Last updated July 11, 2017 at 12:37 pm
Mobile phones are as much as part of our lives as oxygen these days. They hold the key to lots of important personal information so it’s not unsurprising mobile phone hacking exists, as Ben writes.
The top of the line mobile phones come with a raft of security features intended to keep your phone’s contents safe if your phone gets lost, stolen or left unattended. But they’re definitely not foolproof – in fact they’re kind of surprisingly easy to get around.
An iris scan is supposed to be one of the most accurate and secure biometric security features available. However the Samsung Galaxy S8’s iris scanner can still easily be fooled, as German hacker Starbug has revealed.
He used night mode on a camera to capture a photograph of a friend’s eyes – using night mode allowed greater detail to show in the iris. He then printed off the life-size picture and attached a contact lens over the iris to create the illusion of depth in the photo. Using this photo he was able to unlock the phone in less than 1 second.
The problem with this technique is getting a good enough photograph of the person’s face and eyes, but that’s not outside the realms of possibility.
Facial scanners have also been used on phones for a few years now, and is starting to appear as authentication for other apps such as banking.
The Galaxy S8 facial recognition is so basic it can be fooled with a photograph of the person. Samsung admit it’s not as secure as a fingerprint or iris scanning, but when it’s presented as a security option for locking the phone, many people will be using it.
Other facial scanners require the subject to blink during the facial recognition to prevent using a photograph – in which case if you can get a video of the person you can sometimes just use that to get through the roadblock.
There are some better facial recognition scanners out there such as Windows Hello (for laptops), which uses a separate camera and is accurate enough to be able to tell the difference between twins.
One of the first “advanced” security features to feature on mobile phones was a sensor to detect fingerprints. Very convenient. Very James Bond. Very defeatable.
The process was developed by researchers from Michigan State University. They started with a scanned photo of the user’s fingerprint which they then mirrored and printed onto a glossy paper not dissimilar to photo paper. The ink they used was a conductive ink that contained silver, and the printer an off-the-shelf model.
Then they tested it on phones they successfully unlocked a Samsung Galaxy S6 and Huawei Honor 7, and managed to sporadically open an iPhone 5S. Some newer versions of fingerprint scanners rely on also detecting the person’s pulse through their fingertip, but it’s not clear if more modern phones still have the vulnerability or not.
Back in 2014 Starbug reconstructed the German defence minister’s fingerprint starting with high-resolution photographs of her hand. The photographs included a photograph from a press release and another taken with a standard camera from a distance of 3 metres during a press conference. With some pre-planning, this means that your fingerprints could be spoofed without ever coming in contact with the hacker.
There are also other techniques using 3D printing to produce a fake finger, and if you happen to come across an indentation of the person’s finger it’s even easier – just like in films you can make a fake fingertip which you can wear over your own.
The worst thing about fingertip sensors though is that once you’ve had it broken, you’re vulnerable for life. You can change a password but you can’t change your fingerprint, so once it’s stolen it’s been stolen for good. And if it’s able to be reconstructed from photographs, that data can easily be stored for future use against you.
However you might not even your own fingerprint to be stolen. Researchers from New York University and Michigan State University have claimed that many fingerprint scanning devices can be fooled using a master fingerprint – essentially a master key. They created a set of master prints that they say could bypass fingerprint scanners 65% of the time by being similar enough to create partial matches with the stored reference fingerprint. This relies on the fact that most small scanners such as a smartphone are too small to detect every individual detail of your fingerprint and so rely on matching partial prints only, which is much more likely to create a false match. The study however was carried out using computer simulations, and not actually creating an analogue finger and testing it on real phones.
Near Field Communication is a way that allows your device to talk and swap small data packets with others over a range of a few centimetres – it’s how your tap and go payment apps work for example.
While the short range supposedly makes NFC transfers extremely difficult to hack into, NFC communications aren’t necessarily secure. It was designed as a tool of convenience rather than security and requires no credentials or passwords. Security can be implemented by individual apps (and is by banking apps, making those transfers secure from eavesdropping) or by the system adding a second layer of authentication, but the communication tool itself is not – and that means if you can get close enough, you can potentially get into the phone.
So how do you get close? If you can place an NFC tag near a payment terminal, or even just near where anyone would have their phone, you could transfer malware or viruses into a person’s device. Using NFC, data transfers quickly and potentially without the receiver being aware of the transfer, so they wouldn’t even know a transfer had taken place. With the right malware a hacker can then have full access to the person’s phone, including banking apps and social media accounts. However for this to work the tag would need to be extremely close – NFC’s security strength is it’s extremely short range, meaning the malicious chip would need to essentially be on top of the NFC terminal.
The more likely way of being able to hack someone would actually to be more overt, and it wouldn’t necessarily be difficult. NFC is becoming more popular as a marketing tool with signs with messages like “touch here for more information” – a few spoof or modified posters would give hackers access to a large number of phones quickly. A hacking group hid NFC tags in posters and buttons to place (benign) malware onto people’s phones as a demonstration of this at a tech conference.
There have previously been concerns that a well timed bump between people could surreptitiously transfer malware between an NFC tag in a hacker’s pocket and a target phone. If the phones sync it’d transfer before the person has even realised they’ve been bumped into. However due to the short range of NFC it would likely need to be an accurate bump and would rely on their phone having NFC turned on, making it a low-rate-of-success strategy.
More up to date phones have some protections against clandestine transfers with prompts asking to confirm a file download, however enticing a person to willingly touch a tag and transferring a file with a faked name easily circumvents this. Older phones may also not have an extra layer of protection. But if you were concerned about being hacked through NFC you can just turn it off when you’re not using it.
The good news is that device and app developers are constantly keeping abreast of the techniques used to hack devices and use that information in future designs to eliminate that vulnerability. But it’s worth knowing that sometimes those advanced security features… aren’t so secure. Ideally biometrics should be used with a second type of identification and not be used as a replacement for passwords. Even Starbug recommends passwords – “I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it.”
And if all else fails you can always brick your phone remotely, and that’s probably the most effective security feature there is.