Are your Christmas presents spying on you?

Written by UK NACE on 4 January 2022 in Opinion
Opinion

With many around the country receiving technological gifts, experts from government anti-espionage unit UK NACE explain why smartphones are the ‘perfect eavesdropping devices’

Credit: Ronstik/Pixabay

We all want things in our life which save us time and make life just that bit easier. 

To satisfy that need, each year household and consumer technology becomes more and more advanced. Although the security in smart technology is improving, there’s still a real risk of your everyday devices being exploited.
 
If you received any kind of smart device as a Christmas gift or are considering one as a present for someone else, hold onto your credit card for a moment. And keep reading to uncover some enlightening facts about the latest tech available.
 
Our experts at UK NACE (the UK National Authority for Counter-Eavesdropping) know all too well that smart and wearable technology is susceptible to malware attacks. Here is the lowdown and their tips for improving the safety of your smart devices.
 
Keep up to date with the latest security
Devices such as smartphones and smart watches are constantly being updated with new security software so it’s vital to ensure yours is always running the latest version. However, keeping your security software up to date will not stop hackers from trying to get unauthorised access to your personal information.
 
The older your device, the greater the risk of attack. This is especially the case when it is no longer supported by the manufacturer, as it will not receive any new security updates. This could potentially leave your device wide open to attacks, and your personal data vulnerable.
"Smartphones are the perfect bugs; they are easily programmable and have constant power and, unlike many traditionally concealed eavesdropping devices, this means you could potentially be tracked and listened to continuously."
 
Attackers are not only focused on old devices though.
 
There’s a whole industry out there looking for brand new ways to target the most modern hardware. These kinds of attacks are called ‘zero-day’ exploits and they typically take advantage of unknown vulnerabilities in new software or hardware, well before anyone realises anything is wrong.
 
Beware fake updates
Attackers can also gain access to your technology through other methods, the most common being fake and harmful updates. Whether that is general software, security or specific app updates – their authenticity can be hard to distinguish from official sources. Originators of fake updates commonly send out a pop-up ad or alert which says that a device is infected with malware and offers to scan the system or asks the user to click on a link to update software. 
 
Often, for these to take effect, it requires a user to update permissions and allow apps to access location, camera and contacts list. This helps attackers, advertisers and app developers profile users’ behaviour. It can also lead to them giving away personal information.
 
Smartphones and smartwatches
Smartphones are the perfect eavesdropping device, or ‘bugs’.
 
They are easily programmable and have constant power. Unlike many traditionally concealed eavesdropping devices, this means you could potentially be tracked and listened to continuously.
 
Modern smartphones have features, such as cameras, microphones, GPS and more. These all provide a variety of options to an attacker looking to exploit users, whether that is to track them or gain access to personal information – such as home address, bank details, passwords or pictures.
 
Smartwatches and fitness trackers present a different challenge to a hacker. But it is still possible to exploit these as eavesdropping devices, especially when linked to a smartphone; this can result in more than your steps being tracked.
 
If knowing their GPS location wasn’t unsettling enough for users, an experienced attacker can also use the motion and orientation senses in a device to calculate ATM pin numbers and passwords.
 
Top tips to protect personal data
To help prevent a malware attack on a smart device, UK NACE strongly recommends regularly updating the security settings.  This is particularly important if a lot of personal information is stored on a smartphone.
 
So, the next time you see a genuine new update pop up, install it straight away. Don’t leave the door open for attackers to profit from others’ personal data.
 
This also goes for when new devices. Before beginning to use it in earnest, check whether it’s running the latest version of software and continue to do this regularly.
 
You can further improve a device’s security by:
 
resetting passwords every couple of months and using different passwords for each account or site used – take a look at the National Cyber Security Centre guides on the use of password managers and two factor authentication
updating privacy settings – this is particularly important with social media accounts
using an anti-malware app – these help protect users from attackers planting viruses within technology
 
 
About the author

The UK National Authority for Counter-Eavesdropping provides technical security support for the UK government, armed forces, law enforcement and critical national infrastructure. Find out more here.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Russia: sanctions tightened on exports of monitoring and military tech
24 June 2022

New measures prohibit supply of any tech used for ‘internal repression’

Is the UK ready for the future of compute?
17 June 2022

The government’s upcoming review should consider ways to increase the country’s computing capacity, believes Laura Foster of techUK

Government to move 2,500 officials to ‘digitally enabled’ Manchester hub
17 June 2022

The city centre facility will include hundreds of civil service posts relocated from London

Great expectations: Government unveils new digital and data strategy
9 June 2022

A new three-year plan sets out ambitious objectives for departments’ use of tech, including a commitment to improve scores of the biggest citizen services. PublicTechnology gets the...