While helping research this article, the author's roommate spent an afternoon in that paranoid state one might have after seeing a horror movie alone late at night. The phone would vibrate, she'd jump in surprise, and then check to make sure it was someone she knew calling her before she answered. There are a lot of scary stories out there about smartphone stalking and people stealing your personal information.
Potential stalkers have two primary ways they can track you via your smartphone. One way is through social engineering, which requires little or no technical expertise. You could be voluntarily giving away personal information or access to your smartphone to someone you know or who gains your trust. If that person chooses, he or she can exploit that information to track where you are and what you're doing, even if you don't want to be tracked.
Another way stalkers can track you is to steal information from your smartphone. This is the more technical side of smartphone stalking. The stalker could gain access to your smartphone, install tracking software or malware, and use that to download your address book, log on to malicious Web sites or even track your location on a map. If your smartphone has a GPS, a stalker could pinpoint the phone's precise location any time it's on with GPS enabled. For more information about geolocating a mobile phone, check out our article on How GPS Phones Work.
The good news is that by taking a few precautions, you can keep potential stalkers at bay. This article reveals ways someone could track you using your smartphone, and it lists things you can do to avoid unwanted attention.
Social Network Stalking on Smartphones
When you voluntarily tell the world where you are and what you're doing, you make it easy for stalkers to track you. Social network Web sites like Twitter and Facebook invite us to do that through status messages. Most of those sites have made it very convenient for you to post your status from your smartphone, providing streamlined mobile versions of their Web sites plus applications you can install on your smartphone.
Even if you don't say where you are in your status messages, you could be revealing it in your photos. If your smartphone has a camera, it's common practice to take a photo or video and upload it to any of several social networking sites. But whatever is in the background of your photos, like street signs and license plates, could reveal things about who and where you are. Plus, many smartphones geotag your photo when you take it, and that data is uploaded along with your photo, revealing when and where it was taken. If you're trying to avoid stalkers, check the settings on your smartphone to find out how to disable geotagging, and be aware of how different social network sites use and reveal geotags from your photos.
Some social networks are based almost entirely on geolocation. The point is to use your smartphone to "check in" when you're at a particular location, and then have your status updated with your whereabouts. Networks like Mologogo and Google Latitude let you see where people are on a map, while Foursquare and Gowalla turn "checking in" into a fun way to earn rewards. Not only do these sites keep a log of your check-ins, they also let you automatically send status updates to other social networks, like Twitter and Facebook.
In short, if you want to avoid being stalked on your smartphone, treat your smartphone as an extension of your social networks, and take some tips from our article on the Top 10 Things You Should Not Share on Social Networks.
Smartphone Tracking Software
Even if you're cautious about what information you reveal about yourself, it's possible you could be stalked by tracking software installed on your smartphone. Commercial tracking software for smartphones can serve good purposes, like keeping track of your kids or monitoring delivery employees. Unfortunately, some people have chosen to use the software for uninvited tracking activities.
Anyone can purchase commercial mobile phone tracking software from companies like AccuTracking and Retina-X Studios. The software boasts such features as reading text messages, listening to phone calls and tracking the phone's location on a map using its GPS. When installed on a smartphone, the software runs stealthily with no hint to the phone's user that it's gathering and sending this information. Our article How Location Tracking Works describes how this software works together with radios, like those found in your smartphone.
The companies that sell smartphone-spying software post disclaimers that it's the responsibility of the user to obey laws and monitor people only with their consent. But what happens when someone disregards the law? The only thing a stalker has to do to install the software is to have access to your smartphone. Then, he can quickly install tracking software, Trojan horses or other malicious code. Even if you have a passcode set on your smartphone, a savvy stalker may know a way to bypass it and gain the access he or she needs.
So, you're keeping your personal information private, and you don't let your smartphone out of your sight. Are you safe? If your phone's software has a digital vulnerability, maybe not. In early 2009, Dan Dearing of Trust Digital demonstrated a "Midnight Raid Attack," showing how an iPhone SMS vulnerability could be used to steal data from your iPhone while you're sleeping [source: Mills]. A stalker could learn about your smartphone's digital vulnerabilities and take control of your smartphone without you ever knowing.
Unless a stalker has a specific reason to target you and your smartphone, the following simple precautions could get the stalker to move on to an easier target:
- Always keep your smartphone with you or locked in a secure location.
- Set a passcode for your smartphone and configure the phone to prevent bypassing that code.
- Know your smartphone's security weaknesses, and keep track of the latest news about your smartphone in case a new weakness is discovered.
- Take action to prevent someone from exploiting those security weaknesses on your smartphone.
Smartphone Signal Interception
Smartphone hijacking and theft of your personal information may not be exclusive to stalking, but they are ways a stalker can find you. As we discussed earlier, a stalker could use tracking software to target your smartphone and intercept personal calls and messages. But he or she could also stage a non-targeted attack on your smartphone using signal interception.
As described in How Smartphones Work, your smartphone has a combination of radios and signals it uses to communicate. For phone calls, text messaging and Internet browser, your smartphone uses one or more cell-phone network protocols like GPRS, EDGE and 3G. Depending on the smartphone, you might also have a short-range Bluetooth radio, a GPS receiver, and one or more radios for connecting to different WiFi networks. With all these signals moving through the air, it isn't surprising that stalkers often find ways to capture them and use them for cruel purposes.
Currently, Bluetooth is the easiest of these signals to intercept. Our article What is bluejacking? describes how someone can tap into your smartphone while its Bluetooth radio is on and discoverable. The bluejacker needs no more than his or her own Bluetooth device to do the trick. When the device finds your smartphone, the bluejacker connects and sends data that creates a new contact in your smartphone's address book. Though bluejacking itself is a harmless prank, it's also a warning that your smartphone could receive harmful, unwanted data if you leave your Bluetooth connect open. Your best defense is to restrict access to your Bluetooth radio: Don't enable it unless you need it, and control whether or not it's discoverable by unknown devices.
For the more dedicated and tech-savvy stalker, imitating a trusted connection point could be the weapon of choice against you and your smartphone. In the United States, cellular towers and frequencies are regulated by the Federal Communications Commission, and free wireless access points are available in more and more public spaces. However, a hacker subculture that predates mobile phones, known as phreakers, make a hobby out of building and using their own devices to imitate and manipulate such trusted connections.
While original phreakers adopted a set of rules that kept them out of trouble, today's phreakers are often out to do some damage. A mild-mannered phreaker who wants to stalk you can spoof a number, call your smartphone and taunt you after you pick up. More aggressive phreakers could steal your entire address book, upload malware or make long-distance calls from your smartphone.
Similar to bluejacking, your best defense against phreakers is to know your smartphone and limit your use of its radios and connections. If you don't recognize a number that's calling when you look at your caller ID, and you're not expecting a call, you could let the call go to voicemail instead of answering. If you're walking around busy public spaces and you're not using your phone's WiFi connection or GPS, turn off the WiFi radio and GPS features. Not only will radio limiting prevent unwanted connections, but it'll also keep your battery charged longer.
You can still enjoy your smartphone while avoiding stalkers and hackers. Just use these four tips as your defense: Know your smartphone, know its weaknesses, know how to keep it secure and keep your personal information personal. In the meantime, dial in to the next page for more great links about smartphone tracking and stalking.
Related HowStuffWorks Articles
More Great Links
- AccuTracking.com. "About Us." (Feb. 15, 2010)http://www.accutracking.com/aboutus.html
- AccuTracking.com. "Frequently Asked Questions." (Feb. 15, 2010)http://www.accutracking.com/faqs.html
- Apple, Inc. "iPhone 3G: Technical Specifications." (Feb. 15, 2010)http://www.apple.com/iphone/specs-3g.html
- Bacon, Brittany, and Michels, Scott. "Cell Phone Stalkers Harass Washington Family." ABC News. June 25, 2007. (Feb. 16, 2010)http://abcnews.go.com/TheLaw/story?id=3312813&page=1
- FCC Federal Communications Commission, Consumer & Governmental Affairs Bureau, Kids Zone. "Cell Phones FAQs." (Feb. 16, 2010)http://www.fcc.gov/cgb/kidszone/faqs_cellphones.html
- Kushner, David. "The Boy Who Heard Too Much." Rolling Stone. Aug. 21, 2009. (Feb. 16, 2010)http://www.rollingstone.com/news/story/29787673/the_boy_who_heard_too_much
- McCarthy, Caroline. "Geolocation wars heat up: Gowalla raises $8.4 million." CNET News. Dec. 9, 2009. (Feb. 15, 2010)http://news.cnet.com/8301-13577_3-10412262-36.html
- Messmer, Ellen. "Can cell phones be hacked? Security experts say yes, but it's not that easy." Network World, Inc. June 25, 2007. (Feb. 15, 2010)http://www.networkworld.com/news/2007/072507-cell-phone-hack.html
- Mills, Elinor. "SMS messages could be used to hijack a phone." CNET News. April 19, 2009. (Feb. 15, 2010)http://news.cnet.com/8301-1009_3-10222921-83.html
- Mologogo.com. "About." (Feb. 15, 2010)http://www.mologogo.com/about.jsp
- Newitz, Annalee. "They've Got Your Number…" Wired. December 2004. (Feb. 16, 2010)http://www.wired.com/wired/archive/12.12/phreakers.html
- Retina-X Studios.com. "Disclaimer." RetinaXStudios.com. (Feb. 15, 2010)http://www.retinaxstudios.com/
- Retina-X Studios.com. "Mobile Spy: Overview." RetinaXStudios.com. (Feb. 15, 2010)http://retinaxstudios.com/mobilespy/overview.php