Connected devices like smartphones offer you a world of knowledge and convenience at your fingertips. But they can also create vulnerabilities that open you up to be taken advantage of by hackers and scam artists.
In some cases, deceitful third parties can even use your phone's native GPS tracking to keep tabs on your location data. They could also sell that data to advertising companies looking to turn a profit on your personal information.
But what about a stalker? Could one really use the information from your smartphone to track you or worse, find you?
Potential stalkers have two primary ways they can track you via your smartphone. One way is through social engineering, which requires little or no technical expertise. You could be voluntarily giving away personal information or access to your smartphone to someone you know or who gains your trust. If that person chooses, he or she can exploit that information to track where you are and what you're doing, even if you don't want to be tracked.
Another way stalkers can track you is to steal information from your smartphone. This requires they have more technical experience to gain access to your smartphone or install tracking software or malware. They can then use those to download your address book, log on to malicious websites or even track your location.
If your smartphone has a GPS, a stalker could pinpoint the phone's precise location any time the GPS is enabled.
The good news is you can take a few precautions and avoid potential problems.
When you voluntarily tell the world where you are and what you're doing, you make it easy for stalkers to track you. Social networks like Twitter, Facebook and Instagram are built around us posting messages from our smartphones.
Even if you don't say where you are, you could give it away in your photos. But anything that can be identified in your photos — think street signs, buildings and even license plates — could reveal things about who and where you are. Plus, most smartphones geotag photos, embedding them with the latitude, longitude and even altitude data of where they're taken. That data is uploaded, along with when the photo was taken. Check the settings on your smartphone to disable geotagging and be aware of how different social network sites use and reveal geotags of photos uploaded to their sites.
In short, if you want to avoid being stalked on your smartphone, treat your smartphone as an extension of your social networks, and never post anything you don't want the world to know.
Smartphone Stalking Apps
Even if you're cautious about what information you reveal online, it's possible someone could stalk you via apps installed on your smartphone. Stalking apps (also known as spyware and stalkerware) are apps that someone can download onto your phone to secretly track you. If one is installed, it can provide detailed information about what you do on your phone, right down to your account passwords. Some can even turn on your phone's microphone or camera giving remote access to the person to see and hear from your phone.
How can you tell if your phone has stalkerware installed? It might not be that easy. Even antivirus software may not detect it. But there might be signs to look out for:
An abuser has had physical access to your phone.
Your phone's battery drains faster, without any difference in your usage.
There is an unexplained increase in your data use.
There are unexpected changes in your phone's settings.
If you notice anything suspicious, don't delete it immediately. You may need it as evidence if you report the abuse to law enforcement. Instead, change your password and enable two-factor authentication. This can prevent the hacker or abuser using stalkerware from logging back into your phone. If you do contact law enforcement, update your phone's software — this can remove stalkerware. Then erase all the data from your phone and start fresh.
Smartphone Signal Interception
Smartphone hijacking and theft of your personal information may not be exclusive to stalking, but these are ways a stalker can find you. As we discussed earlier, a stalker could use tracking software to target your smartphone and intercept personal calls and messages. But he or she could also stage a non-targeted attack on your smartphone using signal interception.
Your smartphone has a combination of radios and signals it uses to communicate. For phone calls, text messaging and internet browser, your smartphone uses one or more cellphone network protocols like 4G LTE and 5G. Depending on the smartphone, you might also have a short-range Bluetooth radio, a GPS receiver, and one or more radios for connecting to different Wi-Fi networks.
Open Wi-Fi networks, like those used at cafes and airports, are especially vulnerable to hacking. The unencrypted data sent into the wireless router can be easily intercepted by hacking software, potentially laying claim to your location data, banking info and online passwords. Hackers may also install their own Wi-Fi access point around public locations to make this process even easier.
The best method of combating this is simply to never use public Wi-Fi, but we all face times when that is our only option to get online. While connected to an open network, avoid logging into online banking and other secure services. You can also add a layer of protection to your device by installing a virtual private network (VPN).
The apps you've chosen to use on the phone can also have an impact on security. Many apps access personal information on the user such as photos, cameras, contact lists and location. On Android and iPhone, these permissions must be requested and manually approved by the user. They can also be revoked later in the phone's settings.
For safety, it's best to grant data access to apps that have been published by reputable companies. You should also only give these permissions if they are an integral part of the app's function. For instance, a navigation app requesting location data makes perfect sense, but a calculator app doing the same should be a red flag. Some applications may also try to see your location anytime the phone is powered on, so read carefully over each permission request.
Scammers could also use two common hacking tactics, spoofing and phishing, to access your data or to con you out of money. Spoofing disguises the true number of an incoming call. Usually, the number will appear local to you, but it can really be from anywhere on the planet. Once you pick up the phone, the scammer uses phishing techniques like telling you that they work for your bank or the IRS. Then they'll say you owe money or your account is compromised. They'll use that as a pretense to coax you into giving up personal info, or to transfer money over to them.
Never give your bank information to a stranger who has called you. If you're unsure of the legitimacy of the call, consider hanging up and calling the company or agency they claim to represent at a verified phone number. Phishers will also commonly request that money be transferred to them in the form of traveler's checks or gift cards, so such a request over the phone should immediately ring alarm bells.
Third parties can also attempt to scrub your personal data using a device called a stingray, also known as a cell site simulator. The stingray is a short-range wireless device that can disguise itself as a regular cell tower. The target's phone then connects to the device as it would a legitimate network. Any texts, photos, location and other data sent in the stingray's vicinity will be compromised without you knowing.
Stingrays are often employed by the U.S. government to survey and scrape data from civilians. Many federal and military agencies have access to the devices, as well as some state and police forces. The nature of the stingray makes it incredibly difficult to even identify if an attack is happening. If you suspect you may be in range of a cell simulator, power down your phone completely. Remove the battery if possible. You may also want to use a faraday cage to block any data from leaving the phone.
You can still enjoy your smartphone while avoiding stalkers and hackers. Just use these four tips as your defense: Know your smartphone, know its weaknesses, know how to keep it secure and keep your personal information personal.
Originally Published: Feb 23, 2010
Phone Stalking FAQ
What does it mean to stalk someone on social media?
When someone is stalking a person on social media, it means that they are scrolling through that person's posts and pictures to track them and their activity. Stalkers can easily get private information from posts, photos and geotags to determine a person’s whereabouts.
Can someone stalk me through my phone?
Yes. Potential stalkers have two primary ways of stalking you through your smartphone. One is through social engineering, in which someone uses information that you’re voluntarily putting online to stalk you. The other way is through stalkers stealing information from your smartphone, which is more technical.
What is a stalking app?
Stalking apps and commercial tracking software for smartphones are spyware that secretly monitors smartphones, including the information on them, the location using GPS and so on. This software allows stalkers to read sent and received text messages and listen to phone calls.
How do I prevent my phone from being tracked?
Precautions include keeping your smartphone with you or in a secure place, setting a passcode on your phone and configuring the phone to prevent bypassing that code. You should also keep your security up to date by installing software updates as they’re released.