Pool!
Placeholder
Brew Ha Ha - A New Organ That's as Old as You Are
Placeholder
Brew Ha Ha - Australia's Bill of Sexual Health
Placeholder
Budget 2016 - The Science Forecast
Placeholder
Ideas Boom - What the Innovation Statement Means for You
Placeholder
Celebrating the 2016 Prime Minister's Prizes for Science
Placeholder
Behind the Scenes at Science Meets Parliament 2016
Placeholder
ECRN - Publish or Perish - A Trip Down the Ugly Side
Placeholder
ECRN - Publish or Perish with Corey Bradshaw
Placeholder
ECRN - Publish or Perish with Angela Eggleston
Placeholder
Coral Bleaching Explained: the story of Frank the coral
Placeholder
The Amazing Life Cycle of the European Eel
Placeholder
Zero Gravity
Placeholder
ECRN - Grant Writing Workshop
Placeholder
ECRN - Managing the Balance
Placeholder
ECRN - Research Linkages with Industry
Placeholder
ECRN - Alternative Careers with Dr Leigh Guerin
Placeholder
ECRN - How to Collaborate with Industry
Placeholder
ECRN - Alternative Careers Q&A
Placeholder
ECRN - Collaborating with Industry