Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home
Like most parents, before you go to sleep each night, you take extra care to lock doors and windows to keep your family safe from any outside threats. The only thing you may have overlooked is the smartphone illuminated on your nightstand. And if you were to add up the smartphones humming all over your house, suddenly you’d have a number of unlocked doors that a determined criminal could enter through. Maybe not tonight — but eventually.
Over time you’ve purchased and plugged in devices throughout your home. You might have a voice assistant, a baby monitor, a thermostat, a treadmill, a gaming system, a fitness watch, smart TVs, a refrigerator, and many other fun, useful gadgets. Each purchase likely connects to your smartphone. Take stock: You now have a digital ecosystem growing all around you. And while you rarely stop to take notice of this invisible power grid around you, hackers can’t stop thinking about it.
This digital framework that pulsates within your home gives cybercriminals potential new entryways into your life and your data. Depending on your devices, by accessing your smartphone, outsiders may be able to unlock your literal doors while you are away (via your home security system), eavesdrop on your family conversations and collect important information (via your voice assistant), access financial information (via your gaming system, tablet, or laptop).
What you can do:
- Change factory security settings. Before you fire up that smart TV, drone, or sound system, be sure to change each product’s factory settings and replace it with a bulletproof password to put a layer of protection between you and would-be hackers.
- Protect your home network. We are connected people living in connected homes. So, part of the wired lifestyle is taking the lead on doing all we can to protect it. One way to do that is at the router level with built-in network security, which can help secure your connected devices.
- Stay on top of software updates. Cybercrooks rely on consumers to ignore software updates; it makes their job so much easier. So be sure to install updates to your devices, security software, and IoT products when alerted to do so.
Smartphone = Front Gate
The most common entry point to all of these connected things is your smartphone. While you’ve done a lot of things to protect your phone — a lock screen, secure passwords on accounts, and system updates — there are hacking tactics you likely know nothing about. According to McAfee’s recent Mobile Threat Report, you don’t know because the scope and complexity of mobile hacks are increasing at alarming rates.
The latest statistics report that the average person has between 60-90 apps installed on their phones. Multiply that between all the users in your home, and you are looking at anywhere from 200-500 apps living under your digital roof. Hackers gravitate toward digital trends. They go where the most people congregate because that’s where they can grab the most money. Many of us control everything in our homes from our apps, so app downloads are off the charts, which is why crooks have engineered some of their most sophisticated schemes specifically around app users.
Hidden apps are a way that crooks trick users into letting them inside their phones. Typically, hidden apps (such as TimpDoor) get to users via Google Play when they download games or customized tools. TimpDoor will then directly communicate with users via a text with a link to a voice message that gives detailed instructions to enable apps from unknown sources. That link downloads malware which will run in the background after the app closes. Users often forget they’ve downloaded this and go on with life while the malware runs in the background and can access other internal networks on the smartphone.
What you can do:
- Stay alert. Don’t fall for the traps or click links to other apps sent via text message.
- Stay legit. Only download apps hosted by the original trusted stores and verified partner sites.
- Avoid spam. Don’t click on any email links, pop-ups, or direct messages that include suspicious links, password prompts, or fake attachments. Delete and block spam emails and texts.
- Disable and delete. If you are not using an app, disable it. And, as a safety habit, remove apps from your phone, tablet, or laptop you no longer use.
Again, crooks go where the most people congregate, and this year it is the 60 million+ downloaded game Fortnite. The Fortnite craze has lead hackers to design fake Fortnite apps masquerading as the real thing. The fraudulent app designers go to great lengths to make the download look legitimate. They offer enticing downloads and promise users a ton of free perks and add ons. Once users download the fake app, crooks can collect money through ads, send text messages with more bad app links, crypto jack users, or install malware or spyware.
What you can do:
- Don’t install apps from unknown sources. Not all gaming companies distribute via Google Play or the App Store. This makes it even harder for users to know that the app they are downloading is legit. Do all you can to verify the legitimacy of the site you are downloading from.
- Delete suspicious acting apps. If you download an app and it begins to request access to anything outside of its service, delete it immediately from your device.
- Update devices regularly. Keep new bugs and threats at bay by updating your devices automatically.
- Monitor bank statements. Check statements regularly to monitor the activity of the card linked to your Fortnite account. If you notice repeat or multiple transactions from your account or see charges that you don’t recognize, alert your bank immediately.
- Be a savvy app user. Verify an app’s legitimacy. Read other user reviews and be discerning before you download anything. This practice also applies to partner sites that sell game hacks, credits, patches, or virtual assets players use to gain rank within a game. Beware of “free” downloads and avoid illegal file-sharing sites. Free downloads can be hotbeds for malware. Stick with the safer, paid options from a reputable source.
The post Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home appeared first on McAfee Blogs.