Spyware. Stalkerware. malware. A while back, we simply used to club everything into the category of “virus”. Not anymore. A tryst with malicious software, often hiding in plain sight on your phone or computer, isn’t something you’d want. Yet, you’re one click away from it. You’ve seen it in movies. A baddie gains access into an unsuspecting target’s phone, starts tracking location, and can snoop in on calls and messages.
You must have heard of Pegasus, a worrying though somewhat extreme targeting implementation in the real world. It is not the only one. Often, it doesn’t need to be that extreme and detailed either. Putting the phone inside an empty bag of chips to prevent spying (thank you, Sarah Connor, of the Terminator fame), isn’t a solution in the real world. But the question is, and it may be very relevant to ask on the Data Privacy Day 2021, can you ever really protect your phone against spyware?
Many shades of foul play with your data
But what does malware or spyware really do? Depending on what it is created for and what its owners want from your trove of data, there are iterations. Some are meant to scrape and steal data from personal users. More elaborate pieces of software target larger corporate networks, including healthcare, education, telecom, and governments.
“Cybersecurity vulnerabilities continue to increase as companies grow their digital footprints due to the massive amounts of data being generated,” says Peter Waters, Chief Privacy Officer, Equinix, a company that specializes in data centers.
On the personal device and usage front, there are multiple iterations and methods. There is Adware that will track your web browser activity and may serve ads meant to target you. Why miss out on a chance to earn money? Trojans can infiltrate your phone as a file or software (or app) which looks very much like the real deal and access your data once they settle in. Internet tracking is another method to keep tabs on your web searches, browsing history, and what you’ve downloaded.
“In our 2022 Security Report, we also noted that email had become an increasingly popular vector for distributing malware throughout the pandemic, now accounting for 84% of malware distribution,” says Sundar Balasubramanian, Managing Director, India, and SAARC, Check Point Software Technologies.
The more aggressive spyware types will implement wider system monitoring, such as logging keystrokes (this can be a way to narrow down your online account IDs and passwords too), accessing the microphone or the camera to snoop in, and recording calls.
Data privacy and spyware: The first step may matter
There’s the problem of mistakes littering the approach to smartphone security. First, smartphone users don’t always take it seriously. Secondly, a lot of users are oblivious to the problem. The global 2021 Norton Cyber Safety Insights Report reveals some very worrying statistics. As many as 38% of consumers surveyed have never considered their identity could be stolen.
The proverbial cherry on the cake is users ignoring the red flags of a phone misbehaving, heating up, or even seeing unknown call logs in the phonebook. Equally, as many as 53% of the respondents also have no knowledge of how to protect themselves.
“Covid spurred many privacy issues here. Many workers were given a budget and told to avail themselves of a laptop. These will not have the same level of security as one that your employer gives you, or as your office workstation,” says Sumit Srivastava, Solutions Engineering Manager – India at CyberArk. “Likewise, the concept of secure work areas at home is not a realistic one for most of us, with families, flatmates, or strangers in the coffee shop peering over our shoulders,” he adds.
Spyware doesn’t have a definition
“Spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent,” says security firm Kaspersky.
Spyware, by its characteristics, is all about sneaky surveillance with your data being shared with another set of eyes, without your consent. Once it is installed on your phone, often hidden from sight, it theoretically has access to all residing data. Do not confuse this with mere tracking of your phone’s location, which can be done with cell tower data or even Bluetooth.
Are you opening the door?
The most common mistakes users make with their Android phones, Apple iPhones, and computers, allowing spyware to infiltrate, are sometimes the most basic steps you can take to maintain the security integrity of your smart device.
These include the likes of not updating your phone or PC’s OS with regular security patches. All platforms, be it Android, iOS, macOS, or Windows, regularly release updates for security improvements and patching vulnerabilities. Leave these unattended for too long, and your phone or PC becomes an easy target.
Another way for malware and spyware to enter your phone or PC is by piggybacking on apps and software that you may download from unofficial application stores and websites. Sharing data on random websites and apps is another way of opening the door for hackers to target you.
“People are more empowered than ever to exercise their rights, submit Subject Rights Requests (SRRs), and reclaim control of their information. They want to understand how their data is used and to access, correct, delete and restrict the use,” says Andy Teichholz, Global Industry Strategist, Compliance & Legal at OpenText, a company that makes enterprise information management software.
Downloading or opening files or media which have a malicious code attached, clicking on web links from unknown senders that direct you to a malicious web page, or connecting to unsecured public Wi-Fi networks without VPN, are common methods.
Spearfishing and more: Think before you click
You will not believe how easy it is for hackers to deploy spyware on your phone. The next time a random website generates a popup that warns that your phone or PC is infected with a virus, do not click on it to download software that promises to help. This method is called spear-phishing.
Software updates are important. Thousands of layers of code, and the chances of a vulnerability that malware can exploit, are quite high. There is something called zero-day vulnerabilities, and the zero-click exploit. These are the gaps in software that the developers don’t know about but have been discovered for exploitation by cybercriminals. The latest patches are your only layer of prevention. Pegasus, for instance, can be installed on unpatched phones via a simple missed call on WhatsApp or a text message. It even deletes all traces of that call or message.
“The best way to stay protected against such tools is to provide as much information on these cases as possible, to related software and security vendors. Software developers will fix the vulnerabilities exploited by the attackers and security vendors will take measures to detect and protect users from them,” says Dmitry Galov, Security Researcher at Kaspersky’s Global Research & Analysis Team.
Should you install a security suite?
There is merit in that argument, though not strictly required if you are careful about how you use your phone or PC. But then again, most users aren’t. “VirusScan includes antispyware technologies designed to prevent and eliminate spyware, adware, and viruses,” says security software company McAfee. They aren’t the only ones, in a space that has solutions from Norton, Bitdefender, and AVG, to name a few.
What you can do well to avoid is download an unknown app, claiming to be a security suite. Security software in general will protect against viruses and malware by detecting unknown processes or malicious apps. It could include a VPN service that will add a layer of protection when your phone connects with unknown Wi-Fi networks.