Imagine someone were to tell you your Android smartphone could very likely be under the control of a cyber attacker who lives across the world from you. First would come the disbelief. No, you’d think, I’d know it if someone had some sort of control of my phone. Then maybe you’d Google a little. Find out that someone could have remote control of your phone or Android tablet without you ever knowing it. Next would come the unease, possibly the anger, and the part where you demand answers. How could that be possible? Why was it so easy? What is a cyber attacker doing remotely controlling your phone?
Now stop imagining and start actually considering it because if you’ve got an Android smartphone there is a very good chance it’s been used without your knowledge for some seriously malicious cyberattacks. Smartphone DDoS attacks are real. Skip the disbelief and go right to the demanding answers part, because here they are.
What are the odds my phone is actually involved in a smartphone DDoS attack?
In May of 2017 your buds at Google released Google Play Protect, a suite of security measures for Android devices that includes scanning for potentially harmful apps or PHAs. Scanning capabilities include automatic daily scanning and/or user-initiated or on-demand scanning, threat scans when the device is offline, automatic disabling or removal of PHAs, or sending newly installed apps to the cloud for scanning.
Valuable as these tools may be, they were perhaps a little late entering into the wild world of apps. In 2017 alone Google Play Protect removed 39 million potentially harmful applications from two billion devices. It’s possible you were not one of those two billion Android device users, but considering that in May of 2017 – the same month Google Play Protect was released – Google announced there were 2 billion active Android devices, your odds are not fantastic. Although, if you only ever downloaded apps directly from the Google Play Store, you are nine times less likely to have had a PHA on your device than those who downloaded apps from other sources.
What could these PHAs have done to my phone?
Well first of all there’s a good chance a PHA (at least one, anyway) created what’s called a backdoor into your device, which is what allows attackers to get in it without you noticing and do as they please in the form of executing unwanted and likely harmful operations on your device.
These operations could very well include distributed denial of service or DDoS attacks, one of the most common and devastating types of cyberattack. If you’re currently wondering what is DDoS then 1) you are fortunate to not already know and 2) it’s a cyberattack designed to take a target website or service offline by overwhelming the server or network with traffic generated by compromised devices. Essentially, an attacker could be using your Android device (as well as a huge number of other devices grouped together into a botnet) to barrage a DDoS target with illegitimate requests. In August of 2017 Google removed 300 seemingly benign apps that were actually used to infect over 70,000 devices so they could be used in the WireX DDoS botnet.
When the topic of DDoS attacks comes up, it’s most often about how to stop these popular and pervasive attacks from taking down a website. However, if a portion of the attention paid to these attacks revolved around how to keep devices from becoming enslaved in botnets, they wouldn’t be nearly the internet-wide issue they currently are.
PHAs could also be commercial spyware, which transmits sensitive data from your phone or collects your data without your consent, a downloader put in place to install other harmful apps on your phone, a phishing app that appears to be legitimate and requests information such as billing information or authentication credentials, a fraudulent mobile billing application that syphons your funds, or even ransomware that locks up some or all of your device or files and demands ransom in exchange for release.
What can I do to keep this from happening?
DDoS botnet builders and other cyber attackers are increasingly targeting devices like smartphones and IoT gadgets because the security on these devices doesn’t compare to the security on computers. For whatever reason, people just aren’t as vigilant.
In order to protect your phone, lean on those Google Play Protect services. Routinely scan your apps to ensure everything is operating the way it should be operating – with no surprises. Also be sure to only download apps from the Google Play Store. Any app coming from a legitimate website or business – Weight Watchers or Spotify, for example – will be readily available in the Google Play Store. Don’t assume that just because an app is in the Store means its verified safe, though. You still need to be cautious, which means reading reviews, taking advantage of the Google Play Protect cloud scan for new apps, and taking a good look at the permissions an app is requesting when you install it. If an app is requesting access to data or files it has no business with or wants control of your camera or calling capabilities when it’s not related to those things at all, you want to take a closer look at the app before you let it get a foothold on your phone. Follow these steps and the next time someone tells you your Android smartphone could very well be under the control of a cyber attacker who lives across the world from you, you’ll be entitled to politely but firmly answer that actually, it is not.
Image: © User:Colin / Wikimedia Commons